Yugabyte Yugabytedb
6 CVEs affecting Yugabyte Yugabytedb. Latest disclosed: 2024-09-03. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-37397 | High | 8.3 | 2022-08-12 | An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticat… |
CVE-2024-41435 | High | 7.5 | 2024-09-03 | YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter. |
CVE-2023-0575 | High | 7.2 | 2023-02-09 | External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linu… |
CVE-2023-6002 | Medium | 6.5 | 2023-11-08 | YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an unprivileged attacker to for… |
CVE-2023-4640 | Medium | 6.5 | 2023-08-30 | The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by not… |
CVE-2023-6001 | Medium | 5.3 | 2023-11-08 | Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment. |