hhyo
Products
1- 12 CVEs
Recent CVEs
12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-30605 | 0.00 | — | 0.01 | Apr 18, 2023 | Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the `variable_name` and `variable_value` parameter value in the… | |||
| CVE-2023-30558 | 0.00 | — | 0.01 | Apr 18, 2023 | Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the `db_name` in the `sql/data_dictionary.py` `table_list` endpoint is passed to… | |||
| CVE-2023-30557 | 0.00 | — | 0.01 | Apr 18, 2023 | Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `data_dictionary.py` `table_info`. User input… | |||
| CVE-2023-30556 | 0.00 | — | 0.01 | Apr 18, 2023 | Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `optimize_sqltuningadvisor` method of… | |||
| CVE-2023-30555 | 0.00 | — | 0.01 | Apr 18, 2023 | Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases.Affected versions are subject to SQL injection in the `explain` method in `sql_optimize.py`. User input… | |||
| CVE-2023-30554 | 0.00 | — | 0.01 | Apr 18, 2023 | Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `sql_api/api_workflow.py` endpoint `ExecuteCheck`… | |||
| CVE-2023-30553 | 0.00 | — | 0.01 | Apr 18, 2023 | Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to multiple SQL injections in the `sql_api/api_workflow.py` endpoint… | |||
| CVE-2023-30552 | 0.00 | — | 0.01 | Apr 18, 2023 | Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `sql/instance.py` endpoint's `describe` method.… | |||
| CVE-2022-38542 | 0.00 | — | 0.00 | Sep 13, 2022 | Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface. The project has released an update, please upgrade to v1.9.0 and above. | |||
| CVE-2022-38539 | 0.00 | — | 0.00 | Sep 13, 2022 | Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply. | |||
| CVE-2022-38541 | 0.00 | — | 0.00 | Sep 13, 2022 | Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_time parameters in the my2sql interface. | |||
| CVE-2022-38540 | 0.00 | — | 0.00 | Sep 13, 2022 | Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface. |
- CVE-2023-30605Apr 18, 2023risk 0.00cvss —epss 0.01
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the `variable_name` and `variable_value` parameter value in the…
- CVE-2023-30558Apr 18, 2023risk 0.00cvss —epss 0.01
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the `db_name` in the `sql/data_dictionary.py` `table_list` endpoint is passed to…
- CVE-2023-30557Apr 18, 2023risk 0.00cvss —epss 0.01
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `data_dictionary.py` `table_info`. User input…
- CVE-2023-30556Apr 18, 2023risk 0.00cvss —epss 0.01
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `optimize_sqltuningadvisor` method of…
- CVE-2023-30555Apr 18, 2023risk 0.00cvss —epss 0.01
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases.Affected versions are subject to SQL injection in the `explain` method in `sql_optimize.py`. User input…
- CVE-2023-30554Apr 18, 2023risk 0.00cvss —epss 0.01
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `sql_api/api_workflow.py` endpoint `ExecuteCheck`…
- CVE-2023-30553Apr 18, 2023risk 0.00cvss —epss 0.01
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to multiple SQL injections in the `sql_api/api_workflow.py` endpoint…
- CVE-2023-30552Apr 18, 2023risk 0.00cvss —epss 0.01
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `sql/instance.py` endpoint's `describe` method.…
- CVE-2022-38542Sep 13, 2022risk 0.00cvss —epss 0.00
Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface. The project has released an update, please upgrade to v1.9.0 and above.
- CVE-2022-38539Sep 13, 2022risk 0.00cvss —epss 0.00
Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply.
- CVE-2022-38541Sep 13, 2022risk 0.00cvss —epss 0.00
Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_time parameters in the my2sql interface.
- CVE-2022-38540Sep 13, 2022risk 0.00cvss —epss 0.00
Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface.