CVE-2023-22071

CVE-2023-22071 affects Oracle Database Server, specifically the PL/SQL component. Affected versions are 19.3–19.20 and 21.3–21.11. The vulnerability allows a high-privileged attacker with Create Session and Execute on sys.utl_http and network access via Oracle Net to compromise PL/SQL. Exploitati...

CVE-2023-22073

CVE-2023-22073 affects Oracle Database Server’s Oracle Notification Server component. Affected versions are 19.3–19.20 and 21.3–21.11. The vulnerability allows an unauthenticated attacker with access to the physical network segment to compromise Oracle Notification Server and read a subset of dat...

CVE-2023-22072

CVE-2023-22072 affects Oracle WebLogic Server (Core) in Oracle Fusion Middleware, specifically 12.2.1.3.0. The vulnerability allows unauthenticated remote takeover via network access over T3, IIOP and other protocols, with a CVSS v3.1 score of 9.8 (Confidentiality, Integrity, Availability). Explo...

CVE-2023-22068

CVE-2023-22068 affects Oracle MySQL Server (InnoDB). Affected: MySQL 8.0.34 and earlier, and 8.1.0. An attacker with network access via multiple protocols and high privileges can cause the server to hang or crash (DoS). No explicit exploitation details are provided beyond this claim. Remediation:...

CVE-2023-22065

CVE-2023-22065 affects Oracle MySQL Server (Server: Optimizer) with vulnerable versions 8.0.33 and earlier. Exploitation can lead to a hang or frequent crash (DoS) of MySQL Server. Remediation in connected advisories points to upgrading to a fixed release (e.g., MySQL 8.0.34+ or vendor-specific p...

CVE-2023-22064

CVE-2023-22064 affects Oracle MySQL Server (Server: Optimizer) with affected versions 8.0.34 and earlier. The vulnerability allows a high-privilege attacker with network access via multiple protocols to cause a hang or repeatable crash (a complete DoS) of MySQL Server; CVSS v3.1 base score 4.9 (A...

CVE-2023-22028

CVE-2023-22028 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 5.7.x up to 5.7.43 and 8.0.x up to 8.0.31. Exploitation can lead to a high-privilege attacker over network causing a hang or frequent crash (DoS) of MySQL Server. Connected sources indicate Oracle CPU advisory and ven...

CVE-2023-22032

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2023-22026

CVE-2023-22026 affects Oracle MySQL Server (component: Server: Optimizer). Affected versions are 5.7.42 and prior and 8.0.31 and prior. Attackers with network access via multiple protocols can exploit this to cause a hang or repeatedly crash the MySQL Server (availability impact). CVSS v3.1 base ...

CVE-2023-22015

CVE-2023-22015 pertains to Oracle MySQL Server, specifically the Server: Optimizer component. Affected versions are MySQL 5.7.42 and prior and 8.0.31 and prior . The vulnerability enables a high-privilege attacker with network access via multiple protocols to cause a denial of service (hang or cr...

Schneider Electric EcoStruxure Power Monitoring Expert and Power Operation Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : EcoStruxure Power Monitoring Expert, EcoStruxure Power Operation with Advanced Reports, EcoStruxure Power SCADA Operation with Advanced Reports Vulnerability :...

Rockwell Automation FactoryTalk Linx

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk Linx Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to information...

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 37 new security patches, plus additional third party patches noted below, for Oracle MySQL. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...

CVE-2023-42752 Kernel: integer overflow in igmpv3_newpack leading to exploitable memory access

An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating skbsharedinfo in the userspace, which is exploitable in systems without SMAP protection since skbsharedinfo contains references to function pointers...

Weintek cMT3000 HMI Web CGI

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Weintek Equipment : cMT3000 CMI Web CGI Vulnerabilities : Stack-based Buffer Overflow, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

Authentication flaw

A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the...

HTTP/2 Stream Cancellation Attack

HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RSTSTREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The clie...

Siemens SCALANCE W1750D

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Rocky Linux 8 : firefox (RLSA-2023:4952)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4952 advisory. - A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing...

firefox: use-after-free in workers

The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash...