126 matches found
RLSA-2025:1671 Important: mysql security update
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: openssl: SSLselectnextproto buffer overread CVE-2024-5535 krb5: GSS message token handling CVE-2024-37371 curl: libcurl: ASN.1 date pars...
fake-gcs-server-1.52.2-1.1 on GA media (moderate)
fake-gcs-server-1.52.2-1.1 on GA media Announcement ID: openSUSE-SU-2025:14868-1 Rating: moderate Cross-References: CVE-2025-22868 CVSS scores: CVE-2025-22868 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-22868 SUSE : 8.7...
OPENSUSE-SU-2025:14868-1 fake-gcs-server-1.52.2-1.1 on GA media
These are all security issues fixed in the fake-gcs-server-1.52.2-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2025:14709-1 fake-gcs-server-1.52.1-1.1 on GA media
These are all security issues fixed in the fake-gcs-server-1.52.1-1.1 package on the GA media of openSUSE Tumbleweed...
K000148488: MySQL vulnerabilities CVE-2024-21243 and CVE-2024-21237
Security Advisory Description CVE-2024-21243 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Telemetry. Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access...
CVE-2024-21237
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication GCS. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple...
CVE-2024-45816
A directory traversal vulnerability was found in the backstage/plugin-techdocs-backend package. When using the AWS S3 or GCS storage provider for TechDocs, it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, a...
GHSA-39V3-F278-VJ3G @backstage/plugin-techdocs-backend storage bucket Directory Traversal vulnerability
Impact When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks in Backstage. Patches This has been fixed in the 1.10.1...
@backstage/plugin-techdocs-backend storage bucket Directory Traversal vulnerability
Impact When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks in Backstage. Patches This has been fixed in the 1.10.1...
CVE-2024-45816
Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks...
CVE-2024-45816
In Backstage, the vulnerability CVE-2024-45816 affects the techdocs-backend plugin when using AWS S3 or GCS storage providers. The root cause is directory traversal through TechDocs storage access, allowing an attacker to read content across the entire storage bucket and bypass Backstage permissi...
CVE-2024-45816 Storage bucket Directory Traversal in @backstage/plugin-techdocs-backend
Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks...
CVE-2024-45816 Storage bucket Directory Traversal in @backstage/plugin-techdocs-backend
Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks...
RHEL 6 / 7 : rh-mysql57-mysql (RHSA-2018:3655)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3655 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The...
BucketLoot - An Automated S3-compatible Bucket Inspector
BucketLoot is an automated S3-compatible Bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text. The tool can scan for bucke...
SUSE CVE-2020-2926
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication GCS. Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
Security Bulletin: Multiple security vulnerabilities has been identified in Oracle MySQL, which is a supported topology database of IBM Tivoli Network Manager IP Edition.
Summary Oracle MySQL version 5.5.x and version 5.6.x is a supported topology database of IBM Tivoli Network Manager IP Edition 3.9 Fix Pack 4 and Fix Pack 5. Information about security vulnerabilities affecting Oracle MySQL has been published here. Vulnerability Details CVEID: CVE-2018-2810...
gcs-recycling.com Cross Site Scripting vulnerability OBB-3435546
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
gcs-recycling.com Cross Site Scripting vulnerability OBB-3405716
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
gcs-recycling.com Cross Site Scripting vulnerability OBB-3244457
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...