3413 matches found
PT-2021-4099 · Unknown +1 · Cyrus Imap +1
Name of the Vulnerable Software and Affected Versions: Cyrus IMAP versions 3.2.7 and earlier, 3.3.x, and 3.4.x before 3.4.1 Description: The issue allows remote authenticated users to bypass intended access restrictions on server annotations, which can cause replication to stall. This is related ...
cyrus-imapd -- Remote authenticated users could bypass intended access restrictions on certain server annotations.
Cyrus IMAP 3.4.1 Release Notes states: Fixed CVE-2021-32056: Remote authenticated users could bypass intended access restrictions on certain server annotations. Additionally, a long-standing bug in replication did not allow server annotations to be replicated. Combining these two bugs, a remote...
GitHub Missing Audit Logging
Original blog post here: https://wwws.nightwatchcybersecurity.com/2021/04/25/supply-chain-attacks-via-github-com-releases/ SUMMARY Release functionality on GitHub.com allows modification of assets within a release by any project collaborator. This can occur after the release is published, and...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 1.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).
...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
...
CVE-2021-2232
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to...
Code injection
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...
UBUNTU-CVE-2021-2171
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...
UBUNTU-CVE-2021-2178
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...
Code injection
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...
UBUNTU-CVE-2021-2232
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to...
UBUNTU-CVE-2021-2202
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...
Design/Logic Flaw
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to...
UBUNTU-CVE-2021-2179
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...
CVE-2021-2202
CVE-2021-2202 affects Oracle MySQL Server (Server: Replication). Affected: MySQL 5.7.32 and earlier; 8.0.22 and earlier. Exploitation by a low-privileged, network-authenticated attacker via multiple protocols can cause a hang or repeated crash (DoS) of MySQL Server (CVSS v3.1 base 6.5, Availabili...
CVE-2021-2171
CVE-2021-2171 affects Oracle MySQL Server (Server: Replication). Affected versions: MySQL 5.7.33 and earlier and 8.0.23 and earlier. The flaw allows a high-privilege attacker with network access via multiple protocols to cause the MySQL Server to hang or crash (DoS). The connected advisories indi...
CVE-2021-2232
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to...
Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2021-30925)
Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in the Server: Group Replication Plugin component in Oracle MySQL Server 8.0.23 and earlier. An attacker can exploit this vulnerability to cause the MySQL server to hang or crash frequently and...
Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2021-30927)
Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in the Server: Group Replication Plugin component in Oracle MySQL Server 8.0.23 and earlier. An attacker can exploit this vulnerability to cause the MySQL server to hang or crash frequently and...