PLEASE_READ_ME Ransomware Attacks 85K MySQL Servers

Researchers are warning on an active ransomware campaign that’s targeting MySQL database servers. The ransomware, called PLEASEREADME, has thus far breached at least 85,000 servers worldwide – and has posted at least 250,000 stolen databases on a website for sale. MySQL is an open-source relation...

MongoDB 3.6 < 3.6.15, 4.0 < 4.0.13, 4.2 < 4.2.1 DoS Vulnerability - Windows

MongoDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb"; if...

GHSA-74HV-QJJQ-H7G5 datasette-graphql leaks details of the schema of private database files

Impact When running against a Datasette instance with private databases, datasette-graphql would expose the schema of those database tables - but not the table contents. Patches Patched in version 1.2. Workarounds This issue is only present if a Datasette instance that includes private databases...

datasette-graphql leaks details of the schema of private database files

Impact When running against a Datasette instance with private databases, datasette-graphql would expose the schema of those database tables - but not the table contents. Patches Patched in version 1.2. Workarounds This issue is only present if a Datasette instance that includes private databases...

CVE-2020-24441

Adobe Acrobat Reader for Android version 20.6.2 and earlier does not properly restrict access to directories created by the application. This could result in disclosure of sensitive information stored in databases used by the application. Exploitation requires a victim to download and run a...

Design/Logic Flaw

Adobe Acrobat Reader for Android version 20.6.2 and earlier does not properly restrict access to directories created by the application. This could result in disclosure of sensitive information stored in databases used by the application. Exploitation requires a victim to download and run a...

[SECURITY] Fedora 31 Update: mariadb-connector-c-3.1.11-1.fc31

The MariaDB Native Client library C driver is used to connect applications developed in C/C++ to MariaDB and MySQL databases...

[SECURITY] Fedora 31 Update: galera-25.3.31-1.fc31

Galera is a fast synchronous multi-master wsrep provider replication engin e for transactional databases and similar applications. For more information about wsrep API see http://launchpad.net/wsrep. For a description of Galera replication engine see http://www.codership.com...

Fedora: Security Advisory for galera (FEDORA-2020-ac2d47d89a)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Malicious Package

Overview The package discord.dll contained malicious code. The package ran a postinstall script that exfiltrated local files such as browser local databases. The information was exfiltrated to a remote Discord webhook. Recommendation Remove the package from your system and rotate any credentials...

[SECURITY] Fedora 32 Update: mariadb-connector-c-3.1.11-1.fc32

The MariaDB Native Client library C driver is used to connect applications developed in C/C++ to MariaDB and MySQL databases...

[SECURITY] Fedora 32 Update: galera-26.4.6-1.fc32

Galera is a fast synchronous multi-master wsrep provider replication engin e for transactional databases and similar applications. For more information about wsrep API see http://launchpad.net/wsrep. For a description of Galera replication engine see http://www.codership.com...

[SECURITY] Fedora 33 Update: mariadb-connector-c-3.1.11-1.fc33

The MariaDB Native Client library C driver is used to connect applications developed in C/C++ to MariaDB and MySQL databases...

[SECURITY] Fedora 33 Update: galera-26.4.6-1.fc33

Galera is a fast synchronous multi-master wsrep provider replication engin e for transactional databases and similar applications. For more information about wsrep API see http://launchpad.net/wsrep. For a description of Galera replication engine see http://www.codership.com...

Fedora: Security Advisory for galera (FEDORA-2020-b995eb2973)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Moderate: libldb security, bug fix, and enhancement update

The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. The following packages have been upgraded to a later upstream version: libldb 2.1.3. BZ1817567 Security Fixes: samba: NULL pointer de-reference and...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various attacks. The target product/service or framework varies depending on the specific environment...

Cyber Insecurity: Securing the Vote in the 2020 Election

Ahead of the 2020 U.S. presidential election, there are a number of cybersecurity threats looming. In an unprecedented year, we have already begun to see foreign interference,1 government agencies hit with ransomware attacks2, the National Guard deployed by state and local governments to assist...

SQL Injection Vulnerability in ZZCMS2020 Backend (CNVD-2020-59401)

ZZCMS is a content management system. A SQL injection vulnerability exists in the backend of ZZCMS2020, which can be exploited by attackers to obtain sensitive information from the database...

Imperva 收购 jSonar： 新一代数据安全

我很高兴地宣布，Imperva 已达成收购 jSonar 的协议！我们认为，jSonar 令人难以置信的产品和技术与我们保护数据和所有通往数据的路径的使命完美契合。合并之后，我们将能够提供一种全新的数据安全方法，帮助企业满足当前和未来的需求。 Imperva，数据安全的先驱 Imperva 成立于 18 年前，其理念是通过融合应用程序和数据安全来保护组织的数字资产和信息。2020 年，全球最大的公司告诉我们一个道理，所有的安全性（包括网络和应用程序）最终目的都是为了保护数据。从长远来看，网络的存在是为了把人们带到应用程序中，而应用程序则负责读写数据。Imperva...