69 matches found
MiracleLinux 7 : cyrus-sasl-2.1.26-24.el7 (AXSA:2022-3085:02)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3085:02 advisory. cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands CVE-2022-24407 Tenable has extracted the preceding...
Siemens SIMATIC S7-1500 Improper Neutralization of Special Elements used in an SQL Command (CVE-2022-24407)
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
TencentOS Server 3: cyrus-sasl (TSSA-2022:0013)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0013 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Alibaba Cloud Linux 3 : 0013: cyrus-sasl (ALINUX3-SA-2022:0013)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0013 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-19906: cyrus-sasl aka Cyrus SASL...
CentOS 9 : cyrus-sasl-2.1.27-20.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the cyrus- sasl-2.1.27-20.el9 build changelog. - In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement...
Rocky Linux 8 : cyrus-sasl (RLSA-2022:0658)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:0658 advisory. - In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. CVE-2022-24407 Note that...
NewStart CGSL CORE 5.05 / MAIN 5.05 : cyrus-sasl Vulnerability (NS-SA-2023-0012)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has cyrus-sasl packages installed that are affected by a vulnerability: - In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. CVE-2022-24407 Note...
Mageia: Security Advisory (MGASA-2023-0095)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2023-0095 Updated mysql-connector-c++ packages fix security vulnerability
The program plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. CVE-2022-24407...
SUSE CVE-2022-24407
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement...
Huawei EulerOS: Security Advisory for cyrus-sasl (EulerOS-SA-2023-1250)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 3.0.2.2 : cyrus-sasl (EulerOS-SA-2023-1250)
According to the versions of the cyrus-sasl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE...
Security Bulletin: A Cyrus SASL vulnerability affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2022-24407)
Summary A Cyrus SASL vulnerability affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data CVE-2022-24407. Please see below for details on how to remediate this issue. Vulnerability Details CVEID:CVE-2022-24407 DESCRIPTION: Cyrus SASL is vulnerable to SQL injection. A remote...
Amazon Linux 2022 : cyrus-sasl (ALAS2022-2022-234)
The version of cyrus-sasl installed on the remote host is prior to 2.1.27-18. It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-234 advisory. - In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE...
NewStart CGSL MAIN 6.02 : cyrus-sasl Vulnerability (NS-SA-2022-0088)
The remote NewStart CGSL host, running version MAIN 6.02, has cyrus-sasl packages installed that are affected by a vulnerability: - In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. CVE-2022-24407 Note that Nessus h...
NewStart CGSL CORE 5.04 / MAIN 5.04 : cyrus-sasl Vulnerability (NS-SA-2022-0077)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has cyrus-sasl packages installed that are affected by a vulnerability: - In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. CVE-2022-24407 Note...
Huawei EulerOS: Security Advisory for cyrus-sasl (EulerOS-SA-2022-2552)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 3.0.6.0 : cyrus-sasl (EulerOS-SA-2022-2552)
According to the versions of the cyrus-sasl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE...
Huawei EulerOS: Security Advisory for cyrus-sasl (EulerOS-SA-2022-2177)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for cyrus-sasl (EulerOS-SA-2022-2049)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...