CVE-2023-41262

An issue was discovered in /fcgi/scrutfcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application...

Sql injection

An issue was discovered in /fcgi/scrutfcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application...

CVE-2023-41262

An issue was discovered in /fcgi/scrutfcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application...

ALSA-2023:5684 Important: galera and mariadb security update

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: galera 26.4.14, mariadb 10.5.22. Security Fixes: mariadb: node crashes with Transport endpoint is not connected mysqld got signa...

ALSA-2023:5683 Important: mariadb:10.5 security update

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: galera 26.4.14, mariadb 10.5.22. Security Fixes: mariadb: node crashes with Transport endpoint is not connected mysqld got signa...

Important: mariadb:10.5 security update

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: galera 26.4.14, mariadb 10.5.22. Security Fixes: mariadb: node crashes with Transport endpoint is not connected mysqld got signa...

CVE-2023-36728

Microsoft SQL Server Denial of Service Vulnerability...

PT-2023-6338 · Microsoft · Sql Server

Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server affected versions not specified Description: The issue is related to insufficient input validation in Microsoft SQL Server, which can be exploited to cause a denial of service. This allows an attacker to affect the system...

Microsoft ODBC Driver Security Vulnerability

Microsoft ODBC Driver is a driver from Microsoft. It allows applications to access data in a database management system DBMS using SQL as the standard for accessing data. A security vulnerability exists in Microsoft ODBC Driver. An attacker could exploit the vulnerability to remotely execute code...

ALSA-2023:5259 Moderate: mariadb:10.3 security, bug fix, and enhancement update

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb 10.3. BZ2223572, BZ2223574, BZ2223962, BZ2223965 Security Fixes: mariadb: segmentation fault via the component subselect...

Security Bulletin: Multiple security vulnerabilities Affect IBM Db2 Database Server shipped with IBM OpenPages

Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

CVE-2023-1995

Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 09-66-17, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before...

CVE-2023-36882

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

Vulnerability of the Server component: The Replication function of the MySQL database management system, which allows a hacker to cause a service failure.

The vulnerability of the Server: Replication component of the MySQL database management system is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

...

Unspecified Vulnerability in Oracle Database Server (CNVD-2023-71319)

Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing and other functions. A security vulnerability exists in the Unified Audit component of Oracle Database Serve...

The vulnerability of the Java VM component of the Oracle Database Server management system allows a hacker to gain access to read, modify, add, or delete data.

The vulnerability of the Java VM component of the Oracle Database Server management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain read, modify, add, or delete access to data...

The vulnerability of the Advanced Networking Option component of the Oracle Database Server system allows a attacker to gain read, modify, add, or delete access to data.

The vulnerability of the Advanced Networking Option component of the Oracle Database Server management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain read, modify, add, or delete access to data...

Vulnerabilities fixed in Oracle Database Server

Vulnerabilities have been fixed in Oracle Database Server products. A malicious party can exploit the vulnerabilities to perform attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Access to system data Oracle has fixe...

Oracle Database Server (Jul 2023 CPU)

The 19c and 21c versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July CPU advisory. - Vulnerability in the Oracle Text LibExpat component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and...