CVE-2024-57656

Summary of CVE-2024-57656 (CVE-2024-57656) : OpenLink Virtuoso Open-Source v7.2.11 contains a DoS vulnerability in the sqlc_add_distinct_node component triggered by crafted SQL statements, as documented in multiple security advisories. The issue affects virtuoso-opensource in affected deployments...

CVE-2024-57627

The CVE-2024-57627 vulnerability affects MonetDB Server v11.49.1, specifically the gc_col component. The connected sources report that an issue in gc_col can be exploited to cause a Denial of Service via crafted SQL statements. No concrete details on the root cause, impacted subcomponents, or exa...

CVE-2024-57635

CVE-2024-57635 affects the Virtuoso Open-Source stack in the package family virtuoso-opensource. The connected sources confirm a vulnerability in the chash_array component of openlink virtuoso-opensource v7.2.11 that allows an attacker to trigger a Denial of Service (DoS) via crafted SQL statemen...

python-sql SQL injection vulnerability

A vulnerability was found in python-sql where unary operators do not escape non-Expression like And and Or which makes any system exposing those vulnerable to an SQL injection attack...

GHSA-PQ9P-PC3P-9HM4 python-sql SQL injection vulnerability

A vulnerability was found in python-sql where unary operators do not escape non-Expression like And and Or which makes any system exposing those vulnerable to an SQL injection attack...

CVE-2024-9774 Python-sql: python-sql unary operators does not escape non-expression

A vulnerability was found in python-sql where unary operators do not escape non-Expression...

Fedora 41 : python-sql (2024-1a2f1733ad)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-1a2f1733ad advisory. - update to 1.5.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

openSUSE 15 Security Update : python-python-sql (openSUSE-SU-2024:0413-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0413-1 advisory. - CVE-2024-9774: Fixed that unary operators does not escape non-Expression boo1234653. Tenable has extracted the preceding description block directly fro...

CVE-2024-4995 Protocol Downgrade in Wapro ERP Desktop

Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before 9.00.0...

CVE-2024-4995 Protocol Downgrade in Wapro ERP Desktop

Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before 9.00.0...

USN-6968-2: PostgreSQL vulnerability

USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and PostgreSQL-16 This update provides the corresponding updates for PostgreSQL-9.5 in Ubuntu 16.04 LTS. Original advisory details: Noah Misch discovered that PostgreSQL incorrectly handled certain SQL objects. An attacker could...

GHSA-2X36-QHX3-7M5F ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select

The implementation of the ORDER BY SQL statement in ZendDbSelect of Zend Framework 1 contains a potential SQL injection when the query string passed contains parentheses. For instance, the following code is affected by this issue: $db = ZendDb::factory / options here / ; $select = $db-select...

CVE-2024-28934

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability...

org.apache.camel.kafkaconnector:camel-aws-redshift-sink-kafka-connector (>=1.0.0 <=3.21.0), org.apache.camel.kafkaconnector:camel-aws-redshift-source-kafka-connector (>=1.0.0 <=3.21.0) +29 more potentially affected by CVE-2024-22369 via org.apache.camel:camel-sql (>=3.0.0 <=3.21.3)

org.apache.camel:camel-sql MAVEN version =3.0.0, =1.0.0, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =3.18.1, =3.18.1, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =3.21.0...

org.apache.camel.kafkaconnector:camel-aws-redshift-sink-kafka-connector (>=4.0.0 <=4.0.3), org.apache.camel.kafkaconnector:camel-aws-redshift-source-kafka-connector (>=4.0.0 <=4.0.3) +17 more potentially affected by CVE-2024-22369 via org.apache.camel:camel-sql (>=4.0.0 <=4.0.3)

org.apache.camel:camel-sql MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =3.2.0, =3.4.0 - org.apache.camel.quar...

org.apache.camel.quarkus:camel-quarkus-integration-test-jta (>=3.5.0 <=3.35.0), org.apache.camel.quarkus:camel-quarkus-integration-test-langchain4j-tools (=3.35.0) +8 more potentially affected by CVE-2024-22369 via org.apache.camel:camel-sql (>=4.1.0 <=4.3.0)

org.apache.camel:camel-sql MAVEN version =4.1.0, =3.5.0, =3.5.0, =3.5.0, =3.5.0, =3.5.0, =4.1.0, =9.1.0, =9.1.0, =9.1.0, =10.0.0 Source cves: CVE-2024-22369 Source advisory: OSV:GHSA-36XR-4X2F-CFJ9...

Microsoft WDAC OLE DB provider for SQL Security Vulnerability

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft WDAC OLE DB provider for SQL. An attacker could exploit the vulnerability to remotely execute code. The following product...

SUSE CVE-2021-35645

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2023-41891

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...

Design/Logic Flaw

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...