Code injection

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Enterprise Infrastructure SEC. Supported versions that are affected are Prior to 9.2.8.0. Easily exploitable vulnerability allows high privileged attacker with network access via JDENET to compromise JD...

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: RAPID. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2024-20982

CVE-2024-20982 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 8.0.35 and prior, 8.2.0 and prior. The vulnerability is exploitable by a high-privilege attacker over the network via multiple protocols and can, per the entry, cause a hang or a frequently repeated crash (complete Do...

CVE-2024-20978

CVE-2024-20978 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL Server versions 8.0.35 and earlier, and 8.2.0 and earlier. Condition: remote, authenticated attacker with network access via multiple protocols can exploit a vulnerability in the Server: Optimizer to cause a hang or f...

CVE-2024-20970

CVE-2024-20970 affects the MySQL Server product (component: Server: Optimizer). Affected versions are 8.0.35 and earlier and 8.2.0 and earlier. The vulnerability can be exploited by an attacker with network access via multiple protocols and requires high privileges; successful attacks can cause t...

CVE-2024-20972

CVE-2024-20972 affects Oracle MySQL Server, specifically the Server: Optimizer component. Affected versions are 8.0.35 and prior and 8.2.0 and prior . The vulnerability is described as easily exploitable with a high-privilege attacker over network protocols, potentially causing a hang or frequent...

CVE-2024-20966

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

CVE-2024-20960

CVE-2024-20960 affects Oracle MySQL Server, component Server: RAPID. Affected versions are 8.0.35 and earlier, and 8.2.0 and earlier. An attacker with network access and low privileges, able to reach via multiple protocols, can cause the MySQL Server to hang or crash (complete DoS). CVSS 3.1 base...

CVE-2024-20962

CVE-2024-20962 affects Oracle MySQL Server (component: Server: Optimizer). Affected versions are 8.0.35 and earlier, and 8.2.0 and earlier. The vulnerability is exploitable over the network with low privileges via multiple protocols and can cause a hang or frequent crash (DoS) of MySQL Server. Th...

CVE-2024-20927

CVE-2024-20927 affects Oracle WebLogic Server (Core) in Oracle Fusion Middleware. Affected versions are 12.2.1.4.0 and 14.1.1.0.0. The issue allows an unauthenticated attacker with network access via HTTP to compromise WebLogic Server, potentially leading to unauthorized creation, deletion or mod...

Metabase 0.46.6 Remote Code Execution

Exploit Title: metabase 0.46.6 - Pre-Auth Remote Code Execution Google Dork: N/A Date: 13-10-2023 Exploit Author: Musyoka Ian Vendor Homepage: https://www.metabase.com/ Software Link: https://www.metabase.com/ Version: metabase 0.46.6 Tested on: Ubuntu 22.04, metabase 0.46.6 CVE : CVE-2023-38646...

Updated dracut package fixes enabling microcode

The updated package fixes enabling early microcode on kernels 6.6+. On affected systems, CPU microcode updates were not loaded. CPU microcode updates are sometimes necessary in order to address important security vulnerabilities. If CPU microcode updates are not properly loaded, these security...

K000138460: Multiple MySQL vulnerabilities

Security Advisory Description CVE-2024-20960 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: RAPID. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via...

CVE-2024-21485

Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before 2.0.16 are vulnerable t...

Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending

Description The plugin does not have authorisation and CSRF checks in its testerror AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF PoC As a subscriber, open...

RHEL 7 : firefox (RHSA-2024:0600)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0600 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

RHEL 7 : thunderbird (RHSA-2024:0601)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0601 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.7.0. Security Fixes: Mozilla:...

Oracle Business Intelligence Enterprise Edition (January 2024 CPU)

The version of Oracle Business Intelligence Enterprise Edition 12.2.1.4 installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory, including the following: - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of...

CVE-2023-40547

A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete...

SystemK NVR 504/508/516

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : SystemK Equipment : NVR 504/508/516 Vulnerability : Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...