Page 3 of 14 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-25598 – Apache DolphinScheduler user registration is vulnerable to ReDoS attacks

https://notcve.org/view.php?id=CVE-2022-25598

Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher. El registro de usuarios de Apache DolphinScheduler es vulnerable a ataques de Denegación de Servicio de Expresión Regular (ReDoS), los usuarios de Apache DolphinScheduler deben actualizar a versión 2.0.5 o superior • https://lists.apache.org/thread/hwnw7xr969sg5nv84wz75nfr2c76fl93 • CWE-1333: Inefficient Regular Expression Complexity •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-27644 – DolphinScheduler mysql jdbc connector parameters deserialize remote code execution

https://notcve.org/view.php?id=CVE-2021-27644

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password) En Apache DolphinScheduler versiones anteriores a 1.3.6, los usuarios autorizados pueden usar una inyección SQL en el centro de origen de datos. (Sólo aplicable a la fuente de datos MySQL con la contraseña de la cuenta de inicio de sesión interna) • http://www.openwall.com/lists/oss-security/2021/11/01/3 https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6%40%3Cdev.dolphinscheduler.apache.org%3E • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-13922 – Apache DolphinScheduler (incubating) Permission vulnerability

https://notcve.org/view.php?id=CVE-2020-13922

Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface. Las versiones de Apache DolphinScheduler anteriores a 1.3.2, permitían a un usuario normal bajo cualquier inquilino anular la contraseña de otro usuario por medio de la interfaz de la API • https://www.mail-archive.com/announce%40apache.org/msg06076.html • CWE-264: Permissions, Privileges, and Access Controls CWE-276: Incorrect Default Permissions •

CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0

CVE-2020-11974

https://notcve.org/view.php?id=CVE-2020-11974

In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database. En DolphinScheduler versiones 1.2.0 y 1.2.1, con mysql connectorj se presenta una vulnerabilidad de ejecución de código remota al elegir mysql como base de datos • http://www.openwall.com/lists/oss-security/2024/04/09/8 https://lists.apache.org/thread.html/r0de5e3d5516467c9429a8d4356eca17ccf156337345ac6b104748acb%40%3Ccommits.dolphinscheduler.apache.org%3E https://lists.apache.org/thread.html/r33452d7b99a293bcf8f3e4bd664943847e2602e03a9e45d09d3f508a%40%3Ccommits.dolphinscheduler.apache.org%3E https://lists.apache.org/thread.html/r9fbe24539a873032b3e41243d44a730d6a2aae26335ac1e3271ea47d%40%3Ccommits.dolphinscheduler.apache.org%3E https://lists.apache.org/thread.html/ra81adacbfdd6f166f9cf155340674ffd4179386b8b75068639547c11%40%3Ccommits.dolphinscheduler •