Lucene search
+L

104 matches found

Cvelist
Cvelist
added 2024/09/12 12:56 p.m.35 views

CVE-2024-45846

An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine,...

8.8CVSS0.02148EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/09/12 12:56 p.m.14 views

CVE-2024-45846

An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine,...

8.8CVSS7.6AI score0.02148EPSS
Exploits1References1
CVE
CVE
added 2024/09/12 12:56 p.m.59 views

CVE-2024-45846

The CVE-2024-45846 entry describes an arbitrary code execution vulnerability in MindsDB versions 23.10.3.0 through 24.7.4.1 when the Weaviate integration is installed. A specially crafted SELECT WHERE clause containing Python code can be passed to an eval function and executed on the server, impa...

8.8CVSS7.8AI score0.02148EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/09/12 12:56 p.m.26 views

CVE-2024-45846

An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine,...

8.8CVSS8.8AI score0.02148EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/09/10 12:0 a.m.4 views

PT-2024-6371 · Mindsdb +1 · Mindsdb +1

Name of the Vulnerable Software and Affected Versions: MindsDB versions 23.10.3.0 through 24.7.4.1 Description: An arbitrary code execution issue exists when the Weaviate integration is installed on the server. If a specially crafted SELECT WHERE clause containing Python code is run against a...

9CVSS8.2AI score0.02148EPSS
Exploits1References17
Wolfi
Wolfi
added 2024/03/09 1:15 a.m.59 views

CVE-2024-28180 vulnerabilities

Vulnerabilities for packages: temporal, guac, rekor, wolfictl, bank-vaults, kubernetes-dashboard, nerdctl, vexctl, oauth2-proxy, caddy, flux-source-controller, cloudflared, gitsign, timestamp-authority, ko, falco, kots, falcoctl, kubescape, goreleaser, aactl, fulcio, skopeo, tekton-chains, step,...

4.3CVSS6AI score0.01956EPSS
Exploits0
OSV
OSV
added 2023/11/02 4:20 p.m.29 views

GO-2023-2017 Denial of service vulnerability in github.com/weaviate/weaviate

A type conversion issue in Weaviate may allow a remote attack that would cause a denial of service...

7.5CVSS7.3AI score0.017EPSS
Exploits1References7
Chainguard
Chainguard
added 2023/10/25 9:17 p.m.100 views

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: src, prometheus-blackbox-exporter, terraform-provider-sendgrid-fips, bank-vaults-fips, dgraph, slsa-verifier, kubevela, cortex, metrics-server-fips, up, volume-modifier-for-k8s-fips, timestamp-authority-fips, spark-operator, vault-csi-provider,...

5.3AI score
Exploits0
Wolfi
Wolfi
added 2023/10/25 9:17 p.m.181 views

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: dgraph, prometheus-blackbox-exporter, falco, k3d, up, slsa-verifier, buildkitd, scorecard, terraform-provider-sendgrid, kubescape, cortex, kubevela, aactl, spark-operator, kubeflow, src...

5.3AI score
Exploits0
Wolfi
Wolfi
added 2023/10/10 9:28 p.m.46 views

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: gke-gcloud-auth-plugin, cue, rqlite, coredns, dynamic-localpv-provisioner, aactl, nginx-stable, dgraph, flux-helm-controller, secrets-store-csi-driver, terraform, kubevela, buildkitd, pulumi-language-yaml, prometheus-blackbox-exporter, frp, gitness, gomplate, weaviat...

5.3AI score
Exploits0
OSV
OSV
added 2023/08/22 6:3 p.m.27 views

GHSA-8697-479H-5MFP Weaviate denial of service vulnerability

Impact This vulnerability is a type conversion issue that affects users of Weaviate Server versions 1.20.0 and earlier. Who is impacted: Users of Weaviate Server versions 1.20.0 and earlier are impacted by this vulnerability. Patches A patch has been developed for this vulnerability. Patch releas...

7.5CVSS7.4AI score0.017EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2023/08/22 6:3 p.m.26 views

Weaviate denial of service vulnerability

Impact This vulnerability is a type conversion issue that affects users of Weaviate Server versions 1.20.0 and earlier. Who is impacted: Users of Weaviate Server versions 1.20.0 and earlier are impacted by this vulnerability. Patches A patch has been developed for this vulnerability. Patch releas...

7.5CVSS6.7AI score0.017EPSS
Exploits1References9Affected Software1
Veracode
Veracode
added 2023/08/22 1:52 a.m.13 views

Denial Of Service (DoS)

github.com/weaviate/weaviate is vulnerable to Denial Of Service DoS. The vulnerability exists because the handleUnbatchedGraphQLRequest function of handlersgraphql.go does not properly check the query type for the metrics request, allowing an attacker to crash the application...

7.5CVSS6.8AI score0.017EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/08/21 6:31 p.m.12 views

GHSA-CH6W-MC6C-G65G Duplicate Advisory: weaviate denial of service vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8697-479h-5mfp. This link is maintained to preserve external references. Original Description An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the...

7.5CVSS7.3AI score0.017EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2023/08/21 6:31 p.m.19 views

Duplicate Advisory: weaviate denial of service vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8697-479h-5mfp. This link is maintained to preserve external references. Original Description An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the...

7.5CVSS6.2AI score0.017EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2023/08/21 5:15 p.m.17 views

CVE-2023-38976

An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function...

7.5CVSS7.3AI score0.017EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/08/21 5:15 p.m.4 views

CVE-2023-38976

An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function...

7.5CVSS7.2AI score0.017EPSS
Exploits1References3
Prion
Prion
added 2023/08/21 5:15 p.m.16 views

Denial of service

An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function...

5CVSS7.3AI score0.017EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/08/21 12:0 a.m.6 views

Weaviate 安全漏洞

Weaviate is an open source vector database from Weaviate Open Source. A security vulnerability exists in Weaviate version v.1.20.0, which stems from a vulnerability that allows attackers to cause a denial of service DoS via the handleUnbatchedGraphQLRequest function...

7.5CVSS7.2AI score0.017EPSS
Exploits1References3
CVE
CVE
added 2023/08/21 12:0 a.m.118 views

CVE-2023-38976

CVE-2023-38976 affects Weaviate Server v1.20.0 (and earlier) and is caused by a flaw in handleUnbatchedGraphQLRequest that allows remote denial-of-service. The Red Hat/OSV/GHSA entries corroborate a DoS resulting from a type/query handling issue in GraphQL metrics handling, with the vulnerability...

7.5CVSS7.2AI score0.017EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder