213 matches found
Debian dla-4300 : libapache2-mod-shib - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4300 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4300-1 [email protected] https://www.debian.org/lts/security/...
CVE-2025-9943
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...
CVE-2025-9943
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...
UBUNTU-CVE-2025-9943
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...
CVE-2025-9943 Unauthenticated SQL Injection Vulnerability in Shibboleth Service Provider
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...
CVE-2025-9943
CVE-2025-9943 describes an SQL injection in the Shibboleth Service Provider (SP) when the replay cache uses an SQL store via the ODBC plugin. The root cause is insufficient escaping of single quotes in the class SQLString (odbc-store.cpp, lines 253–271), allowing a blind SQL injection by an unaut...
CVE-2025-9943
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...
CVE-2025-5662 Deserialization Vulnerability in h2oai/h2o-3
A deserialization vulnerability exists in the H2O-3 REST API POST /99/ImportSQLTable that affects all versions up to 3.46.0.7. This vulnerability allows remote code execution RCE due to improper validation of JDBC connection parameters when using a Key-Value format. The vulnerability is present i...
H2O 代码问题漏洞
H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A code issue vulnerability exists in H2O 3.46.0.7 and prior versions that stems from insufficient validation of JDBC connection parameters, which could lead to remote code execution...
PT-2025-34686 · Dataease · Dataease
Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.12 Description: DataEase is an open-source business intelligence and data visualization tool. Prior to version 2.10.12, a H2 JDBC Remote Code Execution RCE bypass exists. If the JDBC URL meets specific criteria...
Linux Distros Unpatched Vulnerability : CVE-2022-26651
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The funcodbc module provides possibly inadequate escaping...
Unspecified Vulnerability in Oracle Database Server (CNVD-2025-24078)
Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing and other functions. Oracle Database Server has a security vulnerability in Oracle Database Server JDBC that...
The vulnerability of the JDBC component of the Oracle Database Server database management system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the JDBC component of the Oracle Database Server management database system is related to access control errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
DataEase 安全漏洞
DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. DataEase version 2.10.11 before the existence of a security vulnerability , the...
The vulnerability of the JDBC driver pgjdbc, which allows Java programs to connect to PostgreSQL databases, enables attackers to execute “man-in-the-middle” attacks.
The vulnerability of the JDBC driver pgjdbc, which allows Java programs to connect to PostgreSQL databases, is related to deficiencies in the authentication process. Exploiting this vulnerability could enable a malicious actor to carry out a “man-in-the-middle” attack...
Improper Handling of Invalid Use of Special Elements
Overview Affected versions of this package are vulnerable to Improper Handling of Invalid Use of Special Elements through the JDBC interface. An attacker can read arbitrary files by inserting special characters into JDBC URL and potentially access or modify data without proper authorisation...
Apache InLong 代码问题漏洞
Apache InLong is a one-stop mass data integration framework from the Apache USA Foundation. It provides automated, secure, and reliable data transfer capabilities. A code issue vulnerability exists in Apache InLong versions 1.13.0 to 2.1.0, which stems from deserializing untrustworthy data and...
CVE-2014-9702
system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information username and password via any request, such as a password reset request...
DataEase 安全漏洞
DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A security vulnerability exists in DataEase versions prior to 2.10.8 that...
IBM Data Virtualization Manager 安全漏洞
IBM Data Virtualization Manager is a general-purpose query engine from International Business Machines IBM that performs distributed and virtualized queries across databases, data warehouses, data lakes, and streaming data. A code execution vulnerability exists in IBM Data Virtualization Manager...