9454 matches found
CVE-2021-2016
CVE-2021-2016 affects Oracle MySQL Server, specifically the Server: Optimizer. Affects MySQL 8.0.19 and earlier. An attacker with network access via multiple protocols and high privileges can trigger a hang or frequently repeatable crash (complete DoS) of MySQL Server. Root cause: vulnerability i...
CVE-2021-2009
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Roles. Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...
CVE-2021-2016
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
CVE-2021-2001
CVE-2021-2001 affects Oracle MySQL Server (Server: Optimizer). Affected are MySQL versions 5.6.50 and earlier, 5.7.30 and earlier, and 8.0.17 and earlier. An attacker with network access via multiple protocols and high privileges can trigger a denial of service (hang or crash) of MySQL Server. Co...
CVE-2021-2003
Vulnerability in the Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Analytics Web Dashboards. Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with...
CVE-2021-2001
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.6.50 and prior, 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...
CVE-2021-2001
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.6.50 and prior, 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...
CVE-2021-1998
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
CVE-2021-1998
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
CVE-2021-1995
CVE-2021-1995 affects Oracle WebLogic Server (Oracle Fusion Middleware) - Web Services component. Connected sources confirm affected versions: 10.3.6.0.0 and 12.1.3.0.0. The vulnerability allows a low-privileged, network-accessible attacker (via HTTP) to compromise WebLogic Server, potentially en...
CVE-2021-1998
CVE-2021-1998 affects Oracle MySQL Server, specifically the Server: Optimizer component. Affected versions are 8.0.20 and earlier. The vulnerability enables a high-privilege attacker with network access via multiple protocols to compromise MySQL Server, potentially allowing unauthorized update/in...
CVE-2020-14756
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Core Components. Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP,...
Kartpay: Disclosure of Merchant_id into the source code without entered OTP code leads to Victims MID takeover.
The System Encryption for the merchant registration was revealing the details which can be further exploitable for the Registration of the merchant. After sharing the details by the @bugera it was fixed by the team...
Oracle Enterprise Manager Ops Center (Jan 2021 CPU)
The 12.4.0.0 versions of Enterprise Manager Ops Center installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2021 CPU advisory. - Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager component: Control Proxy Apache HT...
Backdoor.Win32.Ncx.bt Remote Stack Buffer Overflow
Discovery / credits: malvuln - Malvuln.com c 2021 Original source: https://malvuln.com/advisory/ad5c01b3e6d0254adfe0898c6d16f927.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Ncx.bt Vulnerability: Remote Stack Buffer Overflow Description: The malware listens o...
CVE-2020-16119
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccpshctxccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and...
Nextcloud: Nextcloud Desktop Client RCE via malicious URI schemes
Nextcloud Desktop utilizes QT's QDesktopServices::openUrl to open URLs. This function invokes the OS'/Desktop environment's default application to handling the URI scheme and file extension. During the Nextcloud Add Account flow, the server's login website is opened within a native window/WebView...
CVE-2020-26974
When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 84, Thunderbird 78.6, and Firefox ESR...
Heap overflow
When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 84, Thunderbird 78.6, and Firefox ESR...
CVE-2020-26972
CVE-2020-26972 describes a use-after-free in Firefox’s WebGL component caused by a missing check for dead IPC actors, allowing potentially exploitable crashes. Affected product: Firefox (before version 84). Root cause: lifecycle mismanagement of IPC Actors in WebGL; use-after-free when managed ac...