Yugabyte Yugabytedb

6 CVEs affecting Yugabyte Yugabytedb. Latest disclosed: 2024-09-03. Critical: 0, High: 3.

Top CVEs affecting Yugabyte Yugabytedb
CVESeverityScorePublishedSummary
CVE-2022-37397High8.32022-08-12An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticat…
CVE-2024-41435High7.52024-09-03YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter.
CVE-2023-0575High7.22023-02-09External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linu…
CVE-2023-6002Medium6.52023-11-08YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an unprivileged attacker to for…
CVE-2023-4640Medium6.52023-08-30The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by not…
CVE-2023-6001Medium5.32023-11-08Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment.