CVE-2020-14765

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

CloudMe 1.11.2 Buffer Overflow

Exploit Title: CloudMe 1.11.2 - Turing Complete Add-Admin ROP DEP,ASLR Exploit Author: Bobby Cooke boku CVE: CVE-2018-6892 Date: September 29th, 2020 Vendor Homepage: https://www.cloudme.com/ Software Link: https://www.cloudme.com/downloads/CloudMe1112.exe Version: 1.11.2 Tested On: Windows 10 x6...

[SECURITY] Fedora 33 Update: mysql-connector-java-8.0.21-1.fc33

MySQL Connector/J is a native Java driver that converts JDBC Java Database Connectivity calls into the network protocol used by the MySQL database. It lets developers working with the Java programming language easily build programs and applets that interact with MySQL and connect all corporate...

CVE-2020-6318

A Remote Code Execution vulnerability exists in the SAP NetWeaver ABAP Server, up to release 7.40 and ABAP Platform release 7.40.Because of this, an attacker can exploit these products via Code Injection, and potentially enabling to take complete control of the products, including viewing,...

Remote code execution

A Remote Code Execution vulnerability exists in the SAP NetWeaver ABAP Server, up to release 7.40 and ABAP Platform release 7.40.Because of this, an attacker can exploit these products via Code Injection, and potentially enabling to take complete control of the products, including viewing,...

CVE-2020-24034

Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sessid, nonce, and ha1 values inside of the serialized session cookie, an attacker may...

Default credentials

An issue was discovered on Nescomed Multipara Monitor M1000 devices. The physical UART debug port provides a shell, without requiring a password, with complete access...

CVE-2020-15483

An issue was discovered on Nescomed Multipara Monitor M1000 devices. The physical UART debug port provides a shell, without requiring a password, with complete access...

CVE-2020-14620

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

CVE-2020-14614

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2020-14334

A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance...

Design/Logic Flaw

A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance...

CVE-2020-14334

A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance...

CVE-2020-14619

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Parser. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks...

CVE-2020-14614

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2020-14614

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

ZSQL: Content of DV_HBA Database

This script writes the complete database of DVHBA to KB. Note: this script only stores information for other Policy Controls. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2020-2774

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2020-2790

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Pluggable Auth. Supported versions that are affected are 5.7.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

Directory traversal

An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value in the POST method from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the...