Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arrow vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2019-11404
arrow-kt Arrow prior to 0.9.0 resolved Gradle build artifacts (for compiling and building the published JARs) over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack.
Arrow-kt Arrow
7.5
CVSSv3
CVE-2019-12408
It exists that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared i...
Apache Arrow
7.5
CVSSv3
CVE-2019-12410
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it exists Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitializ...
Apache Arrow
5.5
CVSSv3
CVE-2019-19746
make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.
Fig2dev Project Fig2dev 3.2.7b
Fedoraproject Fedora 31
Fedoraproject Fedora 32
6.1
CVSSv3
CVE-2023-46077
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin <= 2.2.5 versions.
Arrowplugins The Awesome Feed
5.4
CVSSv3
CVE-2023-44264
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin <= 2.2.5 versions.
Arrowplugins The Awesome Feed
6.1
CVSSv3
CVE-2023-45003
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins Social Feed | Custom Feed for Social Media Networks plugin <= 2.2.0 versions.
Arrowplugins Social Feed
7.5
CVSSv3
CVE-2020-3273
A vulnerability in the 802.11 Generic Advertisement Service (GAS) frame processing function of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote malicious user to cause an affected device to reload, resulting in a denial of service (DoS). The vul...
Cisco 5508 Wireless Controller Firmware 8.5\\(151.0\\)
Cisco 5508 Wireless Controller Firmware 8.10\\(204.92\\)
Cisco 5520 Wireless Controller Firmware 8.5\\(151.0\\)
Cisco 5520 Wireless Controller Firmware 8.10\\(204.92\\)
NA
CVE-2010-2975
Cisco Unified Wireless Network (UWN) Solution 7.x up to and including 7.0.98.0 does not properly handle multiple SSH sessions, which allows physically proximate malicious users to read a password, related to an "arrow key failure," aka Bug ID CSCtg51544.
Cisco Unified Wireless Network Solution Software 7.0
Cisco Unified Wireless Network Solution Software 7.0.98.0
9.8
CVSSv3
CVE-2023-47248
Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources (for example user-supplied input files). This vuln...
Apache Pyarrow
3 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »