Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jdbc vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2023-38156
Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability
Microsoft Azure Hdinsights -
NA
CVE-2009-0609
Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 up to and including 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows remote malicious users to ca...
Sun Java System Directory Server 6.1
Sun Java System Directory Server 6.2
Sun Java System Directory Server 6.3
Sun Java System Directory Server 6.0
9.8
CVSSv3
CVE-2022-39312
Dataease is an open source data visualization analysis tool. Dataease before 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In `ba...
Dataease Dataease
1 Github repository
6.5
CVSSv3
CVE-2021-36774
Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an malicious user to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server ...
Apache Kylin
7.7
CVSSv3
CVE-2022-24862
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Server-Side Request Forgery vulnerability. During the download verification process of a JDBC driver the corresponding JDBC driver download address will be downloaded first, bu...
Databasir Project Databasir 1.0.1
2.7
CVSSv3
CVE-2023-5384
A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.
Redhat Data Grid
Redhat Jboss Data Grid -
Infinispan Infinispan -
8.8
CVSSv3
CVE-2021-26919
Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can ...
Apache Druid
6.5
CVSSv3
CVE-2022-44644
In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in th...
Apache Linkis
8.8
CVSSv3
CVE-2022-39944
In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefor...
Apache Linkis
NA
CVE-2005-1742
BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools."
Bea Weblogic Server 6.0
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 7.0.0.1
Oracle Weblogic Portal 8.0
Bea Weblogic Server 8.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »