Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache cassandra vulnerabilities and exploits
(subscribe to this query)
8.5
CVSSv2
CVE-2021-44521
When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an malicious user to execute arbitrary code on the host. The attacker w...
Apache Cassandra
11 Github repositories
7.5
CVSSv2
CVE-2018-8016
The default configuration in Apache Cassandra 3.8 up to and including 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote malicious users to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. T...
Apache Cassandra
7.5
CVSSv2
CVE-2015-0225
The default configuration in Apache Cassandra 1.2.0 up to and including 1.2.19, 2.0.0 up to and including 2.0.13, and 2.1.0 up to and including 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote malicious users to execute arbitrary Jav...
Apache Cassandra 1.2.12
Apache Cassandra 1.2.6
Apache Cassandra 1.2.2
Apache Cassandra 1.2.3
Apache Cassandra 2.1.2
Apache Cassandra 2.0.13
Apache Cassandra 1.2.5
Apache Cassandra 1.2.13
Apache Cassandra 2.0.2
Apache Cassandra 2.0.4
Apache Cassandra 2.1.1
Apache Cassandra 2.0.8
Apache Cassandra 1.2.9
Apache Cassandra 2.0.7
Apache Cassandra 2.0.1
Apache Cassandra 1.2.1
Apache Cassandra 2.0.11
Apache Cassandra 1.2.11
Apache Cassandra 2.0.3
Apache Cassandra 1.2.14
Apache Cassandra 1.2.15
Apache Cassandra 1.2.8
1 Github repository
6.4
CVSSv2
CVE-2021-40525
Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassa...
Apache James
4.3
CVSSv2
CVE-2020-17516
Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can...
Apache Cassandra
4.3
CVSSv2
CVE-2020-13946
In Apache Cassandra, all versions before 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user n...
Apache Cassandra 4.0.0
Apache Cassandra
Netapp Oncommand Insight -
4.3
CVSSv2
CVE-2019-2684
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network ...
Oracle Jdk 11.0.2
Oracle Jdk 12
Oracle Jre 11.0.2
Oracle Jre 12
Oracle Jdk 1.8.0
Oracle Jdk 1.7.0
Oracle Jre 1.8.0
Oracle Jre 1.7.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Satellite 5.8
Redhat Openshift Container Platform 3.11
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
2 Github repositories
NA
CVE-2023-33972
Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for t...
Scylladb Scylladb
NA
CVE-2023-30601
Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra This issue affects Apache Cassandra: from 4.0.0 up to and including 4.0.9, from 4.1.0 up to and including 4.1.1. WORKAROUND The vulnerabili...
Apache Cassandra
NA
CVE-2022-29240
Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real...
Scylladb Scylla
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started