11 matches found
CVE-2025-10703
Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...
CVE-2025-10702
Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...
Security Bulletin: IBM Cloud Pak for Data Affected by Malicious File Upload Vulnerability (CVE-2022-36769)
Summary IBM Cloud Pak for Data could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-36769 DESCRIPTION: IBM Cloud Pak for Data could allow a...
CVE-2023-22886 Apache Airflow JDBC Provider: RCE Vulnerability
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s Connection URL parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission...
Security Bulletin: IBM InfoSphere Information Server is affected by a remote code execution vulnerability in HSQLDB (CVE-2022-41853)
Summary A remote code execution vulnerability in HSQLDB used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-41853 DESCRIPTION: HSQLDB could allow a remote attacker to execute arbitrary code on the system, caused by improper validation of user-supplied inp...
Remote code execution
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has remote code execution vulnerability. JDBC drivers are not validated prior to use and may be provided by users of the system. This can lead to code execution by any basic user who has access to...
CVE-2022-24861 Remote Code Execution in Databasir
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has remote code execution vulnerability. JDBC drivers are not validated prior to use and may be provided by users of the system. This can lead to code execution by any basic user who has access to...
CVE-2022-24861 Remote Code Execution in Databasir
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has remote code execution vulnerability. JDBC drivers are not validated prior to use and may be provided by users of the system. This can lead to code execution by any basic user who has access to...
[SECURITY] Fedora 29 Update: c3p0-0.9.5.4-1.fc29
c3p0 is an easy-to-use library for augmenting traditional JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 standard extension...
[SECURITY] Fedora 30 Update: c3p0-0.9.5.4-1.fc30
c3p0 is an easy-to-use library for augmenting traditional JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 standard extension...
PT-2019-5029 · Mchange +4 · C3P0 +4
Name of the Vulnerable Software and Affected Versions: c3p0 versions prior to 0.9.5.4 Description: The issue is related to errors in processing XML entities in the ConfigXmlUtils function of the c3p0 library for JDBC drivers. This can be exploited by a remote attacker to cause a denial of service...