amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection

Summary amazon-redshift-python-driver is the official Python connector for Amazon Redshift. In versions 2.1.13 and earlier, the driver insufficiently validates data received from the server during query result processing. A rogue server or man-in-the-middle could leverage this to execute arbitrar...

OPENSUSE-SU-2025:15831-1 chromedriver-143.0.7499.146-1.1 on GA media

These are all security issues fixed in the chromedriver-143.0.7499.146-1.1 package on the GA media of openSUSE Tumbleweed...

EUVD-2025-199779

A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drvgen5106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to return the device to network visibility...

CVE-2025-0657

A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drvgen5106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to return the device to network visibility...

CVE-2025-5662

A deserialization vulnerability exists in the H2O-3 REST API POST /99/ImportSQLTable that affects all versions up to 3.46.0.7. This vulnerability allows remote code execution RCE due to improper validation of JDBC connection parameters when using a Key-Value format. The vulnerability is present i...

Microsoft Windows - Storage QoS Filter Driver Checker

Titles: Microsoft Windows - Storage QoS Filter Driver Checker Author: nu11secur1ty Date: 08/04/2025 Vendor: Microsoft Software: https://www.microsoft.com/en-us/software-download/windows11 Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49730 Description This PowerShell...

CVE-2025-5279 Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin

When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to intercept the token exchange process and retrieve an access...

CVE-2024-10553

A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are...

CVE-2024-12746

A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 Windows or Linux allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.6.0 or revert to driver version 2.1.4.0...

CVE-2024-12745 SQL Injection in the Amazon Redshift Python Connector affecting v2.1.4

A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the getschemas, gettables, or getcolumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver version 2.1.3...

MongoDB Security Vulnerabilities

MongoDB is a document-oriented database management system from the American company MongoDB. A security vulnerability exists in the version of libbson prior to MongoDB C Driver 1.27.1, which stems from a buffer overflow vulnerability in bsonstringappend that results in memory corruption in adjace...

Insyde Software Corp SEG Windows Driver 安全漏洞

Insyde Software Corp SEG Windows Driver is a driver for managing and processing system events from Insyde Software Corp China. A security vulnerability exists in Insyde Software Corp SEG Windows Driver version v100.00.07.02, which originates from a security flaw in the component segwindrvx64.sys...

PT-2024-6161 · Unknown · Tap-Windows6

Name of the Vulnerable Software and Affected Versions: tap-windows6 driver version 9.26 and earlier Description: The issue is related to the tap-windows6 driver not properly checking the size data of incoming write operations, which can be used by an attacker to overflow memory buffers. This can...

CVE-2023-26592

Deserialization of untrusted data in some IntelR ThunderboltTM DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable a denial of service via local access...

Low performance with Intel X710/XL710/X722

Creating a snapshot on Citrix Hypervisor 8.2 CU1 might be slower than XenServer 7.1 when using the following driver and firmware. Driver: i40e: IntelR 40-10 Gigabit Ethernet Connection Network Driver - version 2.9.21 Firmware: fw 8.71.63306 api 1.11 nvm 10.54.7...

CVE-2022-34849

Uncaught exception in the IntelR IrisR Xe MAX drivers for Windows before version 100.0.5.1436v2 may allow a privileged user to potentially enable denial of service via local access...

NVIDIA graphics driver 代码问题漏洞

NVIDIA graphics driver is a graphics driver from NVIDIA. A security vulnerability exists in the NVIDIA graphics driver that originates from mishandling of the NVIDIA graphics driver, resulting in a null pointer dereference, which can be exploited by an attacker to cause a denial of service, and...

CVE-2020-8681

Out of bounds write in system driver for some IntelR Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable escalation of privilege via local access...

Synaptics Fingerprint Vulnerabilities - Lenovo Support US

No description provided...

Realtek Audio Driver Vulnerability - Lenovo Support US

Lenovo Security Advisory: LEN-30506 Potential Impact: DLL preloading and potential abuses Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2019-19705 Summary Description: Realtek has released a software security update for the Realtek Audio Drivers for Windows. This update...