dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS)

A vulnerability was found in the .NET Framework. This vulnerability exists in the Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider where an attackercan perform an AiTM adversary-in-the-middle attack between the SQL client and the SQL server. This may allow the attacker to stea...

Nagios XI < 5.11.3 Multiple Vulnerabilities

According to the self-reported version of Nagios XI, the remote host is affected by multiple vulnerabilities, including the following: - A SQL injection vulnerability in the bulk modification tool allowing an unauthenticated remote attacker to run arbitrary code in the context of the database...

CVE-2023-41120

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It permits an authenticated user to use DBMSPROFILER to remove all accumulated profiling data on a system-wide basis,...

PT-2023-9650 · Oracle · Oracle Database Server

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19.3 through 19.23 Oracle Database Server versions 21.3 through 21.14 Oracle Database Server version 23.4 Description: The issue is related to the Java VM component of Oracle Database Server, where an incorrect...

PT-2023-9588 · Oracle · Oracle Database Server

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19.3 through 19.24 Oracle Database Server versions 21.3 through 21.15 Oracle Database Server versions 23.4 through 23.5 Description: The issue is related to insufficient protection of internal data due to...

PT-2023-9567 · Oracle · Oracle Database Server

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19.3 through 19.24 Oracle Database Server versions 21.3 through 21.15 Oracle Database Server versions 23.4 through 23.5 Description: The issue is related to improper authorization in the Database Core Component...

PT-2023-9563 · Oracle · Oracle Database Server

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19.3 through 19.24 Oracle Database Server versions 21.3 through 21.15 Oracle Database Server versions 23.4 through 23.5 Description: The issue is related to errors in resource release in the XML Database...

Fedora: Security Advisory for mariadb (FEDORA-2023-7fe02ec473)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: mariadb-10.5.23-1.fc37

MariaDB is a community developed fork from MySQL - a multi-user, multi-thread ed SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs...

[SECURITY] Fedora 39 Update: mariadb-10.5.23-1.fc39

MariaDB is a community developed fork from MySQL - a multi-user, multi-thread ed SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs...

The vulnerability of the Veeam ONE monitoring software lies in its insufficient protection of operational data, allowing a hacker to execute arbitrary code on the SQL server.

The vulnerability of the Veeam ONE monitoring software relates to insufficient protection of operational data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the SQL server remotely...

Important: Red Hat Security Advisory: galera and mariadb security update

An update for galera and mariadb is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2023-47800

Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL...

[SECURITY] Fedora 38 Update: community-mysql-8.0.35-1.fc38

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

Fedora: Security Advisory for community-mysql (FEDORA-2023-9ff7fd16a0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: mariadb:10.5 security update

An update for the mariadb:10.5 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

CVE-2023-38547

A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database...

PT-2023-6894 · Veeam · Veeam One

Name of the Vulnerable Software and Affected Versions: Veeam ONE affected versions not specified Description: A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection used to access its configuration database, potentially leading to remote co...

[SECURITY] [DLA 3644-1] phppgadmin security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3644-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb November 03, 2023 https://wiki.debian.org/LTS -...

SUSE CVE-2021-35575

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...