RHEL 9 : .NET 8.0 (RHSA-2024:0152)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0152 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

KB5033592 - Description of the security update for SQL Server 2022 CU10: January 9, 2024

KB5033592 - Description of the security update for SQL Server 2022 CU10: January 9, 2024 Summary How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information Information about protection and security Summary This...

Security Updates for Microsoft SQL Server (January 2024) (Remote)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions...

Microsoft SQL Server db_ddladmin Privilege Escalation Vulnerability

Microsoft SQL Server versions 2014 through 2022 suffers from a dbddladmin privilege escalation vulnerability. When escalated to Microsoft as a concern, they instead opted to update their documentation to note that this is possible instead of addressing the issue. Title: SQL Server Privilege...

Microsoft SQL Server Security Vulnerability

Microsoft SQL Server is a large commercial database system from Microsoft that is used under Microsoft Windows. A security vulnerability exists in Microsoft SQL Server. An attacker could exploit the vulnerability to bypass certain functionality. The following products and versions are affected:...

KLA62825 SB vulnerability in Microsoft SQL Server

A security feature bypass vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories CVE-2024-0056 Exploitation Public exploits exist for this vulnerability. Related products Microsoft-SQL-Server CVE list...

Security Updates for Microsoft SQL Server (January 2024)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions...

SA-2023-12-19-CVE-2023-39336

SECURITY ADVISORY 2023-12-19 Product Affected: Ivanti Endpoint Manager A vulnerability was recently discovered for EPM 2022 SU4 and all prior versions. More information can be found here: CVE-2023-39336 Full details Please log into the community to access the full details page. Vulnerability...

Legba - A Multiprotocol Credentials Bruteforcer / Password Sprayer And Enumerator

Legba is a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust and the Tokio asynchronous runtime in order to achieve better performances and stability while consuming less resources than similar tools see the benchmark below. For the building instructions, usa...

CVE-2023-47800

Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL...

Default credentials

Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL...

CVE-2023-47800

CVE-2023-47800 affects Natus NeuroWorks and SleepWorks prior to version 8.4 GMA3. The root cause is a default password (xltek) on the Microsoft SQL Server service account sa, enabling a threat actor to perform remote code execution, data exfiltration, or data/tampering and disruption of MSSQL ser...

PT-2023-30615 · Natus +1 · Natus Neuroworks +2

Name of the Vulnerable Software and Affected Versions: Natus NeuroWorks and SleepWorks versions prior to 8.4 GMA3 Description: The issue arises from the use of a default password xltek for the Microsoft SQL Server service sa account in Natus NeuroWorks and SleepWorks. This allows a threat actor t...

The vulnerability of the Microsoft SQL Server database management system, related to insufficient validation of input data, allows a hacker to trigger a service failure.

The vulnerability of the Microsoft SQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to cause service failures...

Security Updates for Microsoft SQL Server ODBC Driver (October 2023)

The Microsoft SQL Server ODBC Driver installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities. - An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2023-36417, CVE-2023-36420,...

Security Updates for Microsoft SQL Server OLE DB Driver (October 2023)

The Microsoft SQL Server OLE DB Driver installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities. - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

CVE-2023-36728

Microsoft SQL Server Denial of Service Vulnerability...

CVE-2023-36417

Microsoft SQL OLE DB Remote Code Execution Vulnerability...

Denial of service

Microsoft SQL Server Denial of Service Vulnerability...

Remote code execution

Microsoft SQL OLE DB Remote Code Execution Vulnerability...