CVE-2024-20970

CVE-2024-20970 affects the MySQL Server product (component: Server: Optimizer). Affected versions are 8.0.35 and earlier and 8.2.0 and earlier. The vulnerability can be exploited by an attacker with network access via multiple protocols and requires high privileges; successful attacks can cause t...

CVE-2024-20972

CVE-2024-20972 affects Oracle MySQL Server, specifically the Server: Optimizer component. Affected versions are 8.0.35 and prior and 8.2.0 and prior . The vulnerability is described as easily exploitable with a high-privilege attacker over network protocols, potentially causing a hang or frequent...

CVE-2024-20966

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

CVE-2024-20960

CVE-2024-20960 affects Oracle MySQL Server, component Server: RAPID. Affected versions are 8.0.35 and earlier, and 8.2.0 and earlier. An attacker with network access and low privileges, able to reach via multiple protocols, can cause the MySQL Server to hang or crash (complete DoS). CVSS 3.1 base...

CVE-2024-20962

CVE-2024-20962 affects Oracle MySQL Server (component: Server: Optimizer). Affected versions are 8.0.35 and earlier, and 8.2.0 and earlier. The vulnerability is exploitable over the network with low privileges via multiple protocols and can cause a hang or frequent crash (DoS) of MySQL Server. Th...

CVE-2024-20927

CVE-2024-20927 affects Oracle WebLogic Server (Core) in Oracle Fusion Middleware. Affected versions are 12.2.1.4.0 and 14.1.1.0.0. The issue allows an unauthenticated attacker with network access via HTTP to compromise WebLogic Server, potentially leading to unauthorized creation, deletion or mod...

CVE-2024-20953

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: Export. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this...

Metabase 0.46.6 - Pre-Auth Remote Code Execution Exploit

Exploit Title: metabase 0.46.6 - Pre-Auth Remote Code Execution Exploit Author: Musyoka Ian Vendor Homepage: https://www.metabase.com/ Software Link: https://www.metabase.com/ Version: metabase 0.46.6 Tested on: Ubuntu 22.04, metabase 0.46.6 CVE : CVE-2023-38646 !/usr/bin/env python3 import socke...

Metabase 0.46.6 Remote Code Execution

Exploit Title: metabase 0.46.6 - Pre-Auth Remote Code Execution Google Dork: N/A Date: 13-10-2023 Exploit Author: Musyoka Ian Vendor Homepage: https://www.metabase.com/ Software Link: https://www.metabase.com/ Version: metabase 0.46.6 Tested on: Ubuntu 22.04, metabase 0.46.6 CVE : CVE-2023-38646...

CentOS 8 : firefox (CESA-2024:0608)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2024:0608 advisory. - An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affec...

Siemens SCALANCE W1750D

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Rocky Linux 8 : thunderbird (RLSA-2024:0609)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:0609 advisory. - An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affect...

CVE-2024-1432

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22 and classified as problematic. This issue affects the function applyxseg of the file main.py. The manipulation leads to deserialization. The attack may be initiated remotely. The complexity of ...

CentOS 8 : firefox (CESA-2023:1787)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:1787 advisory. - Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affec...

GHSA-2VQ2-XC55-3J5M vulnerabilities

Vulnerabilities for packages: expat...

HID Global Encoders

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION : Exploitable locally Vendor : HID Global Equipment : iCLASS SE, OMNIKEY Vulnerability : Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read data from reader configuration...

Updated dracut package fixes enabling microcode

The updated package fixes enabling early microcode on kernels 6.6+. On affected systems, CPU microcode updates were not loaded. CPU microcode updates are sometimes necessary in order to address important security vulnerabilities. If CPU microcode updates are not properly loaded, these security...

Denial Of Service

firefox is vulnerable to Denial Of Service. The vulnerability is due to JIT compiled code dereferencing a wild pointer value, potentially leading to an exploitable crash...

Stack Buffer Overflow

Firefox is vulnerable to Stack Buffer Overflow. The vulnerability is caused due to via the OscillatorNode object.An attacker can cause a potentially exploitable crash by exploiting this vulnerability...

K000138460: Multiple MySQL vulnerabilities

Security Advisory Description CVE-2024-20960 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: RAPID. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via...