CVE-2024-57635

CVE-2024-57635 affects the Virtuoso Open-Source stack in the package family virtuoso-opensource. The connected sources confirm a vulnerability in the chash_array component of openlink virtuoso-opensource v7.2.11 that allows an attacker to trigger a Denial of Service (DoS) via crafted SQL statemen...

CVE-2024-57656

Summary of CVE-2024-57656 (CVE-2024-57656) : OpenLink Virtuoso Open-Source v7.2.11 contains a DoS vulnerability in the sqlc_add_distinct_node component triggered by crafted SQL statements, as documented in multiple security advisories. The issue affects virtuoso-opensource in affected deployments...

python-sql SQL injection vulnerability

A vulnerability was found in python-sql where unary operators do not escape non-Expression like And and Or which makes any system exposing those vulnerable to an SQL injection attack...

GHSA-PQ9P-PC3P-9HM4 python-sql SQL injection vulnerability

A vulnerability was found in python-sql where unary operators do not escape non-Expression like And and Or which makes any system exposing those vulnerable to an SQL injection attack...

CVE-2024-9774 Python-sql: python-sql unary operators does not escape non-expression

A vulnerability was found in python-sql where unary operators do not escape non-Expression...

Fedora 41 : python-sql (2024-1a2f1733ad)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-1a2f1733ad advisory. - update to 1.5.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

openSUSE 15 Security Update : python-python-sql (openSUSE-SU-2024:0413-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0413-1 advisory. - CVE-2024-9774: Fixed that unary operators does not escape non-Expression boo1234653. Tenable has extracted the preceding description block directly fro...

CVE-2024-4995 Protocol Downgrade in Wapro ERP Desktop

Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before 9.00.0...

CVE-2024-4995 Protocol Downgrade in Wapro ERP Desktop

Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before 9.00.0...

USN-6968-2: PostgreSQL vulnerability

USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and PostgreSQL-16 This update provides the corresponding updates for PostgreSQL-9.5 in Ubuntu 16.04 LTS. Original advisory details: Noah Misch discovered that PostgreSQL incorrectly handled certain SQL objects. An attacker could...

GHSA-2X36-QHX3-7M5F ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select

The implementation of the ORDER BY SQL statement in ZendDbSelect of Zend Framework 1 contains a potential SQL injection when the query string passed contains parentheses. For instance, the following code is affected by this issue: $db = ZendDb::factory / options here / ; $select = $db-select...

CVE-2024-28934

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability...

org.apache.camel.kafkaconnector:camel-aws-redshift-sink-kafka-connector (>=1.0.0 <=3.21.0), org.apache.camel.kafkaconnector:camel-aws-redshift-source-kafka-connector (>=1.0.0 <=3.21.0) +29 more potentially affected by CVE-2024-22369 via org.apache.camel:camel-sql (>=3.0.0 <=3.21.3)

org.apache.camel:camel-sql MAVEN version =3.0.0, =1.0.0, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =3.18.1, =3.18.1, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =3.21.0...

org.apache.camel.kafkaconnector:camel-aws-redshift-sink-kafka-connector (>=4.0.0 <=4.0.3), org.apache.camel.kafkaconnector:camel-aws-redshift-source-kafka-connector (>=4.0.0 <=4.0.3) +17 more potentially affected by CVE-2024-22369 via org.apache.camel:camel-sql (>=4.0.0 <=4.0.3)

org.apache.camel:camel-sql MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =3.2.0, =3.4.0 - org.apache.camel.quar...

org.apache.camel.quarkus:camel-quarkus-integration-test-jta (>=3.5.0 <=3.35.0), org.apache.camel.quarkus:camel-quarkus-integration-test-langchain4j-tools (=3.35.0) +8 more potentially affected by CVE-2024-22369 via org.apache.camel:camel-sql (>=4.1.0 <=4.3.0)

org.apache.camel:camel-sql MAVEN version =4.1.0, =3.5.0, =3.5.0, =3.5.0, =3.5.0, =3.5.0, =4.1.0, =9.1.0, =9.1.0, =9.1.0, =10.0.0 Source cves: CVE-2024-22369 Source advisory: OSV:GHSA-36XR-4X2F-CFJ9...

Microsoft WDAC OLE DB provider for SQL Security Vulnerability

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft WDAC OLE DB provider for SQL. An attacker could exploit the vulnerability to remotely execute code. The following product...

SUSE CVE-2021-35645

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2023-41891

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...

Design/Logic Flaw

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...

CVE-2023-41891 FlyteAdmin SQL Injection in List Filters

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...