USN-6060-2: MySQL vulnerabilities

USN-6060-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to...

UBUNTU-CVE-2023-21966

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: JSON. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ...

PT-2023-21058 · Oracle +1 · Mysql Server +1

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.1.0 through 1.5.0 Description: The issue is related to the deserialization of untrusted data in Apache InLong, which could be triggered by authenticated users. This vulnerability affects the MySQLDataNode due to the...

K36942191: Advanced WAF and BIG-IP ASM MySQL database vulnerability CVE-2021-23053

Security Advisory Description When the brute force protection feature of ASM/Adv WAF is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. CVE-2021-23053...

SUSE CVE-2012-0496

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors...

SUSE CVE-2013-1861

MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service crash via a crafted geometry feature that specifies a large number o...

SUSE CVE-2013-3221

The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attack...

SUSE CVE-2016-5443

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection...

SUSE CVE-2017-10268

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructur...

SUSE CVE-2019-2434

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Parser. Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade Detection

Organizations in East Asia are being targeted by a likely Chinese-speaking actor dubbed DragonSpark while employing uncommon tactics to go past security layers. "The attacks are characterized by the use of the little known open source SparkRAT and malware that attempts to evade detection through...

Inout RealEstate 2.1.3 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

PT-2023-18545 · Unknown +1 · Mysql Server +2

Name of the Vulnerable Software and Affected Versions: a12nserver versions prior to 0.23.0 Description: The issue affects users of a12nserver who use MySQL, making them potentially vulnerable to SQL injection bugs. This could allow an attacker to obtain OAuth2 Access Tokens for unrelated users. T...

PT-2022-5283 · Apache +1 · Apache Linkis +1

Name of the Vulnerable Software and Affected Versions: Apache Linkis versions 1.2.0 and earlier Description: A deserialization vulnerability exists in Apache Linkis when used with the MySQL Connector/J, potentially allowing remote code execution if an attacker has write access to a database and...

USN-5696-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.31 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Ubuntu 18.04 LTS has been updated to MySQL 5.7.40. In addition to security fixes, the updated...

mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

jfinal cms SQL注入漏洞

jfinal cms is a java development of powerful information consulting website , using a simple and powerful JFinal as the web framework , the template engine with beetl , database with mysql , front-end bootstrap framework . jfinal cms 5.1.0 version of a security vulnerability , the vulnerability...

CVE-2022-26117

An empty password in configuration file vulnerability CWE-258 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI...

U.S. Dept Of Defense: time based SQL injection at [https://███] [HtUS]

Hello, Summary while doing test on www.█████ I’ve found that the endpoint at /olc/setlogin.php is vulnerable with SQL injection vulnerability Vulnerable parameters - username - password POC - using time based to verify , submit the below request jsx POST /olc/setlogin.php HTTP/1.1 Host: www.█████...

U.S. Dept Of Defense: Wordpress Takeover using setup configuration at http://████.edu [HtUS]

A vulnerability was found in the WordPress 'setup-config.php' installation page, which allowed a malicious user to install WordPress in a remote MySQL database without valid credentials on the target system. This could lead to remote code execution and total system compromise, as well as other...