15 matches found
PT-2026-24610
In MariaDB server version through 11.8.5, when server audit plugin is enabled with server audit events variable configured with QUERY DCL, QUERY DDL, or QUERY DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the stateme...
EUVD-2021-0250
Malware in sbrugna...
CLSA-2025-1758293394 postgresql: Fix of 2 CVEs
CVE-2025-8714: prevent execution of unsafe meta-commands in plain-text dumps pgdump/pgrestore/pgdumpall, psql restricted mode - CVE-2025-8715: sanitize newlines in object names to avoid unsafe SQL comments in dumps...
CVE-2022-24827
Elide (Java) SQL Injection vulnerability (CVE-2022-24827) affects analytic queries that use Parameterized Columns of type TEXT in the Elide Aggregation Data Store. The issue stems from the TEXT parameter handling that can be interpreted as SQL comments (–) after a patch in 6.1.2, allowing bypass ...
CVE-2021-32839
A resource-consumption flaw was found in python-sqlparse. The formatter function that strips comments from SQL contains a regular expression that is vulnerable to Regular Expression Denial of Service ReDoS. A network attacker could craft an SQL comment containing numerous repetitions of '\r\n' th...
Design/Logic Flaw
sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. On...
StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service)
Impact The formatter function that strips comments from a SQL contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. Patches The...
hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...
hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...
hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...
DEBIAN-CVE-2020-25638
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...
CVE-2020-25638
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...
hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...
CVE-2020-25638
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...
PT-2020-6584 · Unknown +4 · Hibernate-Core +4
Name of the Vulnerable Software and Affected Versions: hibernate-core versions prior to and including 5.4.23.Final Description: A flaw was found in the implementation of the JPA Criteria API, which can permit unsanitized literals when a literal is used in the SQL comments of the query, allowing a...