com.linkedin.transport:transportable-udfs-test-trino (>=0.1.19 <=0.1.22), com.linkedin.transport:transportable-udfs-trino-plugin (>=0.1.19 <=0.1.22) +8 more potentially affected by CVE-2026-34214 via io.trino:trino-main (>=439 <=479)

io.trino:trino-main MAVEN version =439, =0.1.19, =0.1.19, =464, =439, =472, =439, =439, =439, =439, =464, =472 Source cves: CVE-2026-34214 Source advisory: SNYK:JAVA-IOTRINO-15857194...

com.linkedin.transport:transportable-udfs-test-trino (>=0.1.19 <=0.1.22), com.linkedin.transport:transportable-udfs-trino-plugin (>=0.1.19 <=0.1.22) +74 more potentially affected by CVE-2026-34214 via io.trino:trino-plugin-toolkit (>=439 <=479)

io.trino:trino-plugin-toolkit MAVEN version =439, =0.1.19, =0.1.19, =1.0, =439, =471, =439, =439, =439, =439, =439, =439, =439, =439, =470, =475 and more Source cves: CVE-2026-34214 Source advisory: SNYK:JAVA-IOTRINO-15857195...

CVE-2026-23672

Windows Universal Disk Format File System Driver UDFS Elevation of Privilege Vulnerability...

CVE-2023-49620 Apache DolphinScheduler: Authenticated users could delete UDFs in resource center they were not authorized for

Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized which almost used in sql task, with unauthorized access vulnerability IDOR, but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires...

Design/Logic Flaw

An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL querie...

CVE-2023-28483

An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL querie...

SUSE CVE-2019-10099

Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk controlled by spark.maxRemoteBlockSizeFetchToMem; in SparkR, using parallelize; in Pyspark, using...

Apache Hive Authorization Issues Vulnerability

Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. An...

Authorization Bypass

Apache Hive is vulnerable to authorization bypass. The vulnerability exists in the CREATE/DROP operations due to improper restrictions of users privileges which allows an attacker to create and drop UDFs...

Apache Hive before 3.1.3 `CREATE` and `DROP` function operations do not check for necessary authorization.

Apache Hive before 3.1.3 CREATE and DROP function operations do not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged users...

Authorization

Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged...

Remote Code Execution (RCE)

cassandra-all is vulnerable to remote code execution. When enableuserdefinedfunctions, enablescripteduserdefinedfunctions, and enablescripteduserdefinedfunctions are set, an attacker can inject and execute malicious code on the host through the scripted UDFs...

Debian DLA-2129-1 : firebird2.5 security update

An issues has been found in firebird2.5, an RDBMS based on InterBase 6.0. As UDFs can be used for a remote authenticated code execution as user firebird, UDFs have been disabled in the default configuration which will be used for new installations there is no change for existing configurations,...

Debian: Security Advisory (DLA-2129-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2129-1] firebird2.5 security update

Package : firebird2.5 Version : 2.5.3.26778.ds4-5+deb8u2 CVE ID : CVE-2017-11509 An issues has been found in firebird2.5, an RDBMS based on InterBase 6.0. As UDFs can be used for a remote authenticated code execution as user firebird, UDFs have been disabled in the default configuration which wil...

GHSA-FP5J-3FPF-MHJ5 Sensitive data written to disk unencrypted in Spark

Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk controlled by spark.maxRemoteBlockSizeFetchToMem; in SparkR, using parallelize; in Pyspark, using...

Code injection

Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk controlled by spark.maxRemoteBlockSizeFetchToMem; in SparkR, using parallelize; in Pyspark, using...

PYSEC-2019-114

Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk controlled by spark.maxRemoteBlockSizeFetchToMem; in SparkR, using parallelize; in Pyspark, using...

PYSEC-2019-114

Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk controlled by spark.maxRemoteBlockSizeFetchToMem; in SparkR, using parallelize; in Pyspark, using...

CVE-2019-10099

Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk controlled by spark.maxRemoteBlockSizeFetchToMem; in SparkR, using parallelize; in Pyspark, using...