Lucene search
K

70 matches found

Cvelist
Cvelist
added 2025/05/27 8:17 p.m.16 views

CVE-2025-5279 Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin

When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to intercept the token exchange process and retrieve an access...

7CVSS0.00239EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/05/27 8:17 p.m.15 views

CVE-2025-5279 Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin

When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to intercept the token exchange process and retrieve an access...

7CVSS6.8AI score0.00239EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/05/27 12:0 a.m.5 views

PT-2025-23027

Name of the Vulnerable Software and Affected Versions Amazon Redshift Python Connector versions prior to 2.1.7 Description The issue arises when the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, causing the driver to skip the SSL certificate...

7.5CVSS5.3AI score0.00239EPSS
Exploits0References19
CNNVD
CNNVD
added 2025/05/27 12:0 a.m.7 views

Amazon Redshift Python Connector 安全漏洞

Amazon Redshift Python Connector is an Amazon Redshift Connector for Python by Amazon.com, Inc. A security vulnerability exists in the Amazon Redshift Python Connector that stems from the BrowserAzureOAuth2CredentialsProvider plugin skipping SSL certificate validation, which could lead to...

7CVSS6.4AI score0.00239EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:48 p.m.9 views

CVE-2022-29972

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver 1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52 may allow a local user to execute arbitrary code...

7.8CVSS7.4AI score0.03686EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:34 a.m.10 views

CVE-2024-12745

A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the getschemas, gettables, or getcolumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver version 2.1.3...

8.6CVSS8.3AI score0.0052EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:24 a.m.7 views

CVE-2024-12744

A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30...

8.6CVSS7.9AI score0.00579EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:22 a.m.10 views

CVE-2024-12746

A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 Windows or Linux allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.6.0 or revert to driver version 2.1.4.0...

8.6CVSS8AI score0.00454EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/01/21 12:0 a.m.8 views

The vulnerability of the Amazon Redshift Python Connector driver lies in the lack of security measures for SQL query structures, allowing attackers to exploit their privileges.

The vulnerability of the Amazon Redshift Python Connector driver is related to the lack of security measures for SQL query structures. Exploiting this vulnerability can allow an attacker to enhance their privileges remotely...

9CVSS5.5AI score0.0052EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/01/21 12:0 a.m.7 views

The vulnerability of the Amazon Redshift JDBC driver lies in the lack of security measures for SQL query structures, allowing attackers to exploit this to increase their privileges.

The vulnerability of the Amazon Redshift JDBC driver is related to the lack of security measures for SQL query structures. Exploiting this vulnerability can allow attackers to enhance their privileges...

10CVSS5.6AI score0.00579EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/01/17 12:0 a.m.5 views

Amazon Redshift ODBC Driver Installed (Linux)

Binary data amazonredshiftodbcdrivernixinstalled.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/01/17 12:0 a.m.3 views

Amazon Redshift ODBC Driver Installed (Windows)

Binary data amazonredshiftodbcdriverwininstalled.nbin...

7.3AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/01/06 12:0 a.m.6 views

The vulnerabilities of the SQLTables() and SQLColumns() functions in the Amazon Redshift ODBC Cloud Database integration software interface allow attackers to exploit these functions to gain increased privileges.

The vulnerability of the SQLTables and SQLColumns functions in the Amazon Redshift ODBC cloud database integration software interface is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability can allow an attacker to enhance their privileges remotely...

9CVSS5.6AI score0.00454EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/01/02 7:14 a.m.17 views

SQL Injection

com.amazon.redshift:redshift-jdbc42 is vulnerable to SQL Injection. The vulnerability is due to insufficient input validation in the getSchemas, getTables, or getColumns Metadata APIs, allowing an attacker to gain escalated privileges...

8.6CVSS7.8AI score0.00579EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/12/26 8:28 p.m.9 views

GHSA-8GC2-VQ6M-RWJW Amazon Redshift Python Connector vulnerable to SQL Injection

Summary A SQL injection in the Amazon Redshift Python Connector in version 2.1.4 allows a user to gain escalated privileges via schema injection in the getschemas, gettables, or getcolumns Metadata APIs. Users should upgrade to the driver version 2.1.5 or revert to driver version 2.1.3. Impact A...

8.6CVSS7.8AI score0.0052EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/12/26 8:28 p.m.22 views

Amazon Redshift Python Connector vulnerable to SQL Injection

Summary A SQL injection in the Amazon Redshift Python Connector in version 2.1.4 allows a user to gain escalated privileges via schema injection in the getschemas, gettables, or getcolumns Metadata APIs. Users should upgrade to the driver version 2.1.5 or revert to driver version 2.1.3. Impact A...

8.6CVSS7.8AI score0.0052EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/12/26 8:27 p.m.17 views

Amazon Redshift JDBC Driver vulnerable to SQL Injection

Summary A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via schema injection in the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30. Impact A SQL...

8.6CVSS7.8AI score0.00579EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/12/24 5:15 p.m.45 views

CVE-2024-12745

A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the getschemas, gettables, or getcolumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver version 2.1.3...

8.6CVSS0.0052EPSS
Exploits0References3
NVD
NVD
added 2024/12/24 5:15 p.m.25 views

CVE-2024-12746

A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 Windows or Linux allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.6.0 or revert to driver version 2.1.4.0...

8.6CVSS0.00454EPSS
Exploits0References3
NVD
NVD
added 2024/12/24 5:15 p.m.25 views

CVE-2024-12744

A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30...

8.6CVSS0.00579EPSS
Exploits0References3
Rows per page
Query Builder