16 matches found
CVE-2021-44521
CVE-2021-44521 affects Apache Cassandra when enable_user_defined_functions: true, enable_scripted_user_defined_functions: true, and enable_user_defined_functions_threads: false. The documented unsafe configuration can allow an attacker with cluster-level permissions to create user-defined functio...
CVE-2019-2684
CVE-2019-2684 concerns Oracle Java SE and Java SE Embedded, specifically the RMI component. The connected Chainguard entry shows affected packages for OpenJDK builds (openjdk-21/openj9, openjdk-8/openj9, openjdk-11/openj9, openjdk-17/openj9). The initial description identifies affected Oracle Jav...
CVE-2016-3427
CVE-2016-3427 is an unspecified vulnerability in Oracle Java SE (affecting 6u113, 7u99, 8u77) and JRockit, tied to the Java Management Extensions (JMX) component. Exploitation can affect confidentiality, integrity, and availability via JMX-related vectors; the issue is described as an unspecified...
CVE-2023-30601
CVE-2023-30601 : Privilege escalation in Apache Cassandra when enabling FQL/Audit logs. A local attacker with nodetool/JMX access can execute arbitrary commands as the Cassandra process user due to a flaw in the FQL/Audit logs implementation. Affected versions: Cassandra 4.0.0–4.0.9 and 4.1.0–4.1...
CVE-2020-13946
CVE-2020-13946 relates to an Apache Cassandra RMI registry manipulation vulnerability enabling a local attacker to perform a man-in-the-middle attack to capture JMX credentials and gain unauthorized access. The connected CIRCL entry confirms affected ranges: Cassandra 4.0.2 through 5.0.2 (Java 11...
CVE-2025-23015
CVE-2025-23015 is an Apache Cassandra privilege escalation issue: a user with MODIFY permission ON ALL KEYSPACES can escalate to superuser by exploiting unsafe actions on a system resource. Affected versions include Cassandra 3.0.30, 3.11.17, 4.0.15, 4.1.7, and 5.0.2. Remediation is to upgrade to...
CVE-2025-24860
CVE-2025-24860 is an Incorrect Authorization vulnerability in Apache Cassandra. The issue affects CassandraNetworkAuthorizer and CassandraCIDRAuthorizer on specific Cassandra releases: 4.0.0–4.0.15 and 4.1.0–4.1.7 for CassandraNetworkAuthorizer, and 5.0.0–5.0.2 for both authorizers. The root caus...
CVE-2020-17516
CVE-2020-17516 affects Apache Cassandra versions 2.1.0–2.1.22, 2.2.0–2.2.19, 3.0.0–3.0.23, and 3.11.0–3.11.9 when using internode_encryption (dc/rack). A misconfigured node or a malicious user could use an unencrypted internode connection to bypass mutual TLS, potentially exposing or altering int...
CVE-2016-4970
Netty CVE-2016-4970 affects OpenSslEngine in Netty 4.0.x prior to 4.0.37.Final and 4.1.x prior to 4.1.1.Final. The issue arises from improper handling of renegotiation, enabling remote attackers to cause a denial of service via an infinite loop. Remediation is to upgrade to Netty 4.0.37.Final or ...
CVE-2024-27137
CVE-2024-27137 technical details are not publicly available in the provided connected documents. Monitor for updates from vendor advisories to confirm affected versions, impact, and fixes.
CVE-2018-8016
CVE-2018-8016 affects Apache Cassandra 3.8–3.11.1, where the default configuration binds an unauthenticated JMX/RMI interface to all network interfaces, allowing a remote attacker to execute arbitrary Java code via an RMI request. This is a regression of CVE-2015-0225, introduced in CASSANDRA-121...
CVE-2015-0225
CVE-2015-0225 affects Apache Cassandra 1.2.0–1.2.19, 2.0.0–2.0.13, and 2.1.0–2.1.3, where an unauthenticated JMX/RMI interface bound to all network interfaces allows remote attackers to execute arbitrary Java code via RMI. The connected advisories indicate this is a regression path tracked in lat...
CVE-2025-26467
CVE-2025-26467 affects Apache Cassandra. A user with MODIFY permission ON ALL KEYSPACES can escalate to superuser via unsafe actions in a targeted cluster. Affected: 3.0.30, 3.11.17, 4.0.16, 4.1.7, 5.0.2. 4.0.16 remains affected because CVE-2025-23015 fix was incorrectly applied; upgrade to 4.0.1...
CVE-2026-27315
CVE-2026-27315 affects Apache Cassandra 4.0 and its cqlsh history mechanism. The issue allows a local attacker to access sensitive data by reading the ~/.cassandra/cqlsh_history file, where command history can contain passwords and other secrets in cleartext if entered during cqlsh sessions. The ...
CVE-2026-32588
The CVE affects Apache Cassandra (versions 4.0, 4.1, 5.0). A vulnerability in the Cassandra Query Language (CQL) path allows an authenticated user to repeatedly change passwords (ALTER ROLE) and trigger expensive authentication-table reads/writes, causing increased query latency and potential Den...
CVE-2026-27314
CVE-2026-27314 affects Apache Cassandra 5.0 in an mTLS environment using MutualTlsAuthenticator. A user with only CREATE permission can bind their certificate identity to an arbitrary role, including a superuser role, and authenticate as that role via ADD IDENTITY . The root cause is an authoriza...