org.apache.camel.kafkaconnector:camel-aws-redshift-sink-kafka-connector (>=4.0.0 <=4.0.3), org.apache.camel.kafkaconnector:camel-aws-redshift-source-kafka-connector (>=4.0.0 <=4.0.3) +17 more potentially affected by CVE-2024-22369 via org.apache.camel:camel-sql (>=4.0.0 <=4.0.3)

org.apache.camel:camel-sql MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =3.2.0, =3.4.0 - org.apache.camel.quar...

org.apache.camel.quarkus:camel-quarkus-integration-test-jta (>=3.5.0 <=3.35.0), org.apache.camel.quarkus:camel-quarkus-integration-test-langchain4j-tools (=3.35.0) +8 more potentially affected by CVE-2024-22369 via org.apache.camel:camel-sql (>=4.1.0 <=4.3.0)

org.apache.camel:camel-sql MAVEN version =4.1.0, =3.5.0, =3.5.0, =3.5.0, =3.5.0, =3.5.0, =4.1.0, =9.1.0, =9.1.0, =9.1.0, =10.0.0 Source cves: CVE-2024-22369 Source advisory: OSV:GHSA-36XR-4X2F-CFJ9...

Microsoft WDAC OLE DB provider for SQL Security Vulnerability

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft WDAC OLE DB provider for SQL. An attacker could exploit the vulnerability to remotely execute code. The following product...

SUSE CVE-2021-35645

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2023-41891

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...

Design/Logic Flaw

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...

CVE-2023-41891 FlyteAdmin SQL Injection in List Filters

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...

CVE-2023-41891

FlyteAdmin’s list endpoints are vulnerable to SQL injection in versions prior to 1.1.124, where a malicious user can send REST requests with custom SQL statements as list filters. The attacker must have access to the FlyteAdmin installation (typically behind VPN or authenticated access). A patch ...

Flyte Admin SQL Injection in List Filters

Impact List endpoints on Flyte Admin has a SQL vulnerability where a malicious user can send a REST requests with custom SQL statements as list filters. Workarounds The attacker needs to have access to the flyteadmin installation typically either behind a VPN or authentication. References...

PT-2023-28148 · Unknown · Flyteadmin

Name of the Vulnerable Software and Affected Versions: FlyteAdmin versions prior to 1.1.124 Description: The issue concerns a SQL vulnerability in list endpoints on FlyteAdmin, where a malicious user can send a REST request with custom SQL statements as list filters. This requires the attacker to...

Sql injection

Election Services Co. ESC Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused...

Important: libpq

Issue Overview: A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. CVE-2021-23222 A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged...

CVE-2023-31617

An issue in the dksetdelete component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2023-31629

An issue in the sqlounionscope component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2023-31628

An issue in the stricmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2023-30839 PrestaShop vulnerable to SQL filter bypass leading to arbitrary write requests using "SQL Manager"

PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7.8.9 contain a patch for this issue. There are ...

Sql injection

Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php...

The vulnerability of the Cloud Disk cloud storage solution for ASUS RT-AC68U router microprogramming software allows a hacker to disclose protected information.

The vulnerability of the Cloud Disk cloud storage solution for ASUS RT-AC68U router microprogramming software is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow a malicious actor to disclose the protected information remotely...

CVE-2022-48114

RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable...

The vulnerability of SAP SQL Anywhere relational database management systems lies in the lack of protective measures for SQL query structures, allowing attackers to trigger service failures.

The vulnerability of SAP SQL Anywhere relational database management systems is related to the lack of measures taken to protect SQL query structures. Exploiting this vulnerability allows a malicious actor to cause service interruptions by using specially crafted queries, utilizing the ARRAY arra...