PT-2019-4924 · Oracle +7 · Mysql Server +6

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.6.44 and prior MySQL Server versions 5.7.26 and prior MySQL Server versions 8.0.16 and prior Description: The issue is related to inadequate access control in the MySQL Server component, specifically in the Security:...

PT-2019-16502 · Oracle +6 · Mysql Server +5

Name of the Vulnerable Software and Affected Versions: Oracle MySQL versions 8.0.16 and prior Description: The issue allows a low-privileged attacker with network access via multiple protocols to compromise the MySQL Server. Successful attacks can result in the unauthorized ability to cause a han...

OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

Amazon Linux 2 : libX11 (ALAS-2019-1226)

An off-by-one error has been discovered in libX11 in functions XGetFontPath, XListExtensions, and XListFonts. An attacker who can either configure a malicious X server or modify the data coming from one could use this flaw to make the program crash or have other unspecified effects, caused by the...

SAP NetWeaver Process Integration Clickjacking Vulnerability

SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between the internal system and the external. A clickjacking vulnerability...

CVE-2019-0305

Java Server Pages JSPs provided by the SAP NetWeaver Process Integration SAPXIESR and SAPXITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability...

HackerOne: Disabled account can still use GraphQL endpoint

Summary Hi team & @jobert, I am not sure if it is by design. After disabling the account, the user will be forced to Enable his account after logging in. However, many of actions are implemented using GraphQL endpoint which bypasses account reactivation process before use. Since re-enabling the...

mysql: MyISAM unspecified vulnerability (CPU Jul 2018)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: MyISAM. Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

mysql: InnoDB unspecified vulnerability (CPU Jul 2018)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

Privilege Escalation

Oracle MySQL is vulnerable to privilege escalation. A privilege attacker could exploit the flawed Options component to partially access and partially modify data...

Denial Of Service (DoS)

MySQL is vulnerable to denial of service DoS attacks. The vulnerability exists due to some unknown processing of the component InnoDB in the MySQL Server component of Oracle MySQL. A high privileged attacker with network access via multiple protocols could gain unauthorized creation, deletion or...

Denial Of Service (DoS)

Oracle MySQL is vulnerable to denial of serviceDoS attacks. A remote authenticated user could exploit a flaw in the InnoDB component which leads to cause a hang or frequently repeatable crash complete DoS on MySQL Server as well as partially modify data...

Improper Access Control

Oracle Java SE is vulnerable to improper access control vulnerability. A remote user could exploit a flaw in the Java SE, Java SE Embedded AWT component to modify data...

Important: java-1.7.0-openjdk

Issue Overview: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network...

OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

Arbitrary Code Execution

Java SE and Java SE Embedded are vulnerable to arbitrary code execution attacks. A remote user can exploit a flaw in the Hotspot component to partially modify data...

Information Disclosure

PostgreSQL is vulnerable to information disclosure vulnerability. The pgusermappings access qualifications are not properly implemented. A remote authenticated user may be able to view foreign server passwords which leads to data modification...

Privilege Escalation

Java SE and Java Embedded are vulnerable to privilege escalation attacks. An unauthenticated attacker can exploit a flaw in the SMTP client implementation in the Networking component in OpenJDK. The attacker could possibly use this flaw to manipulate SMTP connections established by a Java...

Unauthorized Modification

Java SE and Java SE Embedded are vulnerable to unauthorized modification attacks. An unauthenticated attacker can exploit a flaw in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate FTP connections established by a...