CVE-2024-20977

CVE-2024-20977 affects MySQL Server (Oracle MySQL), specifically the Server: Optimizer (and related Server components) with vulnerable versions 8.0.35 and earlier and 8.2.0 and earlier. The issue is exploitable over the network by a low-privileged attacker via multiple protocols, potentially caus...

CVE-2024-20979

Oracle BI Publisher (Oracle Analytics) contains CVE-2024-20979 affecting Web Server component. Affected versions: 6.4.0.0.0, 7.0.0.0.0, and 12.2.1.4.0. The vulnerability is exploitable over HTTP with network access by a low-privileged user and user interaction is required. Impact includes potenti...

CVE-2024-20975

CVE-2024-20975 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL Server versions 8.2.0 and earlier. Exploitation by a low-privileged attacker with network access via multiple protocols can cause a hang or repeated crash (DoS). CVSS 3.1 base score 6.5, Availability impact. The conne...

CVE-2024-20971

CVE-2024-20971 affects Oracle MySQL Server (component: Server: Optimizer) and related Server areas. Affected: MySQL 8.0.35 and earlier and 8.2.0 and earlier. Impact: high-level attacker with network access via multiple protocols can cause a hang or repeated crashes (complete DOS) of MySQL Server....

CVE-2024-20971

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

CVE-2024-20963

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromis...

CVE-2024-20965

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

CVE-2024-20957

Concrete details exist: CVE-2024-20957 affects JD Edwards EnterpriseOne Tools (Package Build SEC) in versions prior to 9.2.8.1. Root cause: insufficient input validation in Package Build SEC. Vector: high-privilege attacker over JDENET with network access; impact: partial DoS of JD Edwards Enterp...

CVE-2024-20961

CVE-2024-20961 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 8.0.35 and prior, 8.2.0 and prior. Vulnerability allows a low-privilege attacker with network access via multiple protocols to cause the server to hang or crash (DoS). CVSS 3.1 base score 6.5 (Availability: High impac...

CVE-2024-20932

CVE-2024-20932 affects Oracle Java SE and GraalVM offerings (Java SE 17.0.9; GraalVM for JDK 17.0.9; GraalVM Enterprise 21.3.8, 22.3.4) in the Security component. The vulnerability allows unauthenticated, network-exposed attackers to modify or view data in affected deployments, with CVSS 3.1 metr...

CVE-2024-20912

Oracle Audit Vault and Database Firewall (Firewall component) versions 20.1–20.9 are affected. Root cause: insufficient input validation in the Firewall, enabling a high-privilege attacker with network access via Oracle Net to read/modify/delete data. Impact matches unauthorized updates/inserts/d...

Sql injection

The WP Fastest Cache WordPress plugin before 0.9.5 does not escape user input in the seturlswithterms method before using it in a SQL statement, leading to an SQL injection exploitable by low privilege users such as subscriber...

Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits - Act Now

Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service DoS condition and remote code execution RCE. "The two issues are fundamentally the same but exploitable at differen...

EulerOS Virtualization 2.10.1 : glibc (EulerOS-SA-2023-3499)

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in glibc. In an uncommon situation, the gaihinet function may use memory that has been freed, resulting in an...

CVE-2024-20721 T5 Acrobat JS vulnerability - Exploitable crash via t5::javascript::get_page_num_words

Acrobat Reader T5 MSFT Edge versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue...

Sql injection

A vulnerability was found in code-projects Fighting Cock Information System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/editchicken.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...

Directory traversal

An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/ URI from views.py, allows attackers to write to arbitrary files...

PT-2024-15609 · Unknown · Kashipara Billing

Name of the Vulnerable Software and Affected Versions: Kashipara Billing Software version 1.0 Description: A critical issue was found in the HTTP POST Request Handler component, specifically in the file buyer detail submit.php. The manipulation of the gstn no argument leads to sql injection. This...

PT-2024-15596 · Taokeyun · Taokeyun

Name of the Vulnerable Software and Affected Versions: Taokeyun versions up to 1.0.5 Description: A critical issue has been found, affecting the function login of the file application/index/controller/m/User.php in the HTTP POST Request Handler component. The manipulation of the username argument...

PT-2024-15616 · Sourcecodester · Sourcecodester Best House Rental Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester House Rental Management System version 1.0 Description: A problematic issue has been found in the processing of the file index.php, where the manipulation of the page argument leads to cross site scripting. The attack can be...