7 matches found
Arbitrary Code Injection
Overview dbgate-api is an Allows run DbGate data-manipulation scripts. Affected versions of this package are vulnerable to Arbitrary Code Injection in the loadReader function in runners.js. The functionName parameter can be injected with arbitrary JavaScript, which is executed with the privileges...
PT-2026-47062
šØ Multiple Critical Vulnerabilities Disclosed in DbGate Several severe vulnerabilities in DbGate can allow attackers to achieve remote code execution: ⢠CVE-2026-47668 - Unauthenticated RCE via JSON Script Runner dbgate-serve ⢠CVE-2026-47669 - Zip Slip arbitrary file write leading to RCE ā¢...
Command Injection
Overview dbgate-api is an Allows run DbGate data-manipulation scripts. Affected versions of this package are vulnerable to Command Injection via the functionName parameter in the /runners/load-reader endpoint. An attacker can execute arbitrary operating system commands as the process user root in...
Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform Private Cloud Base 7.1.9 SP1
Summary Common vulnerabilities fixed in Cloudera Data Platform Private Cloud Base 7.1.9 SP1 Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied input. An attacker coul...
Linux Distros Unpatched Vulnerability : CVE-2019-17565
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. Upgrade to...
DEBIAN-CVE-2020-1944
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Upgrade to versions 7.1.9 and 8.0.6 or later versions...
DEBIAN-CVE-2019-17559
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing. Upgrade to versions 7.1.9 and 8.0.6 or later versions...