1028 matches found
[SECURITY] [DSA 5994-1] shibboleth-sp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5994-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 07, 2025 https://www.debian.org/security/faq -...
Debian dsa-5994 : libapache2-mod-shib - security update
The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-5994 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5994-1 [email protected] https://www.debian.org/security/...
FreeBSD : Shibboleth Service Provider -- SQL injection vulnerability in ODBC plugin (9f9b0b37-88fa-11f0-90a2-6cc21735f730)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9f9b0b37-88fa-11f0-90a2-6cc21735f730 advisory. Internet2 reports: The Shibboleth Service Provider includes a storage API usable for a number of...
Shibboleth Service Provider -- SQL injection vulnerability in ODBC plugin
Internet2 reports: The Shibboleth Service Provider includes a storage API usable for a number of different use cases such as the session cache, replay cache, and relay state management. An ODBC extension plugin is provided with some distributions of the software notably on Windows. A SQL injectio...
CVE-2023-34364
A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an...
CVE-2023-34363
An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security OAS encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses a...
CVE-2022-29972
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver 1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52 may allow a local user to execute arbitrary code...
CVE-2022-21411
Vulnerability in the RDBMS Gateway / Generic ODBC Connectivity component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to...
CVE-2022-29971
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena ODBC Driver 1.1.1 through 1.1.x before 1.1.17 may allow a local user to execute arbitrary code...
CVE-2017-11614
MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. Connex utilize...
CVE-2019-2799
Vulnerability in the Oracle ODBC Driver component of Oracle Database ServerPRIVILEGE CANNOT BE NONE FOR AUTHENTICATED ATTACKS. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Difficult to exploit vulnerability allows low privileged attacker having None privilege wit...
CVE-2012-4976
selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sysassetid request, which is not properly handled during construction of an error page...
CVE-2010-4121
The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the...
CVE-2012-3133
Buffer overflow in the DataDirect ODBC driver, as used in Oracle Hyperion Interactive Reporting 11.1.2.1 and 11.1.2.2, Essbase Server 11.1.2.1 and 11.1.2.2, Production Reporting Server 11.1.2.1 and 11.1.2.2, and Integration Services Server 11.1.2.1 and 11.1.2.2 has unknown impact and attack vecto...
CVE-2025-46614
In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive Information into a Log File...
CVE-2025-46614
In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive Information into a Log File...
PT-2025-18087 · Snowflake · Snowflake Jdbc Driver
Name of the Vulnerable Software and Affected Versions: Snowflake ODBC Driver versions prior to 3.7.0 Description: The issue concerns the logging of sensitive information. In certain code paths, the whole SQL query was logged at the INFO level. This could potentially lead to the exposure of...
CVE-2025-46614
In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive Information into a Log File...
CVE-2025-46614
In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive Information into a Log File...
CVE-2025-46614
The CVE-2025-46614 issue affects the Snowflake ODBC Driver prior to 3.7.0, where certain code paths log the entire SQL query at INFO level, enabling potential exposure of sensitive information. This vulnerability has a low base score (CVSS 3.1: 3.3) with LOCAL, LOW impact on confidentiality and n...