State-Backed Hackers Employ Advanced Methods to Target Middle Eastern and African Governments

Governmental entities in the Middle East and Africa have been at the receiving end of sustained cyber-espionage attacks that leverage never-before-seen and rare credential theft and Exchange email exfiltration techniques. "The main goal of the attacks was to obtain highly confidential and sensiti...

State-Backed Hackers Employ Advanced Methods to Target Middle Eastern and African Governments

Governmental entities in the Middle East and Africa have been at the receiving end of sustained cyber-espionage attacks that leverage never-before-seen and rare credential theft and Exchange email exfiltration techniques. "The main goal of the attacks was to obtain highly confidential and sensiti...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE. There is a vulnerability in the MSDIA SDK where corrupted PDBs can cause heap overflow, leading to a crash or remote code execution. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm to version 6.0.18,...

PT-2023-3009 · Unknown · Conprosys Hmi System

Name of the Vulnerable Software and Affected Versions: CONPROSYS HMI System CHS versions prior to 3.5.3 Description: A server-side request forgery issue exists, allowing an attacker with administrative privileges to bypass database restrictions and connect to unintended databases. The vulnerabili...

CVE-2023-26268

Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: validatedocupdate list filter filter views using view functions as filters rewrite update This doesn't affect map/reduce or searc...

CVE-2023-26268

CVE-2023-26268 affects Apache CouchDB. Connected sources confirm that design documents with matching IDs in databases on the same cluster may share a mutable Javascript environment when using design_doc functions (validate_doc_update, list, filter, filter views, rewrite, update). The vulnerabilit...

CVE-2023-26268 Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes

Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: validatedocupdate list filter filter views using view functions as filters rewrite update This doesn't affect map/reduce or searc...

couchdb -- information sharing via couchjs processes

Nick Vatamane reports: Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using various design document functions...

CVE-2023-29257

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011...

UBUNTU-CVE-2021-23186

A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system...

Odoo 安全漏洞

Odoo is an Enterprise Resource Planning ERP and Customer Relationship Management CRM system from Odoo Belgium. The system is developed in Python language with PostgreSQL as the database and includes modules for sales management, inventory management, and financial management. A security...

Oracle MySQL Server 8.x <= 8.0.31 Security Update (cpuapr2023) - Linux

Oracle MySQL Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2023-30558 Multiple SQL injections in sql/data_dictionary.py table_list method in Archery - GHSL-2022-105

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the dbname in the sql/datadictionary.py tablelist endpoint is passed to the methods that follow in...

CVE-2023-30554 SQL injection in sql_api/api_workflow.py endpoint in Archery - GHSL-2022-103

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the sqlapi/apiworkflow.py endpoint ExecuteCheck which passes unfiltered...

CVE-2023-30552

CVE-2023-30552 concerns Archery, an open source SQL audit platform. The provided documents describe multiple SQL injection vulnerabilities in the Archery project, specifically in the sql/instance.py endpoint’s describe method. The root cause is unsafe concatenation of user input (tb_name, db_name...

[SECURITY] Fedora 36 Update: libldb-2.5.3-1.fc36

An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases...

[SECURITY] Fedora 38 Update: libldb-2.7.2-1.fc38

An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases...

[SECURITY] Fedora 37 Update: libldb-2.6.2-1.fc37

An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in SQlite (CVE-2020-35525)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in SQlite caused by a NULL pointer derreference flaw in the INTERSEC query processing. CVE-2020-35525. SQlite is included as part of the Base OS used by our service images. Please read the...

BreachForums Administrator Baphomet Shuts Down Infamous Hacking Forum

In a sudden turn of events, Baphomet, the current administrator of BreachForums, said in an update on March 21, 2023, that the hacking forum has been officially taken down but emphasized that "it's not the end." "You are allowed to hate me, and disagree with my decision but I promise what is to...