CVE-2024-21061

A flaw was found in the MySQL Server product of Oracle MySQL component: Server: Audit Plug-in. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorize...

How to Change Initial Management Port for Veeam Plug-ins for Enterprise Applications

Purpose This article documents how to change the default port used by the Plugin Manager 6791 for Veeam Plug-ins for Enterprise Applications: Veeam Plug-in for SAP HANA Veeam Plug-in for Oracle RMAN Veeam Plug-in for SAP on Oracle Veeam Plug-in for Microsoft SQL Server Veeam Plug-in for IBM Db2...

CVE-2024-21061

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Audit Plug-in. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQ...

UBUNTU-CVE-2024-21061

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Audit Plug-in. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQ...

WordPress WP-FormAssembly plugin <= 2.0.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin WP-FormAssembly versions = 2.0.10...

CVE-2024-26715

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix NULL pointer dereference in dwc3gadgetsuspend In current scenario if Plug-out and Plug-In performed continuously there could be a chance while checking for dwc-gadgetdriver in dwc3gadgetsuspend, a NULL...

DEBIAN-CVE-2024-26715

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix NULL pointer dereference in dwc3gadgetsuspend In current scenario if Plug-out and Plug-In performed continuously there could be a chance while checking for dwc-gadgetdriver in dwc3gadgetsuspend, a NULL...

CVE-2024-26715 usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix NULL pointer dereference in dwc3gadgetsuspend In current scenario if Plug-out and Plug-In performed continuously there could be a chance while checking for dwc-gadgetdriver in dwc3gadgetsuspend, a NULL...

CVE-2024-26715 usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix NULL pointer dereference in dwc3gadgetsuspend In current scenario if Plug-out and Plug-In performed continuously there could be a chance while checking for dwc-gadgetdriver in dwc3gadgetsuspend, a NULL...

CVE-2024-26715

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix NULL pointer dereference in dwc3gadgetsuspend In current scenario if Plug-out and Plug-In performed continuously there could be a chance while checking for dwc-gadgetdriver in dwc3gadgetsuspend, a NULL...

[SECURITY] Fedora 38 Update: ofono-1.34-4.fc38

oFono.org is a place to bring developers together around designing an infrastructure for building mobile telephony GSM/UMTS applications. oFono includes a high-level D-Bus API for use by telephony applications. oFono also includes a low-level plug-in API for integrating with telephony stacks,...

[SECURITY] Fedora 39 Update: ofono-1.34-5.fc39

oFono.org is a place to bring developers together around designing an infrastructure for building mobile telephony GSM/UMTS applications. oFono includes a high-level D-Bus API for use by telephony applications. oFono also includes a low-level plug-in API for integrating with telephony stacks,...

[SECURITY] Fedora 40 Update: ofono-2.5-1.fc40

oFono.org is a place to bring developers together around designing an infrastructure for building mobile telephony GSM/UMTS applications. oFono includes a high-level D-Bus API for use by telephony applications. oFono also includes a low-level plug-in API for integrating with telephony stacks,...

CVE-2024-22127

SAP NetWeaver Administrator AS Java Administrator Log Viewer plug-in - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on...

mysql: Server: Audit Plug-in unspecified vulnerability (CPU Apr 2024)

A flaw was found in the MySQL Server product of Oracle MySQL component: Server: Audit Plug-in. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorize...

[SECURITY] Fedora 38 Update: bind-dyndb-ldap-11.10-23.fc38

This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...

How to Collect Logs for Veeam Plug-in for IBM Db2

Purpose This article documents how to collect the diagnostic information needed for a support case involving the Veeam Plug-in for IBM Db2. Solution 1. Collect diagnostic information as documented in the five sections below. 2. Combine the data into a single .zip file. 3. Attach the zip file to t...

The vulnerability of the VMware Enhanced Authentication Plug-in’s authentication module, related to deficiencies in the authentication process, allows attackers to escalate their privileges.

The vulnerability of the VMware Enhanced Authentication Plug-in EAP is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to enhance their privileges by intercepting Active Directory tickets...

CVE-2024-22250

CVE-2024-22250 affects the VMware Enhanced Authentication Plug‑in (EAP). The connected sources describe two related issues: (1) CVE-2024-22250 enables a local attacker with unprivileged access to hijack a privileged EAP session during Windows logon, via the EAP flow used in vCenter web console; a...

CVE-2024-22250 Session Hijack Vulnerability in Deprecated EAP Browser Plugin

Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system...