13 matches found
Astra Linux - уязвимость в cyrus-sasl2
In Cyrus SASL 2.1.17 through 2.1.27 up to 2.1.28, the plugins/sql.c file does not escape the password used in SQL INSERT or UPDATE statements...
Siemens SIMATIC S7-1500 Improper Neutralization of Special Elements used in an SQL Command (CVE-2022-24407)
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
SUSE CVE-2018-20106
In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a password in yast...
SUSE CVE-2022-24407
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement...
MGASA-2022-0111 Updated cyrus-sasl packages fix security vulnerability
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. CVE-2022-24407...
OESA-2022-1557 cyrus-sasl security update
The package contains the Cyrus implementation of SASL. SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. Security Fixes: In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for ...
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28 plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
...
CLSA-2022-1646061262 Fix CVE(s): CVE-2022-24407
SECURITY UPDATE: SQL injection in SQL plugin - debian/patches/CVE-2022-24407.patch: escape password for SQL insert/update commands in plugins/sql.c. - CVE-2022-24407...
DEBIAN-CVE-2022-24407
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement...
ALPINE-CVE-2022-24407
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement...
Default credentials
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement...
CVE-2018-20106
In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a password in yast...
Code injection
In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a password in yast...