mysql: Optimizer unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network...

mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker...

Oracle Linux 10 : cockpit: / Unauthenticated / remote / code / execution / due / to / SSH / command-line / argument / injection / (CRITICAL) (ELSA-2026-7383)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-7383 advisory. - correctly apply CVE patches CVE-2026-4631 Wed Mar 25 2026 Jelle van der Waa [email protected] - 344-3 Tenable has extracted the preceding description block...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Optimizer component. An attacker can cause the application to hang or crash by sending specially crafted requests over the network while authenticated with high privileges...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Optimizer component. An attacker can cause the application to hang or crash repeatedly by sending crafted requests over multiple protocols with high privileges. Remediation...

Oracle Linux 10 : gnutls (ELSA-2025-16115)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-16115 advisory. 3.8.9-9.14 - keyupdate: rework the rekeying logic RHEL-107498 - Fix CVE-2025-6395, CVE-2025-32988, CVE-2025-32989, CVE-2025-32990 Tenable has extract...

Oracle Linux 7 : glibc (ELSA-2025-20596)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-20596 advisory. - Back port fix for CVE-2025-4802 Orabug: 38144086 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the InnoDB component. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network with high privileges. Details Denial of Service DoS describes a family of attacks,...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Stored Procedure component. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network with high privileges. Details Denial of Service DoS describes a family o...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the mysqldump component. An attacker can gain unauthorized access to read and modify certain data by leveraging network access and requiring interaction from another user. Remediation A fix was pushed into the...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the InnoDB component. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network with high privileges. Details Denial of Service DoS describes a family of attacks,...

Oracle Linux 9 : edk2 (ELSA-2024-9088)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9088 advisory. - Resolves: RHEL-55336 CVE-2024-6119 edk2/openssl: Possible denial of service in X.509 name checks rhel-9.5 - Resolves: RHEL-21653 CVE-2023-6237 edk2:...

IBM Java 7.0 < 7.0.10.80 / 7.1 < 7.1.4.80 / 8.0 < 8.0.6.25 Multiple Vulnerabilities

The version of IBM Java installed on the remote host is prior to 7.0 7.0.10.80 / 7.1 7.1.4.80 / 8.0 8.0.6.25. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle October 20 2020 CPU advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE...

IBM Java 6.0 < 6.0.16.50 / 6.1 < 6.1.8.50 / 7.0 < 7.0.10.10 / 7.1 < 7.1.4.10 / 8.0 < 8.0.4.10 Multiple Vulnerabilities

The version of IBM Java installed on the remote host is prior to 6.0 6.0.16.50 / 6.1 6.1.8.50 / 7.0 7.0.10.10 / 7.1 7.1.4.10 / 8.0 8.0.4.10. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle July 18 2017 CPU advisory. - Vulnerability in the Java SE, Java SE...

IBM Java 6.0 < 6.0.16.20 / 6.1 < 6.1.8.20 / 7.0 < 7.0.9.30 / 7.1 < 7.1.3.30 / 8.0 < 8.0.2.10 Multiple Vulnerabilities (Jan 19, 2016)

The version of IBM Java installed on the remote host is prior to 6.0 6.0.16.20 / 6.1 6.1.8.20 / 7.0 7.0.9.30 / 7.1 7.1.3.30 / 8.0 8.0.2.10. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle January 19 2016 CPU advisory. - Mozilla Network Security Services NSS befo...

VMware Issues Updated Fix For Critical ESXi Flaw

VMware issued an updated fix for a critical-severity remote code execution flaw in its ESXi hypervisor products. Wednesday’s VMware advisory said updated patch versions were available after it was discovered the previous patch, released Oct. 20, did not completely address the vulnerability. That’...

Solaris xscreensaver Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Solaris xscreensaver log Privilege Escalation', 'Description' = %q This module exploits a vulnerability in xscreensaver versions since 5.06 on...

USN-4070-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.27. In addition to security fixes, the updated packages contain bug fixes, new features,...

Intel ZombieLoad Side-Channel Attack: 10 Takeaways

Intel on Tuesday revealed a new class of speculative execution vulnerabilities, dubbed Microarchitectural Data Sampling MDS, which impact all its modern CPUs. The flaws all ultimately depend on different ways of executing side channel attacks to siphon data from impacted systems – and result in...

USN-3867-1 mysql-5.7 vulnerabilities

Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.25. In addition to security fixes, the updated packages contain bug fixes, new features,...