Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:40 a.m.9 views

CVE-2023-39265

Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is usin...

6.5CVSS6.9AI score0.83716EPSS
Exploits2
OSV
OSV
added 2023/09/06 3:30 p.m.27 views

GHSA-FM4Q-J8G4-C9J4 Apache Superset Improper Input Validation vulnerability

Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is usin...

6.5CVSS5.6AI score0.83716EPSS
Exploits2References4
Prion
Prion
added 2023/09/06 2:15 p.m.29 views

Design/Logic Flaw

Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is usin...

6.4CVSS6.7AI score0.83716EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/06 1:0 p.m.19 views

CVE-2023-39265 Apache Superset: Possible Unauthorized Registration of SQLite Database Connections

Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is usin...

3.8CVSS6.9AI score0.83716EPSS
Exploits2References2
CVE
CVE
added 2023/09/06 1:0 p.m.75 views

CVE-2023-39265

CVE-2023-39265 : Multiple connected documents describe a vulnerability in Apache Superset where SQLite database connections can be registered incorrectly when using alternative driver names (e.g., sqlite+pysqlite) or via database imports. This may allow arbitrary file creation on Superset webserv...

6.5CVSS5.7AI score0.83716EPSS
In wildExploits2References2Affected Software1
NVD
NVD
added 2012/11/24 8:55 p.m.19 views

CVE-2012-4522

The rbgetpathcheck function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path...

5CVSS6.1AI score0.02204EPSS
Exploits1References8
Rows per page
Query Builder