Skip to main content

Yugabytedb

6 CVEs product

Monthly

CVE-2024-41435 HIGH POC This Week

YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Yugabytedb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-6002 MEDIUM This Month

YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Yugabytedb
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-6001 HIGH This Week

Prometheus metrics are available without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Yugabytedb
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-4640 HIGH This Week

The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Yugabytedb
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-0575 CRITICAL Act Now

External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple Microsoft Yugabytedb
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-37397 CRITICAL Act Now

An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Yugabytedb
NVD
CVSS 3.1
9.8
EPSS
0.8%
EPSS 1% CVSS 7.5
HIGH POC This Week

YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Yugabytedb
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Yugabytedb
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Prometheus metrics are available without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Yugabytedb
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Yugabytedb
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Yugabytedb
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy