69 matches found
CVE-2024-12746
Summary: CVE-2024-12746 concerns the Amazon Redshift ODBC Driver (v2.1.5.0) for Windows/Linux, where a SQL injection via the SQLTables or SQLColumns Metadata APIs can let a user escalate privileges. The issue is confirmed in multiple sources attached to the CVE, with recommended mitigation: upgra...
CVE-2024-12746 SQL Injection in the Amazon Redshift ODBC Driver affecting v2.1.5.0
A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 Windows or Linux allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.6.0 or revert to driver version 2.1.4.0...
CVE-2024-12745 SQL Injection in the Amazon Redshift Python Connector affecting v2.1.4
A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the getschemas, gettables, or getcolumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver version 2.1.3...
CVE-2024-12745
Summary: CVE-2024-12745 affects the Amazon Redshift Python Connector (version 2.1.4). The vulnerability is a SQL injection occurring through the metadata APIs get_schemas, get_tables, and get_columns, potentially enabling elevated privileges. Impact and remediation: Upgrade to driver version 2.1....
CVE-2024-12745 SQL Injection in the Amazon Redshift Python Connector affecting v2.1.4
A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the getschemas, gettables, or getcolumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver version 2.1.3...
CVE-2024-12744 SQL Injection in the Amazon Redshift JDBC Driver affecting v2.1.0.31
A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30...
CVE-2024-12744 SQL Injection in the Amazon Redshift JDBC Driver affecting v2.1.0.31
A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30...
CVE-2024-12744
CVE-2024-12744 affects the Amazon Redshift JDBC Driver v2.1.0.31, where a SQL injection via the getSchemas, getTables, or getColumns metadata APIs can grant escalated privileges. The issue is fixed in driver v2.1.0.32; guidance is to upgrade to 2.1.0.32 or revert to 2.1.0.30. Exploitation details...
SQL Injection
com.amazon.redshift, redshift-jdbc42 is vulnerable to SQL Injection. The vulnerability is due to the use of a non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL statement which negates a parameter value. The vulnerability allows a...
SUSE CVE-2024-32888
The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces APIs available in the Java Platform, Enterprise Editions. Prior to version 2.1.0.28, SQL injection is possible when using the non-default...
CVE-2024-32888
The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces APIs available in the Java Platform, Enterprise Editions. Prior to version 2.1.0.28, SQL injection is possible when using the non-default...
PT-2022-26085 · Amazon · Amazon Redshift Jdbc Driver
Name of the Vulnerable Software and Affected Versions: Amazon AWS Redshift JDBC Driver versions prior to 2.1.0.8 Description: The Object Factory in the Amazon AWS Redshift JDBC Driver does not check the class type when instantiating an object from a class name. This issue can lead to a potential...
Three zero-days addressed in Microsoft’s May 2022 Patch Tuesday
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Microsoft addressed 74 vulnerabilities in their May 2022 Patch Tuesday Security Update. Three of them are zero-days, and one is being exploited in the wild. The LSA Spoofing vulnerability CVE-2022-26925 is actively exploited i...
Microsoft Releases Fix for New Zero-Day with May 2022 Patch Tuesday Updates
Microsoft on Tuesday rolled out fixes for as many as 74 security vulnerabilities, including one for a zero-day bug that's being actively exploited in the wild. Of the 74 issues, seven are rated Critical, 66 are rated Important, and one is rated low in severity. Two of the flaws are listed as...
Patch Tuesday - May 2022
This month is par for the course in terms of both number and severity of vulnerabilities being patched by Microsoft. That means there’s plenty of work to be done by system and network administrators, as usual. There is one 0-day this month: CVE-2022-26925, a Spoofing vulnerability in the Windows...
CVE-2022-29972
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver 1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52 may allow a local user to execute arbitrary code...
CVE-2022-29972
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver 1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52 may allow a local user to execute arbitrary code...
Design/Logic Flaw
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver 1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52 may allow a local user to execute arbitrary code...
CVE-2022-30240
Technical details about CVE-2022-30240 are not publicly available in the provided documents. No affected versions, root-cause specifics, exploit info, or remediation are given here. Monitor for updates from the referenced advisories.
CVE-2022-30240
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift JDBC Driver 1.2.40 through 1.2.55 may allow a local user to execute code. NOTE: this is different from CVE-2022-29972...