CVE-2023-22032

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2023-22026

CVE-2023-22026 affects Oracle MySQL Server (component: Server: Optimizer). Affected versions are 5.7.42 and prior and 8.0.31 and prior. Attackers with network access via multiple protocols can exploit this to cause a hang or repeatedly crash the MySQL Server (availability impact). CVSS v3.1 base ...

CVE-2023-22015

CVE-2023-22015 pertains to Oracle MySQL Server, specifically the Server: Optimizer component. Affected versions are MySQL 5.7.42 and prior and 8.0.31 and prior . The vulnerability enables a high-privilege attacker with network access via multiple protocols to cause a denial of service (hang or cr...

Rockwell Automation FactoryTalk Linx

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk Linx Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to information...

Schneider Electric EcoStruxure Power Monitoring Expert and Power Operation Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : EcoStruxure Power Monitoring Expert, EcoStruxure Power Operation with Advanced Reports, EcoStruxure Power SCADA Operation with Advanced Reports Vulnerability :...

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 37 new security patches, plus additional third party patches noted below, for Oracle MySQL. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...

CVE-2023-42752 Kernel: integer overflow in igmpv3_newpack leading to exploitable memory access

An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating skbsharedinfo in the userspace, which is exploitable in systems without SMAP protection since skbsharedinfo contains references to function pointers...

Weintek cMT3000 HMI Web CGI

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Weintek Equipment : cMT3000 CMI Web CGI Vulnerabilities : Stack-based Buffer Overflow, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

Authentication flaw

A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the...

HTTP/2 Stream Cancellation Attack

HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RSTSTREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The clie...

Siemens SCALANCE W1750D

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Rocky Linux 8 : firefox (RLSA-2023:4952)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4952 advisory. - A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing...

Mozilla: Use-after-free in Ion Compiler

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NULL bytes and cause a potentially exploitable crash...

firefox: use-after-free in workers

The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash...

Mozilla: Use-after-free in Ion Compiler

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NULL bytes and cause a potentially exploitable crash...

firefox: use-after-free in workers

The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash...

Hitachi Energy AFS65x,AFF66x, AFS67x, and AFR67x Series Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Hitachi Energy Equipment : AFS65x, AFF66x, AFS67x, AFR67x Series Vulnerabilities : Incorrect Calculation, Integer Overflow or Wraparound, Improper Encoding or Escaping of Output, Exposure of...

Rocky Linux 9 : thunderbird (RLSA-2023:5435)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5435 advisory. - During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerabilit...

Rocky Linux 8 : thunderbird (RLSA-2023:5428)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5428 advisory. - During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerabilit...

firefox: use-after-free in workers

The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash...