CVE-2024-57630

An issue in the expscard component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2024-57659

An issue in the sqlgparalleltsseq component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2024-57627

The CVE-2024-57627 vulnerability affects MonetDB Server v11.49.1, specifically the gc_col component. The connected sources report that an issue in gc_col can be exploited to cause a Denial of Service via crafted SQL statements. No concrete details on the root cause, impacted subcomponents, or exa...

CVE-2024-57656

Summary of CVE-2024-57656 (CVE-2024-57656) : OpenLink Virtuoso Open-Source v7.2.11 contains a DoS vulnerability in the sqlc_add_distinct_node component triggered by crafted SQL statements, as documented in multiple security advisories. The issue affects virtuoso-opensource in affected deployments...

CVE-2024-57635

CVE-2024-57635 affects the Virtuoso Open-Source stack in the package family virtuoso-opensource. The connected sources confirm a vulnerability in the chash_array component of openlink virtuoso-opensource v7.2.11 that allows an attacker to trigger a Denial of Service (DoS) via crafted SQL statemen...

python-sql SQL injection vulnerability

A vulnerability was found in python-sql where unary operators do not escape non-Expression like And and Or which makes any system exposing those vulnerable to an SQL injection attack...

GHSA-PQ9P-PC3P-9HM4 python-sql SQL injection vulnerability

A vulnerability was found in python-sql where unary operators do not escape non-Expression like And and Or which makes any system exposing those vulnerable to an SQL injection attack...

CVE-2024-9774 Python-sql: python-sql unary operators does not escape non-expression

A vulnerability was found in python-sql where unary operators do not escape non-Expression...

Fedora 41 : python-sql (2024-1a2f1733ad)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-1a2f1733ad advisory. - update to 1.5.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

openSUSE 15 Security Update : python-python-sql (openSUSE-SU-2024:0413-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0413-1 advisory. - CVE-2024-9774: Fixed that unary operators does not escape non-Expression boo1234653. Tenable has extracted the preceding description block directly fro...

CVE-2024-4995 Protocol Downgrade in Wapro ERP Desktop

Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before 9.00.0...

CVE-2024-4995 Protocol Downgrade in Wapro ERP Desktop

Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before 9.00.0...

The vulnerability of the __nss_database_lookup component in the Virtuoso-opensource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the nssdatabaselookup component in the Virtuoso-opensource web application development platform is related to improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to trigger a service failure using specially create...

USN-6968-2: PostgreSQL vulnerability

USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and PostgreSQL-16 This update provides the corresponding updates for PostgreSQL-9.5 in Ubuntu 16.04 LTS. Original advisory details: Noah Misch discovered that PostgreSQL incorrectly handled certain SQL objects. An attacker could...

The vulnerability in the implementation of the subscribes_delete_confirm method of the comments module in the Netcat CMS system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the subscribesdeleteconfirm method in the comments module of the CMS system Netcat is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to the protected...

The vulnerability of the SQL engine of the Dell Data Analytics Engine (DDAE) in the Dell Data Lakehouse data storage platform allows a hacker to disclose protected information.

The vulnerability of the SQL engine of the Dell Data Analytics Engine DDAE in the Dell Data Lakehouse data storage platform is related to the lack of data encryption measures. Exploiting this vulnerability could allow a malicious actor to disclose protected information...

GHSA-2X36-QHX3-7M5F ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select

The implementation of the ORDER BY SQL statement in ZendDbSelect of Zend Framework 1 contains a potential SQL injection when the query string passed contains parentheses. For instance, the following code is affected by this issue: $db = ZendDb::factory / options here / ; $select = $db-select...

The vulnerability of the CMS system Macs CMS lies in the lack of protective measures for the SQL query structure, which allows attackers to gain access to read, modify, or delete data, or execute arbitrary code.

The vulnerability of the CMS system Macs CMS is related to the lack of measures taken to protect the SQL query structure during the processing of parameters resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole, deleteComment, deleteUser, allowComment, saveRole,...

CVE-2024-28934

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability...

org.apache.camel.kafkaconnector:camel-aws-redshift-sink-kafka-connector (>=1.0.0 <=3.21.0), org.apache.camel.kafkaconnector:camel-aws-redshift-source-kafka-connector (>=1.0.0 <=3.21.0) +29 more potentially affected by CVE-2024-22369 via org.apache.camel:camel-sql (>=3.0.0 <=3.21.3)

org.apache.camel:camel-sql MAVEN version =3.0.0, =1.0.0, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =3.18.1, =3.18.1, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =3.21.0...