Oracle REST Data Services 安全漏洞

Oracle REST Data Services is a middleware tool provided by Oracle Corporation in the United States, which exposes features of the Oracle database to applications through RESTful APIs. Versions 24.2.0 to 26.1.0 of Oracle REST Data Services have security vulnerabilities. These vulnerabilities stem...

CVE-2025-36367

IBM i versions 7.2–7.6 are affected by CVE-2025-36367 due to an invalid IBM i SQL services authorization check, allowing a malicious actor to escalate privileges to root on the host OS. Affected products/versions: IBM i 7.6, 7.5, 7.4, 7.3, 7.2. Underlying cause: missing authorization check in IBM...

CVE-2025-36367 IBM i is affected by a privilege escalation in IBM i SQL services

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. A malicious actor can use the elevated privileges of another user profile to gain root access to the host operating system...

CVE-2024-50590

Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is writable for all users. ...

Linux Distros Unpatched Vulnerability : CVE-2015-3156

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The writeconfig function in trove/guestagent/datastore/experimental/mongodb/service.py, resetconfiguration function in...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to SQL Injection Rule in database services CVE-2024-35148

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to SQL Injection Rule in database services CVE-2024-35148. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-35148 DESCRIPTION: IBM Maximo Application Suite - Monit...

Akamai Managed Database Services: Powered by Aiven

Akamai has partnered with Aiven, a leading global managed database provider, to offer customers a streamlined way to offload the complexities of database setup, configuration, patching, backups, and scaling...

CVE-2024-50590

Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is writable for all users. ...

CVE-2024-50590 Local Privilege Escalation via Weak Service Binary Permissions

Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is writable for all users. ...

CVE-2024-50590 Local Privilege Escalation via Weak Service Binary Permissions

Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is writable for all users. ...

Code Injection

nifi-hikari-dbcp-service and nifi-dbcp-base is vulnerable to Code Injection. The vulnerability exists due to improper URL validation for the database services, if an attacker has access to the database URL, an attacker can inject and execute malicious code by configuring an H2 driver...

CVE-2023-34468 Apache NiFi: Potential Code Injection with Database Services using H2

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC...

CVE-2023-34468 Apache NiFi: Potential Code Injection with Database Services using H2

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC...

GodPotato - Local Privilege Escalation Tool From A Windows Service Accounts To NT AUTHORITY\SYSTEM

Based on the history of Potato privilege escalation for 6 years, from the beginning of RottenPotato to the end of JuicyPotatoNG, I discovered a new technology by researching DCOM, which enables privilege escalation in Windows 2012 - Windows 2022, now as long as you have "ImpersonatePrivilege"...

Center for Internet Security (CIS) unveils Azure Foundations Benchmark v2.0.0

The Center for Internet Security CIS recently unveiled the latest version of their Azure Foundations Benchmark—Version 2.0.0. This is the first major release since the benchmark was originally released more than 4 years ago, which could lead you to believe that this update would come with a bunch...

Imperva Cloud Data Security adds Azure SQL support to build on extensive DBaaS coverage

It’s kind of mind boggling to see just how fast the market is adopting cloud managed database services also referred to as DBaaS. According to market research firm Imarc Group, In 2020, the overall market size was $12.8 billion, and within five years it’s expected to reach over $31 billion. That’...

Top Four Reasons for Data Loss from Databases (and what to do about it)

The need for data loss prevention DLP is well understood by IT security practitioners. As organizations embrace cloud-based managed database services such as Amazon RDS and Amazon Redshift, these risks don’t go away, and in many ways become more serious. Although AWS takes the security of their...