AWS re:Invent 2021 Guide: Checklist & Key Sessions

Welcome to your complete guide to AWS re:Invent 2021, where you will find tips on how to get the most out of your conference experience both in Las Vegas and virtually...

FreeBSD : Grafana -- Snapshot authentication bypass (757ee63b-269a-11ec-a616-6c3be5272acd)

Grafana Labs reports : Unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths : - /dashboard/snapshot/:key, or - /api/snapshots/:key If the snapshot 'publicmode' configuration setting is set to true vs default of false,...

MGASA-2021-0488 Updated virtualbox packages fix security vulnerabilities

This update provides the upstream 6.1.28 maintenance release that fixes at least the following security vulnerabilities: Vulnerability in the Oracle VM VirtualBox prior to 6.1.28 contains an easily exploitable vulnerability that allows high privileged attacker with logon to the infrastructure whe...

CVE-2021-2478

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

CVE-2021-35626

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2021-35645

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2021-35620

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to...

CVE-2021-35610

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2021-35577

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via MySQL Protcol to compromise MySQL Server. Successful attacks ...

CVE-2021-35540

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

Oracle MySQL Enterprise Monitor (Oct 2021 CPU)

The 8.0.25 versions of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory. - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL component: Monitoring: General Spring Security. Supported...

Ubuntu 16.04 ESM : MySQL vulnerabilities (USN-5022-3)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5022-3 advisory. USN-5022-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the precedin...

ROS-2-904

2.904 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote attacke...

F5 Bug Could Lead to Complete System Takeover

Application delivery and networking firm F5 released a baker’s dozen of 13 fixes for high-severity bugs, including one that could lead to complete system takeover and hence is boosted to “critical” for customers that run BIG-IP in Appliance Mode, given that an attacker that holds valid credential...

F5 BIG-IP Advanced WAF and ASM TMUI is vulnerable to unspecified vulnerabilities

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. An unspecified vulnerability exists in the F5 BIG-IP Advanced WAF and ASM TMUI, which, when cracked, allows an authenticated...

CVE-2021-2424

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2021-2370

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

CVE-2021-2387

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2021-2444

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

OPENSUSE-SU-2021:2605-1 Security update for mariadb

This update for mariadb fixes the following issues: - Update to 10.2.39 bsc1182739 - CVE-2021-2166: DML unspecified vulnerability lead to complete DOS. bsc1185870 - CVE-2021-2154: DML unspecified vulnerability can lead to complete DOS. bsc1185872 - CVE-2021-27928: Fixed a remote code execution...