K000139617: MySQL vulnerabilities CVE-2024-21049, CVE-2024-21060, CVE-2024-21061, and CVE-2024-21069
Security Advisory Description CVE-2024-21049 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols...
5.7AI Score
0.0004EPSS
7.8CVSS
7.2AI Score
EPSS
K000139594: libxml2 vulnerability CVE-2022-40304
Security Advisory Description An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. (CVE-2022-40304). Impact This vulnerability allows a...
7.8CVSS
7.6AI Score
0.001EPSS
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2024:1637-1 advisory. sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser...
7.5CVSS
7.8AI Score
0.001EPSS
K000139616: MySQL vulnerability CVE-2024-21051
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...
5.7AI Score
0.0004EPSS
K000139615: Node.js vulnerability CVE-2024-27982
Security Advisory Description The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly,...
5.8AI Score
0.0004EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1643-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1643-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two...
7.8CVSS
7.2AI Score
EPSS
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager...
6.5CVSS
6.8AI Score
0.0004EPSS
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager...
6.5CVSS
6.7AI Score
0.0004EPSS
SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on...
4.3CVSS
4.7AI Score
0.0004EPSS
SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on...
4.3CVSS
6.6AI Score
0.0004EPSS
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in create_all_header_nodes() function from lib/api_automation.php , finally.....
6.5CVSS
8AI Score
0.0004EPSS
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in create_all_header_nodes() function from lib/api_automation.php , finally.....
6.5CVSS
8.3AI Score
0.0004EPSS
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in create_all_header_nodes() function from lib/api_automation.php , finally.....
6.5CVSS
9AI Score
0.0004EPSS
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in create_all_header_nodes() function from lib/api_automation.php , finally.....
6.5CVSS
7.6AI Score
0.0004EPSS
An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access to the circuit board could use the SWD debug features to control the execution of code on the processor and debug the firmware, as well as read or alter the content of the internal and external flash...
6.8AI Score
EPSS
An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access to the circuit board could use the SWD debug features to control the execution of code on the processor and debug the firmware, as well as read or alter the content of the internal and external flash...
6.6AI Score
EPSS
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager...
6.5CVSS
6.6AI Score
0.0004EPSS
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager...
6.5CVSS
7AI Score
0.0004EPSS
Description of the security update for SharePoint Enterprise Server 2016: May 14, 2024 (KB5002598)
Description of the security update for SharePoint Enterprise Server 2016: May 14, 2024 (KB5002598) Summary This security update resolves a Microsoft SharePoint Server information disclosure vulnerability and Microsoft SharePoint Server remote code execution vulnerability. To learn more about the...
7.2CVSS
7.7AI Score
0.001EPSS
May 14, 2024—KB5037771 (OS Builds 22621.3593 and 22631.3593)
May 14, 2024—KB5037771 (OS Builds 22621.3593 and 22631.3593) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 23H2, see its update history page. Note Follow...
8.8CVSS
7.7AI Score
0.008EPSS
SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on...
4.3CVSS
6.7AI Score
0.0004EPSS
SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on...
4.3CVSS
5AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
K000139608: MySQL Server vulnerability CVE-2024-21087
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access....
5.7AI Score
0.0004EPSS
K000139606: MySQL Server vulnerabiliity CVE-2024-21047
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to....
5.7AI Score
0.0004EPSS
K000139607: MySQL Server vulnerabilities CVE-2024-21013 and CVE-2024-21062
Security Advisory Description CVE-2024-21013 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network...
5.6AI Score
0.0004EPSS
Rocky Linux 9 : libvirt (RLSA-2024:2560)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2560 advisory. An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the...
6.2CVSS
6.9AI Score
0.001EPSS
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in create_all_header_nodes() function from lib/api_automation.php , finally.....
6.5CVSS
7.2AI Score
0.0004EPSS
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.5.7)
The version of AOS installed on the remote host is prior to 6.5.5.7. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.5.7 advisory. There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and...
8.8CVSS
7.3AI Score
0.002EPSS
Ongoing Malvertising Campaign leads to Ransomware
Executive Summary Rapid7 has observed an ongoing campaign to distribute trojanized installers for WinSCP and PuTTY via malicious ads on commonly used search engines, where clicking on the ad leads to typo squatted domains. In at least one observed case, the infection has led to the attempted...
7.5AI Score
Summary Golang Go and Golang packages are used by IBM Storage Fusion and thus IBM Storage Fusion may be vulnerable to the vulnerabilities listed below. CVE-2022-29526, CVE-2022-21698, CVE-2021-41190, CVE-2018-20699, CVE-2024-24786, CVE-2023-39325, CVE-2023-48795. Vulnerability Details ** CVEID:...
