22 matches found
EUVD-2023-1221
Malicious code in bioql PyPI...
EUVD-2023-1601
Malicious code in bioql PyPI...
MAL-2024-9257 Malicious code in vtadmin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eec5bdd0c17984ea7aab17fa6a0873dfb5ce894fc90913294179b331d6ece15a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in vtadmin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eec5bdd0c17984ea7aab17fa6a0873dfb5ce894fc90913294179b331d6ece15a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Vitess VTAdmin users that can create shards can deny access to other functions
...
Denial Of Service (DoS)
github.com/vitessio/vitess is vulnerable to Denial of Service DoS attacks. Users are able to create a shard containing characters from VTAdmin, resulting in an error and no longer being able to view the keyspaces. This can be done either intentionally or inadvertently by using the / character...
CVE-2023-29195
Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing / characters from VTAdmin such that from that point on, anyone who tries to create a new shard fr...
AZL-26696 CVE-2023-29195 affecting package vitess for versions less than 16.0.2-1
Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing / characters from VTAdmin such that from that point on, anyone who tries to create a new shard fr...
Design/Logic Flaw
Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing / characters from VTAdmin such that from that point on, anyone who tries to create a new shard fr...
GHSA-PQJ7-JX24-WJ7W VTAdmin users that can create shards can deny access to other functions
Impact Users can either intentionally or inadvertently create a shard containing / characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspaces will also no longer work. Creating a shard using...
VTAdmin users that can create shards can deny access to other functions
Impact Users can either intentionally or inadvertently create a shard containing / characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspaces will also no longer work. Creating a shard using...
CVE-2023-29195 Vitess VTAdmin users that can create shards can deny access to other functions
Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing / characters from VTAdmin such that from that point on, anyone who tries to create a new shard fr...
CVE-2023-29195
Vitess VTAdmin shard creation bug: before 16.0.2, VTAdmin could produce a shard name containing a "/" that caused subsequent shard creation attempts to fail and keyspace views to break. The issue is fixed in version 16.0.2 (go module v0.16.2). Workarounds include: use vtctldclient to create shard...
CVE-2023-29195 Vitess VTAdmin users that can create shards can deny access to other functions
Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing / characters from VTAdmin such that from that point on, anyone who tries to create a new shard fr...
CVE-2023-29195 Vitess VTAdmin users that can create shards can deny access to other functions
Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing / characters from VTAdmin such that from that point on, anyone who tries to create a new shard fr...
PT-2023-22194 · Vitess +2 · Vitess +2
Name of the Vulnerable Software and Affected Versions: Vitess versions prior to 16.0.2 Description: The issue allows users to create a shard containing / characters from VTAdmin, which can cause errors when trying to create new shards or view keyspaces. Creating a shard using vtctldclient does no...
CVE-2023-29194
Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing / characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces...
Design/Logic Flaw
Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing / characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces...
CVE-2023-29194 vitess allows users to create keyspaces that can deny access to already existing keyspaces
Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing / characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces...
CVE-2023-29194 vitess allows users to create keyspaces that can deny access to already existing keyspaces
Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing / characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces...