BIT-MYSQL-CLIENT-2022-27376

MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Itemargs::walkarg, which is exploited via specially crafted SQL statements...

BIT-MYSQL-CLIENT-2022-27381

An issue in the component Field::setdefault of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

BIT-MYSQL-CLIENT-2022-27384

An issue in the component Itemsubselect::initexprcachetracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

BIT-MYSQL-CLIENT-2022-27385

An issue in the component Usedtablesandconstcache::usedtablesandconstcachejoin of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

BIT-MYSQL-CLIENT-2022-27387

MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimalbinsize, which is exploited via specially crafted SQL statements...

BIT-MARIADB-2022-27376

MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Itemargs::walkarg, which is exploited via specially crafted SQL statements...

BIT-MARIADB-2022-27378

An issue in the component Createtmptable::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

BIT-MARIADB-2022-27380

An issue in the component mydecimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

BIT-MARIADB-2022-27384

An issue in the component Itemsubselect::initexprcachetracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

BIT-MARIADB-2022-27385

An issue in the component Usedtablesandconstcache::usedtablesandconstcachejoin of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

CVE-2024-24772

A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, whi...

PT-2024-20551 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 3.0.4 Apache Superset versions 3.1.0 through 3.1.0 Description: The issue is related to the improper parsing of nested SQL statements on SQLLab, allowing authenticated users to surpass their data authorizatio...

CVE-2022-43842 IBM Aspera Console SQL injection

IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 239079...

CVE-2022-43842 IBM Aspera Console SQL injection

IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 239079...

Spoofing

SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version...

SQL Injection

pimcore/admin-ui-classic-bundle is vulnerable to SQL Injection. The vulnerability is due to missing selectedIds parameter validation. Any backend user with basic permissions can execute arbitrary SQL statements...

CVE-2024-23646

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter selectedIds is susceptible to SQL Injection. Any backend user with very basic...

Logic flaw vulnerability in vastbase of Beijing Massive Data Technology Co.

vastbase is a massive database. A logic flaw vulnerability exists in vastbase, which can be exploited by an attacker to bypass all dynamic desensitization policies by constructing special SQL statements to view the original data before desensitization...

PHPGurukul Small CRM 安全漏洞

Small CRM is a customer relationship management system. Small CRM suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the Users login panel. No details of the vulnerability are available at this time...

SQL Injection

Apache Superset is vulnerable to SQL Injection. The vulnerability is due improper user input validation and sanitization in the wherein JINJA macro. This issue can be exploited by an attacker by injecting a quote within the JINJA macro resulting in the execution of arbitrary SQL statements...