Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-33682

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00326EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-12763

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00514EPSS
Exploits0References1
NVD
NVD
added 2025/08/11 5:15 p.m.32 views

CVE-2025-8866

YugabyteDB Anywhere web server does not properly enforce authentication for the /metamaster/universe API endpoint. An unauthenticated attacker could exploit this flaw to obtain server networking configuration details, including private and public IP addresses and DNS records...

5.1CVSS0.00224EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/11 12:0 a.m.7 views

PT-2025-32557 · Yugabyte · Yugabytedb Anywhere

Name of the Vulnerable Software and Affected Versions: YugabyteDB Anywhere affected versions not specified Description: The YugabyteDB Anywhere web server does not properly enforce authentication for the /metamaster/universe API endpoint. An unauthenticated attacker could exploit this flaw to...

5.1CVSS7.1AI score0.00224EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/23 7:5 a.m.7 views

CVE-2024-11193

An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized users with access...

6.5CVSS6.5AI score0.00326EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:40 a.m.7 views

CVE-2023-0745

The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects YugabyteDB Anywhere: from...

9.8CVSS7.3AI score0.00514EPSS
Exploits0References1
NVD
NVD
added 2024/11/13 9:15 p.m.9 views

CVE-2024-11193

An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized users with access...

6.5CVSS0.00326EPSS
Exploits0References1
CVE
CVE
added 2024/11/13 9:4 p.m.44 views

CVE-2024-11193

The CVE-2024-11193 issue concerns Yugabyte Anywhere where the LDAP bind password is logged in plaintext in application logs, exposing sensitive credentials to anyone with log access. Affected Yugabyte Anywhere versions are 2.20.0.0–2.20.6.0, 2.23.0.0, and 2024.1.0.0–2024.1.2.0. Root cause: creden...

6.5CVSS6.2AI score0.00326EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/13 9:4 p.m.16 views

CVE-2024-11193

An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized users with access...

4.9CVSS0.00326EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/13 9:4 p.m.8 views

CVE-2024-11193

An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized users with access...

4.9CVSS6.5AI score0.00326EPSS
Exploits0References1
OSV
OSV
added 2024/11/13 9:4 p.m.8 views

CVE-2024-11193

An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized users with access...

4.9CVSS6.5AI score0.00326EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.6 views

PT-2024-16810 · Yugabyte · Yugabytedb Anywhere

Name of the Vulnerable Software and Affected Versions: YugabyteDB Anywhere versions 2.20.0.0 through 2.20.6.0 YugabyteDB Anywhere versions 2.23.0.0 through 2.23.0.0 YugabyteDB Anywhere versions 2024.1.0.0 through 2024.1.2.0 Description: An information disclosure issue exists in Yugabyte Anywhere,...

6.5CVSS7.1AI score0.00326EPSS
Exploits0References9
NVD
NVD
added 2023/02/09 5:15 p.m.20 views

CVE-2023-0745

The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects YugabyteDB Anywhere: from...

9.8CVSS7.5AI score0.00514EPSS
Exploits0References1
Prion
Prion
added 2023/02/09 5:15 p.m.19 views

Path traversal

The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects YugabyteDB Anywhere: from...

7.5CVSS9.6AI score0.00514EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/09 4:8 p.m.8 views

CVE-2023-0745 Arbitrary File Write in High Availability Backup Upload

The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects YugabyteDB Anywhere: from...

6.7CVSS7.4AI score0.00514EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/02/09 4:8 p.m.24 views

CVE-2023-0745 Arbitrary File Write in High Availability Backup Upload

The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects YugabyteDB Anywhere: from...

6.7CVSS9.8AI score0.00514EPSS
Exploits0References1
CVE
CVE
added 2023/02/09 4:8 p.m.45 views

CVE-2023-0745

CVE-2023-0745 affects YugabyteDB Anywhere (versions 2.0.0.0–2.13.0.0). The issue is in the backup upload endpoint via path traversal in the PlatformReplicationManager.Java program, allowing arbitrary file writes and impacting confidentiality, integrity, and availability. The connected sources con...

9.8CVSS8.3AI score0.00514EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder