@nocobase/database has SQL Injection via String Concatenation through Recursive Eager Loading

Summary The queryParentSQL function in the core database package constructs a recursive CTE query by joining nodeIds with string concatenation instead of using parameterized queries. The nodeIds array contains primary key values read from database rows. An attacker who can create a record with a...

PT-2026-34609

Name of the Vulnerable Software and Affected Versions @nocobase/database versions prior to 2.0.39 Description An issue exists in the queryParentSQL function within the core database package where a recursive CTE query is constructed by joining nodeIds using string concatenation instead of...

Eaton Foreseer Reporting Software 安全漏洞

Eaton Foreseer Reporting Software is a report generation tool for electrical power monitoring systems EPMS from Eaton Corporation that collects power data in real-time and generates analytical reports to help organizations optimize energy management and equipment performance. A security...

Vulnerabilities fixed in Oracle Database products

Oracle has fixed vulnerabilities in several database products and subsystems, including the Core Database, Grail, Application Express, GoldenGate and REST data. The vulnerabilities are in several components of the Oracle Database, including the Data Mining component and the Java VM. These...

Vulnerabilities fixed in Oracle Database products

Oracle has fixed vulnerabilities in several Database products and subsystems, including the Core database, Application Express, Autonomous Health Framework, Essbase, GoldenGate, SQL Developer and Secure Backup. A malicious party can exploit the vulnerabilities to launch attacks that can lead to t...

CVE-2022-21247

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise...

CVE-2021-35557

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS...

CVE-2021-2330

Vulnerability in the Core RDBMS component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this...

CVE-2021-2330

Vulnerability in the Core RDBMS component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this...

CVE-2020-2737

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via...

The vulnerability of the Core RDBMS component of the database management system Oracle Database Server allows a hacker to cause a service failure.

The vulnerability of the Core RDBMS component of the database management system, Oracle Database Server, is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to completely disrupt service delivery using the OracleNet network protocol...

CVE-2020-2527

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Index, Create Table privilege with network access via OracleNet to compromi...

PT-2020-1534 · Oracle · Oracle Database Server +1

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 12.1.0.2, 12.2.0.1, 18c, and 19c Description: The issue is related to a vulnerability in the Core RDBMS component of Oracle Database Server, allowing a high-privileged attacker with Create Index and Create Tabl...

The vulnerability of the Core RDBMS component of the database management system Oracle Database Server allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the Core RDBMS component of the database management system, Oracle Database Server, is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to modify, add, or delete data using the Oracle Net protoc...

The vulnerability of the Core RDBMS component of the database management system Oracle Database Server allows a hacker to gain access to read, modify, or delete data, or to cause a service failure.

The vulnerability of the Core RDBMS component of the database management system Oracle Database Server is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain read, modify, add, or delete access to data, or cause service interruptions through...

CVE-2019-2956

Vulnerability in the Core RDBMS jackson-databind component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocol...

CVE-2019-2939

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While th...

CVE-2019-2734

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session, Execute on DBMSADVISOR privilege with network access via OracleNet to...

CVE-2019-2776

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Index privilege with network access via OracleNet to compromise Core...

@arkecosystem/core (>=2.1.0 <=2.7.26), @arkecosystem/core-database-postgres (>=0.2.0 <=2.7.26) +222 more potentially affected by unknown CVE via sql (>=0.0.5 <=0.78.0)

sql NPM version =0.0.5, =2.1.0, =0.2.0, =2.4.0, =0.1.0, =2.1.0, =1.0.0, =1.0.0, =2.0.0-alpha.1, =2.0.0-pre.12, =2.0.0-alpha.1, =1.0.0, =0.20.1, =0.4.4, =1.1.0, =1.2.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-8F93-RV4P-X4JW...