Lucene search
+L

1028 matches found

Debian
Debian
added 2025/09/07 2:18 p.m.4 views

[SECURITY] [DSA 5994-1] shibboleth-sp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5994-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 07, 2025 https://www.debian.org/security/faq -...

7.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/09/07 12:0 a.m.3 views

Debian dsa-5994 : libapache2-mod-shib - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-5994 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5994-1 [email protected] https://www.debian.org/security/...

5.9AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/05 12:0 a.m.2 views

FreeBSD : Shibboleth Service Provider -- SQL injection vulnerability in ODBC plugin (9f9b0b37-88fa-11f0-90a2-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9f9b0b37-88fa-11f0-90a2-6cc21735f730 advisory. Internet2 reports: The Shibboleth Service Provider includes a storage API usable for a number of...

6AI score
Exploits0References2
FreeBSD
FreeBSD
added 2025/09/03 12:0 a.m.3 views

Shibboleth Service Provider -- SQL injection vulnerability in ODBC plugin

Internet2 reports: The Shibboleth Service Provider includes a storage API usable for a number of different use cases such as the session cache, replay cache, and relay state management. An ODBC extension plugin is provided with some distributions of the software notably on Windows. A SQL injectio...

7.6AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:55 a.m.11 views

CVE-2023-34364

A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an...

9.8CVSS7.7AI score0.01609EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:55 a.m.14 views

CVE-2023-34363

An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security OAS encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses a...

5.9CVSS6.7AI score0.00327EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:48 p.m.11 views

CVE-2022-29972

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver 1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52 may allow a local user to execute arbitrary code...

7.8CVSS7.4AI score0.03686EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:22 p.m.14 views

CVE-2022-21411

Vulnerability in the RDBMS Gateway / Generic ODBC Connectivity component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to...

5.5CVSS5.5AI score0.00548EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:9 p.m.8 views

CVE-2022-29971

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena ODBC Driver 1.1.1 through 1.1.x before 1.1.17 may allow a local user to execute arbitrary code...

7.8CVSS7.3AI score0.00346EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:49 a.m.10 views

CVE-2017-11614

MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. Connex utilize...

9.8CVSS6.7AI score0.01103EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:17 a.m.12 views

CVE-2019-2799

Vulnerability in the Oracle ODBC Driver component of Oracle Database ServerPRIVILEGE CANNOT BE NONE FOR AUTHENTICATED ATTACKS. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Difficult to exploit vulnerability allows low privileged attacker having None privilege wit...

7.5CVSS6.5AI score0.0123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:6 a.m.8 views

CVE-2012-4976

selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sysassetid request, which is not properly handled during construction of an error page...

5CVSS7AI score0.01186EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:44 a.m.8 views

CVE-2010-4121

The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the...

7.5CVSS7.6AI score0.03222EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:34 a.m.8 views

CVE-2012-3133

Buffer overflow in the DataDirect ODBC driver, as used in Oracle Hyperion Interactive Reporting 11.1.2.1 and 11.1.2.2, Essbase Server 11.1.2.1 and 11.1.2.2, Production Reporting Server 11.1.2.1 and 11.1.2.2, and Integration Services Server 11.1.2.1 and 11.1.2.2 has unknown impact and attack vecto...

6.8CVSS6.9AI score0.01095EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/30 12:13 a.m.26 views

CVE-2025-46614

In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive Information into a Log File...

3.3CVSS7.7AI score0.0013EPSS
Exploits0References1
NVD
NVD
added 2025/04/28 4:15 p.m.15 views

CVE-2025-46614

In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive Information into a Log File...

3.3CVSS0.0013EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/28 12:0 a.m.6 views

PT-2025-18087 · Snowflake · Snowflake Jdbc Driver

Name of the Vulnerable Software and Affected Versions: Snowflake ODBC Driver versions prior to 3.7.0 Description: The issue concerns the logging of sensitive information. In certain code paths, the whole SQL query was logged at the INFO level. This could potentially lead to the exposure of...

3.3CVSS7AI score0.0013EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/04/28 12:0 a.m.8 views

CVE-2025-46614

In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive Information into a Log File...

3.3CVSS4.5AI score0.0013EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/28 12:0 a.m.19 views

CVE-2025-46614

In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive Information into a Log File...

3.3CVSS0.0013EPSS
Exploits0References1
CVE
CVE
added 2025/04/28 12:0 a.m.80 views

CVE-2025-46614

The CVE-2025-46614 issue affects the Snowflake ODBC Driver prior to 3.7.0, where certain code paths log the entire SQL query at INFO level, enabling potential exposure of sensitive information. This vulnerability has a low base score (CVSS 3.1: 3.3) with LOCAL, LOW impact on confidentiality and n...

3.3CVSS7.7AI score0.0013EPSS
Exploits0References1
Rows per page
Query Builder