14 matches found
EUVD-2024-47884
Malicious code in bioql PyPI...
EUVD-2024-47897
Malicious code in bioql PyPI...
EUVD-2024-15809
Malicious code in bioql PyPI...
CVE-2024-6895
Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as passwor...
CVE-2024-6908
Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data...
CVE-2024-0006
Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to unauthorized database access...
CVE-2024-0006
Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to unauthorized database access...
CVE-2024-6908 Admin Can Escalate Privileges to SuperAdmin Using Manual PUT Request
Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data...
CVE-2024-6895
CVE-2024-6895 affects Yugabyte Platform: Insufficient authentication in user account management could allow a local-network attacker with a compromised session to change critical security settings (e.g., password, email) without re-authenticating, enabling account takeover. Exploitation details a...
CVE-2024-0006 DB User Password Leak in Application Log
Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to unauthorized database access...
CVE-2024-0006
CVE-2024-0006 affects Yugabyte Platform’s logging system, where sensitive database credentials can be exposed in log files. The issue enables local attackers with access to application logs to obtain DB user credentials, potentially granting unauthorized database access. The available documents d...
CVE-2024-0006 DB User Password Leak in Application Log
Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to unauthorized database access...
PT-2024-37936 · Yugabyte · Yugabyte Platform
Name of the Vulnerable Software and Affected Versions: Yugabyte Platform affected versions not specified Description: The issue concerns insufficient authentication in user account management, allowing local network attackers with a compromised user session to modify critical security settings...
PT-2024-37949 · Yugabyte · Yugabyte Platform
Name of the Vulnerable Software and Affected Versions: Yugabyte Platform affected versions not specified Description: The issue concerns improper privilege management, allowing authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request. This could lead to...