Denial Of Service (DoS)

MySQL is vulnerable to denial of service. An attacker is able to exploit the vulnerability by accessing the network and crashing the system...

mysql: InnoDB unspecified vulnerability (CPU Oct 2020)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...

mysql: Server: Memcached unspecified vulnerability (CPU Jul 2021)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Memcached. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

Vulnerability fixed in Huawei CloudEngine

Huawei has fixed a vulnerability in their CloudEngine series of switches. An unauthenticated malicious person on the same network could exploit the vulnerability to cause a denial-of-service cause. Huawei has released updates to fix the vulnerability in CloudEngine. For more information, see:...

mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2021-3773

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. Mitigation Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security...

log4j: Socket receiver deserialization vulnerability

It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the...

Medium: golang

Issue Overview: A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. CVE-2021-33196 A flaw was found in golang. A panic can be triggered by an attacker in a privileged netwo...

OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Library. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows...

CVE-2021-2447

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization component: Server. The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle Secure Global Deskto...

CVE-2021-2384

CVE-2021-2384 affects Oracle MySQL Server (component: Server: Optimizer). Affected: 8.0.25 and earlier. Vulnerability allows a high-privilege attacker with network access via multiple protocols to cause a hang or crash (Denial of Service). Remediation: vendor advisories show fixes in newer MySQL ...

CVE-2021-20109

Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as well as receive the...

CVE-2021-20109

Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as well as receive the...

Advisory ROSA-SA-2021-1823

Software: dnsmasq 2.76 OS: Cobalt 7.9 CVE-ID: CVE-2017-13704 CVE-Crit: HIGH CVE-DESC: In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in the memset call gets a negative value. Since this is an unsigned value, memset writes up to...

Embryology Data Breach Follows Fertility Clinic Ransomware Hit

A fertility clinic serving the Atlanta area has been hit with a ransomware attack that also exposed private health information for 38,000 of its patients. Reproductive Biology Associates RBA, along with its affiliate My Egg Bank North America, is a well-known pioneer in in-vitro fertilization IVF...

CVE-2021-27635

SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the application because of missing XML Validation, this vulnerability enables attacker to fully compromise...

CVE-2021-27628

SAP NetWeaver ABAP Server and ABAP Platform Dispatcher, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without...

CVE-2021-27630

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) versions including KRNL32NUC (7.22, 7.22EXT), KRNL64NUC (7.22, 7.22EXT, 7.49), KRNL64UC (8.04, 7.22, 7.22EXT, 7.49, 7.53, 7.73), and KERNEL (7.22, 8.04, 7.49, 7.53, 7.73) are affected by CVE-2021-27630. An unauthenticated attacker can s...

CVE-2021-27633

SAP NetWeaver AS for ABAP RFC Gateway, versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a...

SUSE: Security Advisory (SUSE-SU-2012:0767-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...