Oracle MySQL Server Authorization Issues Vulnerability

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. An authorization issue vulnerability exists in Oracle MySQL Server Server: PS version 8.0.21 and earlier versions that could allow a highly privilege...

OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

UBUNTU-CVE-2020-14838

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

UBUNTU-CVE-2020-14799

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2020-14827

Summary of CVE-2020-14827 : A vulnerability in Oracle MySQL Server (Server: Security: LDAP Auth) affects MySQL 5.7.x up to 5.7.31 and MySQL 8.0.x up to 8.0.21. An attacker with low privileges who can reach the server over multiple network protocols can exploit this to gain unauthorized access to ...

CVE-2020-14836

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2020-1656

The DHCPv6 Relay-Agent service, part of the Juniper Enhanced jdhcpd daemon shipped with Juniper Networks Junos OS has an Improper Input Validation vulnerability which will result in a Denial of Service DoS condition when a DHCPv6 client sends a specific DHPCv6 message allowing an attacker to...

CVE-2020-6083

An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious...

CVE-2020-26164

In kdeconnect-kde aka KDE Connect before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack...

Code injection

In kdeconnect-kde aka KDE Connect before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack...

CVE-2020-26164

In kdeconnect-kde aka KDE Connect before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack...

MGASA-2020-0380 Updated samba packages fix security vulnerability

When Samba is used as a domain controller, an unauthenticated attacker on the network can gain administrator access by exploiting a netlogon protocol flaw CVE-2020-1472. Note that Samba installations are not vulnerable unless they have the smb.conf lines 'server schannel = no' or 'server schannel...

The Apache HTTP Server when accessed through a TCP connection with a large window size allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties who state that the large window size required by the attack is not normally supported or configured by the server or that a DDoS-style attack would accomplish the same goal

...

MGASA-2020-0369 Updated mysql-connector-java package fixes security vulnerability

A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user's connection and insert unauthorized SQL commands CVE-2020-2934...

Updated mysql-connector-java package fixes security vulnerability

A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user's connection and insert unauthorized SQL commands CVE-2020-2934...

Jenkins Mailer Plugin Denial of Service Vulnerability

Jenkins is an open source software project , is based on Java development of a continuous integration tool for monitoring continuous repetitive work , aims to provide an open and easy to use software platform . Jenkins Mailer Plugin product has a denial of service vulnerability , the vulnerabilit...

mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

mysql: C API unspecified vulnerability (CPU Jan 2020)

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client...