CVE-2022-35299 SAP SQL Anywhere and IQ can be vulnerable to memory corruption attacks because of logical errors in memory management.
This can be exploited by injecting malicious SQL statements, which can then be executed by the affected server. The update addresses the issue by changing
CVE-2022-20351 There is a SQL injection vulnerability in queryInternal of CallLogProvider. This could lead to local information disclosure with no additional execution privileges needed.
The following SQL query could be exploited by injecting malicious data to the database. Injecting data to the call_log table:
INSERT INTO `call_log`
CVE-2022-38031 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
While parsing OLE DB data in the process of execution of the malicious code in the SQL Server, the vulnerable version of the provider did
CVE-2022-37987 Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
This issue could be exploited remotely resulting in Denial of Service. This issue affects Windows 7, Windows Vista, Windows 2008, Windows 2003, Windows XP, Windows
CVE-2022-37982 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
This issue is related to the lack of validation of user-supplied input in the Microsoft Software Data Access Components (WDAC) OLE DB provider for SQL
Episode
00:00:00
00:00:00