July 6, 2021—KB5004955 (Monthly Rollup) Out-of-band

July 6, 2021—KB5004955 Monthly Rollup Out-of-band Important: Windows Server 2008 Service Pack 2 SP2 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional, non-security releases known as "C" releases for this operating...

July 6, 2021—KB5004951 (Security-only update) Out-of-band

July 6, 2021—KB5004951 Security-only update Out-of-band Important: Windows 7 and Windows Server 2008 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases known as "C" releases for this operati...

Sql injection

In Progress MOVEit Transfer before 2019.0.6 11.0.6, 2019.1.x before 2019.1.5 11.1.5, 2019.2.x before 2019.2.2 11.2.2, 2020.x before 2020.0.5 12.0.5, 2020.1.x before 2020.1.4 12.1.4, and 2021.x before 2021.0.1 13.0.1, a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in th...

June 8, 2021—KB5003661 (Monthly Rollup)

June 8, 2021—KB5003661 Monthly Rollup Important: Windows Server 2008 Service Pack 2 SP2 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional, non-security releases known as "C" releases for this operating system. Operati...

June 8, 2021—KB5003695 (Security-only update)

June 8, 2021—KB5003695 Security-only update Important: Windows Server 2008 Service Pack 2 SP2 has reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases known as "C" releases for this operating system...

Vulnerability of the Server component: The stored procedures of the Oracle MySQL Server database management system, which allow attackers to cause service interruptions.

The vulnerability of the Oracle MySQL Server database management system’s stored procedures is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions using the MySQL network protocol...

Security Bulletin: PostgreSQL vulnerabilities in IBM Robotic Process Automation with Automation Anywhere - CVE-2020-1720

Summary IBM Robotic Process Automation with Automation Anywhere is vulnerable to attacks involving PostgreSQL. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM Robotic Process...

Sql injection

In Progress MOVEit Transfer before 2021.0 13.0, a SQL injection vulnerability has been found in the MOVEit Transfer web app that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used MySQL, Microsoft SQL Server...

CVE-2021-31827

In Progress MOVEit Transfer before 2021.0 13.0, a SQL injection vulnerability has been found in the MOVEit Transfer web app that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used MySQL, Microsoft SQL Server...

Vulnerability of the Server component: The Optimizer component of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the Oracle MySQL Server component of the database management system’s optimizer is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions using the MySQL network protocol...

Security Bulletin: Search path vulnerability in PostgreSQL Server bundled in IBM Robotic Process Automation with Automation Anywhere (CVE-2020-14349, CVE-2020-14350)

Summary The version of PostgreSQL server bundled with IBM Robotic Process Automation with Automation Anywhere did not properly sanitize the searchpath during logical replication. An authenticated attacker could use this flaw to execute arbitrary SQL command in the context of the user used for...

SQL Server LIMIT / OFFSET SQL Injection in laravel/framework and illuminate/database

Impact Those using SQL Server with Laravel and allowing user input to be passed directly to the limit and offset functions are vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability. Patches This problem has been patched on Laravel...

GHSA-4MG9-VHXQ-VM7J SQL Server LIMIT / OFFSET SQL Injection in laravel/framework and illuminate/database

Impact Those using SQL Server with Laravel and allowing user input to be passed directly to the limit and offset functions are vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability. Patches This problem has been patched on Laravel...

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

Security Bulletin: Infosphere BigInsights is affected by a vulnerability in DB2 (CVE-2015-1947).

Summary Infosphere BigInsights is affected by a local escalation of privilege vulnerability in DB2 CVE-2015-1947. The vulnerability exists in the Big SQL server component included in BigInsights. Vulnerability Details CVEID: CVE-2015-1947 DESCRIPTION: IBM DB2 is vulnerable to a privilege escalati...

Tennessee Valley Authority: SQL Injection on https://soa-accp.glbx.tva.gov/ via "/api/" path - VI-21-015

Summary: i've found this subdomain soa-accp.glbx.tva.gov also is vulnerable to SQLI through /api/ path Steps To Reproduce: https://soa-accp.glbx.tva.gov/api/river/observed-data/GVDA1'+%2f!50000union%2f+SELECT+HOSTNAME--+- hostname dumped...

Description of the security update for Power BI Report Server (October 2020): March 9, 2021 (KB5001285)

Description of the security update for Power BI Report Server October 2020: March 9, 2021 KB5001285 Summary A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services if it incorrectly handles page requests. An attacker who successfully exploits this vulnerability cou...

Description of the security update for Power BI Report Server (May 2020): March 9, 2021 (KB5001284)

Description of the security update for Power BI Report Server May 2020: March 9, 2021 KB5001284 Summary A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services if it incorrectly handles page requests. An attacker who successfully exploits this vulnerability could...

KLA12113 OSI vulnerability in Microsoft SQL Server

An information disclosure vulnerability was found in Microsoft SQL Serverl. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2021-26859 Related products Microsoft-Power-BI CVE list CVE-2021-26859 critical KB list 5001285 5001284 Solution...

Vulnerability fixed in Microsoft SQL Server

A vulnerability has been fixed in the Microsoft SQL product group. Server. The vulnerability is in the Power BI application. The vulnerability enables an authenticated remote malicious person to able to obtain sensitive information. Power BI:...