Lucene search
K

69 matches found

CVE
CVE
added 2024/12/24 4:16 p.m.616 views

CVE-2024-12746

Summary: CVE-2024-12746 concerns the Amazon Redshift ODBC Driver (v2.1.5.0) for Windows/Linux, where a SQL injection via the SQLTables or SQLColumns Metadata APIs can let a user escalate privileges. The issue is confirmed in multiple sources attached to the CVE, with recommended mitigation: upgra...

8.6CVSS8.4AI score0.00454EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/24 4:16 p.m.18 views

CVE-2024-12746 SQL Injection in the Amazon Redshift ODBC Driver affecting v2.1.5.0

A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 Windows or Linux allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.6.0 or revert to driver version 2.1.4.0...

8.6CVSS8AI score0.00454EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/24 4:15 p.m.20 views

CVE-2024-12745 SQL Injection in the Amazon Redshift Python Connector affecting v2.1.4

A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the getschemas, gettables, or getcolumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver version 2.1.3...

8.6CVSS0.0052EPSS
Exploits0References3
CVE
CVE
added 2024/12/24 4:15 p.m.319 views

CVE-2024-12745

Summary: CVE-2024-12745 affects the Amazon Redshift Python Connector (version 2.1.4). The vulnerability is a SQL injection occurring through the metadata APIs get_schemas, get_tables, and get_columns, potentially enabling elevated privileges. Impact and remediation: Upgrade to driver version 2.1....

8.6CVSS8.4AI score0.0052EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/24 4:15 p.m.12 views

CVE-2024-12745 SQL Injection in the Amazon Redshift Python Connector affecting v2.1.4

A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the getschemas, gettables, or getcolumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver version 2.1.3...

8.6CVSS8AI score0.0052EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/24 4:12 p.m.13 views

CVE-2024-12744 SQL Injection in the Amazon Redshift JDBC Driver affecting v2.1.0.31

A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30...

8.6CVSS8.3AI score0.00579EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/24 4:12 p.m.21 views

CVE-2024-12744 SQL Injection in the Amazon Redshift JDBC Driver affecting v2.1.0.31

A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30...

8.6CVSS0.00579EPSS
Exploits0References3
CVE
CVE
added 2024/12/24 4:12 p.m.91 views

CVE-2024-12744

CVE-2024-12744 affects the Amazon Redshift JDBC Driver v2.1.0.31, where a SQL injection via the getSchemas, getTables, or getColumns metadata APIs can grant escalated privileges. The issue is fixed in driver v2.1.0.32; guidance is to upgrade to 2.1.0.32 or revert to 2.1.0.30. Exploitation details...

8.6CVSS8.4AI score0.00579EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/05/16 6:20 a.m.14 views

SQL Injection

com.amazon.redshift, redshift-jdbc42 is vulnerable to SQL Injection. The vulnerability is due to the use of a non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL statement which negates a parameter value. The vulnerability allows a...

10CVSS7.9AI score0.00778EPSS
Exploits0References6Affected Software1
SUSE CVE
SUSE CVE
added 2024/05/16 2:20 a.m.3 views

SUSE CVE-2024-32888

The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces APIs available in the Java Platform, Enterprise Editions. Prior to version 2.1.0.28, SQL injection is possible when using the non-default...

10CVSS8.1AI score0.00778EPSS
Exploits0References3
NVD
NVD
added 2024/05/15 3:15 a.m.10 views

CVE-2024-32888

The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces APIs available in the Java Platform, Enterprise Editions. Prior to version 2.1.0.28, SQL injection is possible when using the non-default...

10CVSS9.8AI score0.00778EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/09/29 12:0 a.m.9 views

PT-2022-26085 · Amazon · Amazon Redshift Jdbc Driver

Name of the Vulnerable Software and Affected Versions: Amazon AWS Redshift JDBC Driver versions prior to 2.1.0.8 Description: The Object Factory in the Amazon AWS Redshift JDBC Driver does not check the class type when instantiating an object from a class name. This issue can lead to a potential...

8.8CVSS8.2AI score0.01469EPSS
Exploits1References12
hivepro
hivepro
added 2022/05/13 2:16 a.m.173 views

Three zero-days addressed in Microsoft’s May 2022 Patch Tuesday

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Microsoft addressed 74 vulnerabilities in their May 2022 Patch Tuesday Security Update. Three of them are zero-days, and one is being exploited in the wild. The LSA Spoofing vulnerability CVE-2022-26925 is actively exploited i...

7.2CVSS0.8AI score0.09823EPSS
Exploits0
The Hacker News
The Hacker News
added 2022/05/11 5:29 a.m.194 views

Microsoft Releases Fix for New Zero-Day with May 2022 Patch Tuesday Updates

Microsoft on Tuesday rolled out fixes for as many as 74 security vulnerabilities, including one for a zero-day bug that's being actively exploited in the wild. Of the 74 issues, seven are rated Critical, 66 are rated Important, and one is rated low in severity. Two of the flaws are listed as...

10CVSS1.2AI score0.91811EPSS
Exploits18
Rapid7 Blog
Rapid7 Blog
added 2022/05/10 7:59 p.m.156 views

Patch Tuesday - May 2022

This month is par for the course in terms of both number and severity of vulnerabilities being patched by Microsoft. That means there’s plenty of work to be done by system and network administrators, as usual. There is one 0-day this month: CVE-2022-26925, a Spoofing vulnerability in the Windows...

9.3CVSS0.6AI score0.83277EPSS
Exploits12
NVD
NVD
added 2022/05/09 6:15 p.m.27 views

CVE-2022-29972

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver 1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52 may allow a local user to execute arbitrary code...

7.8CVSS0.03686EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/05/09 6:15 p.m.1 views

CVE-2022-29972

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver 1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52 may allow a local user to execute arbitrary code...

7.8CVSS7.5AI score0.03686EPSS
Exploits0References3
Prion
Prion
added 2022/05/09 6:15 p.m.28 views

Design/Logic Flaw

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver 1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52 may allow a local user to execute arbitrary code...

7.2CVSS7.9AI score0.03686EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/05/09 5:15 p.m.101 views

CVE-2022-30240

Technical details about CVE-2022-30240 are not publicly available in the provided documents. No affected versions, root-cause specifics, exploit info, or remediation are given here. Monitor for updates from the referenced advisories.

7.8CVSS7.9AI score0.00454EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/05/09 5:15 p.m.41 views

CVE-2022-30240

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift JDBC Driver 1.2.40 through 1.2.55 may allow a local user to execute code. NOTE: this is different from CVE-2022-29972...

7.9AI score0.00454EPSS
Exploits0References2
Rows per page
Query Builder