Yugabyte

Yugabytedb

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.1

CVE-2025-8865

  • EPSS 0.02%
  • Veröffentlicht 11.08.2025 14:19:02
  • Zuletzt bearbeitet 11.08.2025 18:32:48

The YugabyteDB tablet server contains a flaw in its YCQL query handling that can trigger a null pointer dereference when processing certain malformed inputs. An authenticated attacker could exploit this issue to crash the YCQL tablet server, resultin...

7

CVE-2025-8863

  • EPSS 0.03%
  • Veröffentlicht 11.08.2025 13:15:39
  • Zuletzt bearbeitet 11.08.2025 18:32:48

YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission

7

CVE-2025-8862

  • EPSS 0.06%
  • Veröffentlicht 11.08.2025 12:40:35
  • Zuletzt bearbeitet 11.08.2025 18:32:48

YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. To mitigate this, we recommend upgrading the database to a version where this information is properly redacted.

7.5

CVE-2024-41435

Exploit
  • EPSS 0.19%
  • Veröffentlicht 03.09.2024 19:15:14
  • Zuletzt bearbeitet 03.07.2025 12:52:19

YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter.

6.1

CVE-2024-6895

  • EPSS 0.05%
  • Veröffentlicht 19.07.2024 15:15:10
  • Zuletzt bearbeitet 21.11.2024 09:50:29

Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to ...

5.4

CVE-2024-0006

  • EPSS 0.05%
  • Veröffentlicht 19.07.2024 15:15:09
  • Zuletzt bearbeitet 21.11.2024 08:45:41

Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to unauthorized database access.

6.1

CVE-2023-6002

  • EPSS 0.16%
  • Veröffentlicht 08.11.2023 00:15:08
  • Zuletzt bearbeitet 21.11.2024 08:42:57

YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an unprivileged attacker to forge log entries or inject malicious content into the logs.

7.5

CVE-2023-6001

  • EPSS 0.17%
  • Veröffentlicht 08.11.2023 00:15:07
  • Zuletzt bearbeitet 21.11.2024 08:42:57

Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment.

7.5

CVE-2023-4640

  • EPSS 0.07%
  • Veröffentlicht 30.08.2023 17:15:11
  • Zuletzt bearbeitet 21.11.2024 08:35:35

The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further ...

9.8

CVE-2023-0575

  • EPSS 0.08%
  • Veröffentlicht 09.02.2023 17:15:15
  • Zuletzt bearbeitet 21.11.2024 07:37:25

External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows AP...