Lucene search
+L

126 matches found

osv
osv
added 2025/03/17 8:16 p.m.42 views

RLSA-2025:1671 Important: mysql security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: openssl: SSLselectnextproto buffer overread CVE-2024-5535 krb5: GSS message token handling CVE-2024-37371 curl: libcurl: ASN.1 date pars...

7.5CVSS8.5AI score0.17301EPSS
Exploits3References50
opensuse
opensuse
added 2025/03/12 12:0 a.m.4 views

fake-gcs-server-1.52.2-1.1 on GA media (moderate)

fake-gcs-server-1.52.2-1.1 on GA media Announcement ID: openSUSE-SU-2025:14868-1 Rating: moderate Cross-References: CVE-2025-22868 CVSS scores: CVE-2025-22868 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-22868 SUSE : 8.7...

8.7CVSS8.3AI score0.00804EPSS
Exploits0
osv
osv
added 2025/03/11 12:0 a.m.6 views

OPENSUSE-SU-2025:14868-1 fake-gcs-server-1.52.2-1.1 on GA media

These are all security issues fixed in the fake-gcs-server-1.52.2-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS7.7AI score0.00804EPSS
Exploits0References2
osv
osv
added 2025/01/29 12:0 a.m.2 views

OPENSUSE-SU-2025:14709-1 fake-gcs-server-1.52.1-1.1 on GA media

These are all security issues fixed in the fake-gcs-server-1.52.1-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS8AI score0.91969EPSS
Exploits1References1
f5
f5
added 2024/11/11 2:47 p.m.14 views

K000148488: MySQL vulnerabilities CVE-2024-21243 and CVE-2024-21237

Security Advisory Description CVE-2024-21243 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Telemetry. Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access...

2.2CVSS3.9AI score0.00708EPSS
Exploits0
osv
osv
added 2024/10/15 7:52 p.m.19 views

CVE-2024-21237

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication GCS. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple...

2.2CVSS6.7AI score0.00708EPSS
Exploits0References4
redhatcve
redhatcve
added 2024/09/17 10:42 p.m.26 views

CVE-2024-45816

A directory traversal vulnerability was found in the backstage/plugin-techdocs-backend package. When using the AWS S3 or GCS storage provider for TechDocs, it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, a...

6.5CVSS6.7AI score0.00728EPSS
Exploits0References4
osv
osv
added 2024/09/17 9:30 p.m.20 views

GHSA-39V3-F278-VJ3G @backstage/plugin-techdocs-backend storage bucket Directory Traversal vulnerability

Impact When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks in Backstage. Patches This has been fixed in the 1.10.1...

7.7CVSS6.4AI score0.00728EPSS
Exploits0References3
github
github
added 2024/09/17 9:30 p.m.28 views

@backstage/plugin-techdocs-backend storage bucket Directory Traversal vulnerability

Impact When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks in Backstage. Patches This has been fixed in the 1.10.1...

6.5CVSS6.7AI score0.00728EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2024/09/17 9:15 p.m.45 views

CVE-2024-45816

Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks...

6.5CVSS0.00728EPSS
Exploits0References1
cve
cve
added 2024/09/17 8:13 p.m.82 views

CVE-2024-45816

In Backstage, the vulnerability CVE-2024-45816 affects the techdocs-backend plugin when using AWS S3 or GCS storage providers. The root cause is directory traversal through TechDocs storage access, allowing an attacker to read content across the entire storage bucket and bypass Backstage permissi...

6.5CVSS6.4AI score0.00728EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2024/09/17 8:13 p.m.18 views

CVE-2024-45816 Storage bucket Directory Traversal in @backstage/plugin-techdocs-backend

Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks...

6.5CVSS6.8AI score0.00728EPSS
Exploits0References1
cvelist
cvelist
added 2024/09/17 8:13 p.m.45 views

CVE-2024-45816 Storage bucket Directory Traversal in @backstage/plugin-techdocs-backend

Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks...

6.5CVSS0.00728EPSS
Exploits0References1
nessus
nessus
added 2024/04/27 12:0 a.m.19 views

RHEL 6 / 7 : rh-mysql57-mysql (RHSA-2018:3655)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3655 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The...

7.7CVSS6.8AI score0.04445EPSS
Exploits0References130
kitploit
kitploit
added 2024/01/29 11:30 a.m.60 views

BucketLoot - An Automated S3-compatible Bucket Inspector

BucketLoot is an automated S3-compatible Bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text. The tool can scan for bucke...

7AI score
Exploits0References4
susecve
susecve
added 2023/10/31 2:31 a.m.7 views

SUSE CVE-2020-2926

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication GCS. Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.4CVSS5.7AI score0.01854EPSS
Exploits0References2
ibm
ibm
added 2023/06/28 10:3 p.m.49 views

Security Bulletin: Multiple security vulnerabilities has been identified in Oracle MySQL, which is a supported topology database of IBM Tivoli Network Manager IP Edition.

Summary Oracle MySQL version 5.5.x and version 5.6.x is a supported topology database of IBM Tivoli Network Manager IP Edition 3.9 Fix Pack 4 and Fix Pack 5. Information about security vulnerabilities affecting Oracle MySQL has been published here. Vulnerability Details CVEID: CVE-2018-2810...

6.8CVSS7.2AI score0.0401EPSS
Exploits0Affected Software1
openbugbounty
openbugbounty
added 2023/06/16 9:44 a.m.14 views

gcs-recycling.com Cross Site Scripting vulnerability OBB-3435546

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
openbugbounty
openbugbounty
added 2023/06/09 12:37 p.m.13 views

gcs-recycling.com Cross Site Scripting vulnerability OBB-3405716

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
openbugbounty
openbugbounty
added 2023/04/02 7:59 a.m.10 views

gcs-recycling.com Cross Site Scripting vulnerability OBB-3244457

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

5.9AI score
Exploits0
Rows per page
Query Builder