Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jdbc vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2021-36774
Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an malicious user to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server ...
Apache Kylin
NA
CVE-2023-35701
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The...
NA
CVE-2024-31864
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: prior to 0.11.1. Users are r...
7.5
CVSSv2
CVE-2020-11974
In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database.
Apache Dolphinscheduler 1.2.1
Apache Dolphinscheduler 1.2.0
1 Github repository
6
CVSSv2
CVE-2021-27644
In Apache DolphinScheduler prior to 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)
Apache Dolphinscheduler
7.5
CVSSv2
CVE-2018-1282
This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation.
Apache Hive
NA
CVE-2023-29215
In Apache Linkis <=1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a deserialization vulnerability and eventually lead to remote code execution. Therefore, the paramete...
Apache Linkis
NA
CVE-2022-41828
In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) prior to 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.
Amazon Amazon Web Services Redshift Java Database Connectivity Driver
1 Github repository
NA
CVE-2024-32888
The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in the Java Platform, Enterprise Editions. Prior to version 2.1.0.28, SQL injection is possible when using the...
2.1
CVSSv2
CVE-2021-3425
A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shipped in Red Hat AMQ 7 are vulnerable.
Redhat Jboss A-mq 7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »