Kysely has a MySQL SQL Injection via Backslash Escape Bypass in non-type-safe usage of JSON path keys.

Summary The sanitizeStringLiteral method in Kysely's query compiler escapes single quotes ' → '' but does not escape backslashes. On MySQL with the default BACKSLASHESCAPES SQL mode, an attacker can inject a backslash before a single quote to neutralize the escaping, breaking out of the JSON path...

PT-2026-26762

Name of the Vulnerable Software and Affected Versions Kysely versions prior to 0.28.14 Description Kysely's DefaultQueryCompiler.sanitizeStringLiteral function inadequately escapes backslashes when handling string literals. Specifically, it only doubles single quotes but does not address...

EUVD-2009-4406

Malware in sbrugna...

IBM DB2 10.5 < Fix Pack 8 Multiple DoS

According to its version, the installation of IBM DB2 10.5 running on the remote host is prior to Fix Pack 8. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists in the SQLNPSCOPETRIAL function due to improper handling of SQL statements. An...

IBM DB2 10.5 < Fix Pack 8 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 10.5 running on the remote host is prior to Fix Pack 8. It is, therefore, affected by the following vulnerabilities : - A local privilege escalation vulnerability exists due to insecurely loading binaries planted in a location that a SETGID or...

IBM DB2 9.7 < Fix Pack 11 Multiple Vulnerabilities

Binary data 9589.prm...

IBM DB2 Multiple Vulnerabilities (Oct10)

The host is running IBM DB2 and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbibmdb2multvulnoct10.nasl 7585 2017-10-26 15:03:01Z cfischer $ IBM DB2 Multiple Vulnerabilities Oct10 Authors: Antu Sanadi Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Code injection

The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service CPU consumption via a crafted query involving certain UNION ALL views, leading to an indefinitely large amount of compilation time...

CVE-2010-3735

The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service CPU consumption via a crafted query involving certain UNION ALL views, leading to an indefinitely large amount of compilation time...

CVE-2009-4438

The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a 1 sequence or 2 global-variable object, which allows remote authenticated users to make use of data via unspecified vectors...

CVE-2009-4439

Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service instance crash by compiling a SQL query...

Code injection

The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a 1 sequence or 2 global-variable object, which allows remote authenticated users to make use of data via unspecified vectors...

CVE-2009-4438

The CVE-2009-4438 issue affects IBM DB2: Query Compiler/Rewrite/Optimizer in DB2 9.1 (before FP8), 9.5 (before FP5), and 9.7 (before FP1) fails to enforce privileges for accessing a (1) sequence or (2) global-variable object, enabling remote authenticated users to access data via unspecified vect...

CVE-2009-4438

The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a 1 sequence or 2 global-variable object, which allows remote authenticated users to make use of data via unspecified vectors...

CVE-2009-4439

Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service instance crash by compiling a SQL query...

IBM DB2 Self Tuning Memory Manager (STMM) DOS Vulnerability (Windows)

The host is installed with IBM DB2 and is prone to Denial of Service vulnerability. OpenVAS Vulnerability Test $Id: secpodibmdb2stmmdosvulnwin.nasl 5055 2017-01-20 14:08:39Z teissa $ IBM DB2 Self Tuning Memory Manager STMM DOS Vulnerability Windows Authors: Antu Sanadi Updated By: Antu Sanadi on...

IBM Db2 Self Tuning Memory Manager (STMM) DOS Vulnerability - Linux

IBM Db2 is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ibm:db2"; ifdescription...

IBM DB2 Self Tuning Memory Manager (STMM) DOS Vulnerability (Linux)

The host is installed with IBM DB2 and is prone to Denial of Service vulnerability. OpenVAS Vulnerability Test $Id: secpodibmdb2stmmdosvulnlin.nasl 5055 2017-01-20 14:08:39Z teissa $ IBM DB2 Self Tuning Memory Manager STMM DOS Vulnerability Linux Authors: Antu Sanadi Updated By: Antu Sanadi on...

IBM DB2 UDB Multiple Unspecified Vulnerabilities (Linux)

The host is installed with IBM DB2 and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodibmudbdb2multvulnlin.nasl 5055 2017-01-20 14:08:39Z teissa $ IBM DB2 UDB Multiple Unspecified Vulnerabilities Linux Authors: Antu Sanadi Updated By: Antu Sanadi on 2009/12/29 6444...