7.5CVSS
8.2AI Score
0.963EPSS
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in create_all_header_nodes() function from lib/api_automation.php , finally.....
6.5CVSS
8.4AI Score
0.0004EPSS
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in create_all_header_nodes() function from lib/api_automation.php , finally.....
6.5CVSS
7.9AI Score
0.0004EPSS
The 2024 Browser Security Report Uncovers How Every Web Session Could be a Security Minefield
With the browser becoming the most prevalent workspace in the enterprise, it is also turning into a popular attack vector for cyber attackers. From account takeovers to malicious extensions to phishing attacks, the browser is a means for stealing sensitive data and accessing organizational...
7.2AI Score
Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various Industries
Cybersecurity researchers have disclosed multiple security flaws in Cinterion cellular modems that could be potentially exploited by threat actors to access sensitive information and achieve code execution. "These vulnerabilities include critical flaws that permit remote code execution and...
9.8CVSS
9.3AI Score
0.002EPSS
"HTTP protocol is not supported, please use HTTPS." Error When Adding Object Storage
Veeam Backup & Replication does not support connection to S3 compatible object storage over HTTP. Make sure that your S3 compatible object storage supports HTTPS protocol and has the necessary certificate...
7AI Score
K000139592: libxml2 vulnerability CVE-2023-29469
Security Advisory Description An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs...
6.5CVSS
6.7AI Score
0.001EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.331.7.el7] - Revert 'tracing/trigger: Fix to return error if failed to alloc snapshot' (Siddh Raman Pant) - Revert 'selftests: mm: fix map_hugetlb failure on 64K page size systems' (Harshit Mogalapalli) [Orabug: 36584568] - Revert 'net/mlx5: Enable SW-defined RoCEv2 UDP source port'...
8.3AI Score
EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2136.331.7] - Revert 'tracing/trigger: Fix to return error if failed to alloc snapshot' (Siddh Raman Pant) - Revert 'selftests: mm: fix map_hugetlb failure on 64K page size systems' (Harshit Mogalapalli) [Orabug: 36584568] - Revert 'net/mlx5: Enable SW-defined RoCEv2 UDP source port'...
8.3AI Score
EPSS
Unbreakable Enterprise kernel security update
[4.14.35-2047.536.5] - mmc: core: Fix switch on gp3 partition (Dominique Martinet) - Revert 'Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d'' (Song Liu) - mm/memory-failure: fix an incorrect use of tail pages (Liu Shixin) - Revert 'x86/mm/ident_map: Use gbpages only where full GB page...
7.8CVSS
7.6AI Score
0.002EPSS
Openmediavault Remote Code Execution / Local Privilege Escalation Exploit
Openmediavault versions prior to 7.0.32 have a vulnerability that occurs when users in the web-admin group enter commands on the crontab by selecting the root shell. As a result of exploiting the vulnerability, authenticated web-admin users can run commands with root privileges and receive reverse....
7.4AI Score
Security Advisory Description CVE-2024-20994 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with...
5.7AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
Background Kubelet is a Kubernetes Node Agent. Description A vulnerability has been discovered in Kubelet. Please review the CVE identifier referenced below for details. Impact A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes...
8.8CVSS
7.5AI Score
0.001EPSS
GLSA-202405-31 : Kubelet: Privilege Escalation
The remote host is affected by the vulnerability described in GLSA-202405-31 (Kubelet: Privilege Escalation) A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes....
8.8CVSS
8.8AI Score
0.001EPSS
Summary IBM Storage Fusion HCI uses Golang packages that may cause Fusion to be vulnerable to denial of service, authentication bypass, and incorrect privilege assignment. CVE-2018-20699, CVE-2023-48795, CVE-2022-21698, CVE-2021-41190, CVE-2023-39325, CVE-2022-29526, CVE-2023-45288. Vulnerability.....
7.5CVSS
10AI Score
0.963EPSS
Security Bulletin: IBM Storage Fusion is vulnerable to directory traversal due to beego.
Summary Beego is used by IBM Storage Fusion as part of the User Interface. See Vulnerability Details below. CVE-2022-31836, CVE-2022-31259. Vulnerability Details ** CVEID: CVE-2022-31836 DESCRIPTION: **Beego could allow a remote attacker to traverse directories on the system, caused by a flaw in...
9.8CVSS
9.7AI Score
0.002EPSS
Security Bulletin: IBM Storage Fusion HCI is vulnerable to directory traversal due to Beego.
Summary Beego is used by IBM Storage Fusion HCI as part of the user interface. See Vulnerability Details below. CVE-2022-31836, CVE-2022-31259. Vulnerability Details ** CVEID: CVE-2022-31836 DESCRIPTION: **Beego could allow a remote attacker to traverse directories on the system, caused by a flaw.....
9.8CVSS
9.7AI Score
0.002EPSS