Default credentials

Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL...

CVE-2023-47800

Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL...

CVE-2023-47800

CVE-2023-47800 affects Natus NeuroWorks and SleepWorks prior to version 8.4 GMA3. The root cause is a default password (xltek) on the Microsoft SQL Server service account sa, enabling a threat actor to perform remote code execution, data exfiltration, or data/tampering and disruption of MSSQL ser...

Veeam ONE 11.x < 11.0.0.1379 / 11.0.1.x < 11.0.1.1880 / 12.x < 12.0.1.2591 Multiple Vulnerabiltiies (KB4508)

The version of Veeam ONE installed on the remote Windows host is affected by multiple vulnerabilities, as disclosed in the vendor's advisory with KB ID 4508, including the following: - A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection...

PT-2023-30615 · Natus +1 · Natus Neuroworks +2

Name of the Vulnerable Software and Affected Versions: Natus NeuroWorks and SleepWorks versions prior to 8.4 GMA3 Description: The issue arises from the use of a default password xltek for the Microsoft SQL Server service sa account in Natus NeuroWorks and SleepWorks. This allows a threat actor t...

CVE-2023-38547

A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database...

Design/Logic Flaw

A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database...

CVE-2023-38547

The CVE-2023-38547 issue affects Veeam ONE (versions 11, 11a, 12), where an unauthenticated user can access information about the SQL Server connection to the Veeam ONE configuration database, potentially enabling remote code execution on the SQL server. Mitigation is via the vendor hotfix descri...

CVE-2023-38547

A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database...

CVE-2023-38547

A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database...

Critical Flaws Discovered in Veeam ONE IT Monitoring Software – Patch Now

Veeam has released security updates to address four flaws in its ONE IT monitoring and analytics platform, two of which are rated critical in severity. The list of vulnerabilities is as follows - CVE-2023-38547 CVSS score: 9.9 - An unspecified flaw that can be leveraged by an unauthenticated user...

Provisioning 2203 : Citrix PVS breaks with Microsoft OLEDB driver v19

When upgrading PVS 2203 servers to mitigate a Microsoft OLEDB driver vulnerability CVE-2023-36728, a customer incorrectly removed Microsoft OLE DB Driver 18 and installed Microsoft OLE DB Driver 19. PVS Server 2203 cannot use Microsoft OLE DB Driver 19 to communicate with the SQL server...

SUSE CVE-2020-2921

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Serve...

Security Updates for Microsoft SQL Server ODBC Driver (October 2023)

The Microsoft SQL Server ODBC Driver installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities. - An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2023-36417, CVE-2023-36420,...

Important: Red Hat Security Advisory: galera and mariadb security update

An update for galera and mariadb is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Security Updates for Microsoft SQL Server (October 2023)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A Denial of Service vulnerability. An attacker could impact availability of the service resulting in Denial of Service DoS CVE-2023-36728 Note that...

Security Updates for Microsoft SQL Server OLE DB Driver (October 2023)

The Microsoft SQL Server OLE DB Driver installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities. - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

Security Updates for Microsoft SQL Server (October 2023) (Remote)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A Denial of Service vulnerability. An attacker could impact availability of the service resulting in Denial of Service DoS CVE-2023-36728 Note that...

CVE-2023-36728

Microsoft SQL Server Denial of Service Vulnerability...

CVE-2023-36785

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability...