142 matches found
CVE-2023-22074
Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Select Any Dictionary privilege with network access via...
Buffer overflow
Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Select Any Dictionary privilege with network access via...
Buffer overflow
Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Create Any View, Select Any Table privilege with network...
CVE-2023-22075
CVE-2023-22075 affects Oracle Database Server, specifically the Database Sharding component. Affected versions are 19.3–19.20 and 21.3–21.11. The issue arises from insufficient input validation in Oracle Database Sharding, enabling a high-privilege user with network access via Oracle Net to cause...
CVE-2023-22074
CVE-2023-22074 affects Oracle Database Server, specifically the Database Sharding component. Affected versions are 19.3–19.20 and 21.3–21.11. The root issue allows a highly privileged attacker (needs Create Session and Select Any Dictionary) with network access via Oracle Net, plus user interacti...
PT-2023-6197 · Oracle · Oracle Database Server
Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19.3 through 19.20 Oracle Database Server versions 21.3 through 21.11 Description: The issue is related to insufficient input validation in the Database Sharding component of Oracle Database Server. This can be...
Oracle Database Server Security Vulnerability
Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing, and other functions. A security vulnerability in the Oracle Database Sharding component of Oracle Database...
Oracle Database Server Security Vulnerability
Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing, and other functions. A security vulnerability in the Oracle Database Sharding component of Oracle Database...
PT-2023-6199 · Oracle · Oracle Database Server +2
Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19.3 through 19.20 Oracle Database Server versions 21.3 through 21.11 Description: The issue is related to insufficient input validation in the Oracle Database Sharding component. It allows a high-privileged...
CVE-2023-29195
Vitess VTAdmin shard creation bug: before 16.0.2, VTAdmin could produce a shard name containing a "/" that caused subsequent shard creation attempts to fail and keyspace views to break. The issue is fixed in version 16.0.2 (go module v0.16.2). Workarounds include: use vtctldclient to create shard...
CVE-2023-29195 Vitess VTAdmin users that can create shards can deny access to other functions
Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing / characters from VTAdmin such that from that point on, anyone who tries to create a new shard fr...
com.typesafe.akka:akka-stream-kafka-cluster-sharding_3 (=4.0.1), com.typesafe.akka:akka-stream-kafka-testkit_3 (=4.0.1) potentially affected by CVE-2023-29471 via com.typesafe.akka:akka-stream-kafka_3 (=4.0.1)
com.typesafe.akka:akka-stream-kafka3 MAVEN version =4.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on com.typesafe.akka:akka-stream-kafka3 and may be impacted: - com.typesafe.akka:akka-stream-kafka-cluster-sharding3 =4.0.1 -...
CVE-2023-28980
A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service DoS. In a rib sharding scenario the rpd process will crash shortly after specific CLI command is...
CVE-2023-28980 Junos OS and Junos OS Evolved: In a BGP rib sharding scenario an rpd crash will happen shortly after a specific CLI command is issued
A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service DoS. In a rib sharding scenario the rpd process will crash shortly after specific CLI command is...
PT-2023-22062 · Juniper Networks · Junos Evolved +1
Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions 20.2R3-S5 through 20.2R3-S6 Juniper Networks Junos OS versions 20.3R3-S2 through 20.3R3-S5 Juniper Networks Junos OS versions 20.4R3-S1 through 20.4R3-S4 Juniper Networks Junos OS versions 21.1R3 through...
CVE-2023-28982 Junos OS and Junos OS Evolved: In a BGP rib sharding scenario when a route is frequently updated an rpd memory leak will occur
A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service DoS. In a BGP rib sharding scenario, when an attribute of an active BG...
CVE-2023-28980 Junos OS and Junos OS Evolved: In a BGP rib sharding scenario an rpd crash will happen shortly after a specific CLI command is issued
A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service DoS. In a rib sharding scenario the rpd process will crash shortly after specific CLI command is...
K11100332: Multiple Oracle Database Server vulnerabilities
Security Advisory Description CVE-2016-3479 Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors. CVE-2016-3484 Unspecified vulnerability in the Database Vault component i...
Authorization
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions starting with 2.5.0-rc1 and above, prior to 2.5.8, and version 2.6.0-rc4, are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the configured allowed...
CVE-2023-22736 argo-cd Controller reconciles apps outside configured namespaces when sharding is enabled
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions starting with 2.5.0-rc1 and above, prior to 2.5.8, and version 2.6.0-rc4, are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the configured allowed...