VYPR
Vendor

Dremio

Products
2
CVEs
2
Across products
3
Status
Private

Products

2

Recent CVEs

2
  • CVE-2024-23768HigJan 22, 2024
    risk 0.57cvss 8.8epss 0.01

    Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders (and the files and datasets in these folders) can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one…

  • CVE-2025-2298HigApr 21, 2025
    risk 0.55cvss epss 0.00

    An improper authorization vulnerability in Dremio Software allows authenticated users to delete arbitrary files that the system has access to, including system files and files stored in remote locations such as S3, Azure Blob Storage, and local filesystems. This vulnerability…