56 matches found
Oracle MySQL security vulnerabilities
Oracle MySQL is an open-source relational database management system developed by Oracle Corporation in the United States. The MySQL Server is one of the database server components of Oracle MySQL. Vulnerabilities exist in versions 8.0.0 to 8.0.44, 8.4.0 to 8.4.7, and 9.0.0 to 9.5.0 of the MySQL...
1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers
The server trusts all reverse-proxy headers by default, so any remote client can spoof X-Forwarded-For to bypass IP-based protections AllowIPs, API IP whitelist, “localhost-only” checks. All IP-based access control becomes ineffective...
Vulnerabilities fixed in Cisco IOS and Cisco IOS XE Software
Cisco has fixed vulnerabilities in Cisco IOS and Cisco IOS XE Software. The vulnerabilities include several issues, including a buffer overflow in the command-line interface CLI that can lead to unexpected device restarts and a vulnerability in the TACACS+ protocol implementation that allows...
mysql: InnoDB unspecified vulnerability (CPU Apr 2025)
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
CLSA-2025-1757076749 Fix CVE(s): CVE-2025-54574
SECURITY UPDATE: Disable URN protocol access to prevent potential security vulnerabilities - debian/patches/CVE-2025-54574.patch: Add ACL rules to deny URN protocol access by default - CVE-2025-54574...
CLSA-2025-1757076677 Fix CVE(s): CVE-2025-54574
SECURITY UPDATE: Disable URN protocol access to prevent potential security vulnerabilities - debian/patches/CVE-2025-54574.patch: Add ACL rules to deny URN protocol access by default - CVE-2025-54574...
70mai Dash Cam 1S 安全漏洞
70mai Dash Cam 1S is a car recorder from 70mai 70mai. The 70mai Dash Cam 1S suffers from a security vulnerability that originates from the fact that an attacker can bypass the device authorization mechanism of the official mobile application by connecting directly to the device's network and...
CVE-2024-37359 Hitachi Vantara Pentaho Business Analytics Server – Server Side Request Forgery
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. CWE-918 Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0...
PT-2024-6848 · Microsoft · Windows +1
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Microsoft Simple Certificate Enrollment Protocol affected versions not specified Description: The issue is related to an uncontrolled resource consumption in the implementation of the Simple Certificate...
[SECURITY] Fedora 40 Update: qt6-qtopcua-6.7.1-1.fc40
Qt OPC UA API provides classes and functions to access the OPC UA protocol...
The vulnerabilities of LOV components in terms of technical maintenance, repairs, and major system overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems. These systems are part of the Oracle E-Business Suite, allowing attackers to gain access to read, modify, add, or delete data.
The vulnerability of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or...
Aruba Networks ArubaOS 和 InstantOS 安全漏洞
Aruba Networks ArubaOS and Aruba Networks InstantOS are both products of Aruba Networks, Inc.Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches. Aruba Networks InstantOS is an Arch Linux-based distribution...
Aruba Networks ArubaOS 和 InstantOS 安全漏洞
Aruba Networks ArubaOS and Aruba Networks InstantOS are both products of Aruba Networks, Inc.Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches. Aruba Networks InstantOS is an Arch Linux-based distribution...
Aruba Networks ArubaOS 和 InstantOS 安全漏洞
Aruba Networks ArubaOS and Aruba Networks InstantOS are both products of Aruba Networks, Inc.Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches. Aruba Networks InstantOS is an Arch Linux-based distribution...
DEBIAN-CVE-2024-27016
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate pppoe header Ensure there is sufficient room to access the protocol field of the PPPoe header. Validate it once before the flowtable lookup, then use a helper function to access protocol field...
PT-2024-25291 · Unknown · Radio Frequency Manager
Name of the Vulnerable Software and Affected Versions: Radio Frequency Manager affected versions not specified Description: An unauthenticated Denial-of-Service DoS vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this issue...
OpenJDK: arbitrary Java code execution in Nashorn (8314284)
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or...
Oracle Business Intelligence Enterprise Edition 安全漏洞
Oracle Business Intelligence Enterprise Edition is an intelligent business analytics software from Oracle. Visualize and analyze enterprise data to support decision-making, reduce total cost of ownership, and improve ROI across the organization. A security vulnerability exists in Oracle Business...
mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2021)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
CVE-2022-21537
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...