CVE-2022-24854 Database bypassing any permissions in Metabase via SQlite attach

Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called ATTACH DATABASE, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach...

CVE-2022-24854

Summary of CVE-2022-24854 (Metabase) : Metabase uses SQLite with an FDW-like feature called ATTACH DATABASE. If an attacker has SQL permissions on at least one SQLite database, they can attach that database to a second one and query across all attached tables. Exploitation requires knowledge of t...

CVE-2022-24854 Database bypassing any permissions in Metabase via SQlite attach

Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called ATTACH DATABASE, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach...

Metabase 安全漏洞

Metabase is an open source data analytics platform from Metabase, Inc. in the United States. Metabase suffers from a security vulnerability that stems from the fact that SQLite has an FDW-like feature called ATTACH DATABASE that allows multiple SQLite databases to be connected via an initial join...

Amazon Corretto Java 8.x < 8.242.07.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 8 8.242.07.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-8-2020-Jan-14 advisory. - OpenJFX libxslt CVE-2019-13117, CVE-2019-13118 - OpenJFX SQLite CVE-2019-16168 - Serialization...

SUSE SLED15 / SLES15 Security Update : perl-DBD-SQLite (SUSE-SU-2022:0953-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:0953-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

openSUSE 15 Security Update : perl-DBD-SQLite (openSUSE-SU-2022:0953-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2022:0953-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 70300 C...

SUSE: Security Advisory (SUSE-SU-2022:0953-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for perl-DBD-SQLite (openSUSE-SU-2022:0953-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fennec - Artifact Collection Tool For *Nix Systems

fennec is an artifact collection tool written in Rust to be used during incident response on nix based systems. fennec allows you to write a configuration file that contains how to collect artifacts. Features A single statically compiled binary Execute any osquery SQL query Execute system command...

OPENSUSE-SU-2022:0953-1 Security update for perl-DBD-SQLite

This update for perl-DBD-SQLite fixes the following issues: - updated to 1.66 - Use external sqlite3 library rather than internal code. bsc1195771...

SUSE-SU-2022:0953-1 Security update for perl-DBD-SQLite

This update for perl-DBD-SQLite fixes the following issues: - updated to 1.66 - Use external sqlite3 library rather than internal code. bsc1195771...

Security update for perl-DBD-SQLite (moderate)

openSUSE Security Update: Security update for perl-DBD-SQLite Announcement ID: openSUSE-SU-2022:0953-1 Rating: moderate References: 1195771 Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 An update that contains security fixes can now be installed. Description: This update for...

[SECURITY] Fedora 36 Update: libspatialite-5.0.1-12.fc36

SpatiaLite is a a library extending the basic SQLite core in order to get a full fledged Spatial DBMS, really simple and lightweight, but mostly OGC-SFS compliant...

CVE-2022-25577

ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system are able to read and modify the data...

CVE-2022-25577

ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system are able to read and modify the data...

Hardcoded credentials

ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system are able to read and modify the data...

CVE-2022-25577

ALF-BanCO vulnerable: v8.2.5 and earlier use a hardcoded password to encrypt the SQLite database, enabling read/modify access if an attacker gains remote or local system access. Root cause: hardcoded credentials in the application; affected component is the ALF-BanCO data encryption path for the ...

CVE-2022-25577

ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system are able to read and modify the data...

ALF-BanCo 信任管理问题漏洞

ALF-BanCo is a home banking software from the German company ALF-BanCo. It can manage various bank accounts, Paypal accounts and many credit cards. A trust management issue vulnerability exists in ALF-BanCO version v8.2.5, which originates from hard-coding passwords to encrypt SQLite databases...