283 matches found
CVE-2023-38431
An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdusize in ksmbdconnhandlerloop, leading to an out-of-bounds read...
WEM Server Failed to Connect Database after SQL AlwaysOn Failover to Secondary
User has followed Citrix Doc below to setup AlwaysOn for WEM: https://docs.citrix.com/en-us/workspace-environment-management/current-release/system-requirements.htmlsql-server-always-on However, the WEM server won't be able to connect AlwaysOn database after a failover from primary SQL to...
Atlas Copco Power Focus 安全漏洞
Atlas Copco Power Focus is a universal tightening system from Atlas Copco Sweden that connects to a wide range of Atlas Copco assembly tools to provide you with a full platform assembly solution. A security vulnerability exists in the Atlas Copco Power Focus 6000 that stems from the server making...
Security feature bypass
A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method...
Vulnerability of the Server component: The Connection Handling module of the MySQL Server database management system, which allows attackers to cause service interruptions.
The vulnerability of the MySQL Server component, which handles database connections, is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
PT-2023-2534 · Oracle +4 · Mysql Server +3
Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.7.40 and prior MySQL Server versions 8.0.31 and prior Description: The issue is related to insufficient input validation in the Server: Connection Handling component of MySQL Server, allowing a remote attacker to cause...
CVE-2023-24504
The CVE-2023-24504 entry concerns Electra Central AC units. Reported vulnerability: an adjacent attacker could cause the unit to connect to an unauthorized update server. Public sources corroborate an impact on update server trust and potential control over update behavior; however, the documents...
Fail to launch SF resources: SSL Error 59
Fail to launch SF resources: Unable to connect the server. Contact your system administrator with the the following error: SSL Error 59: The server sent a security certificate identifying "www.xxxx.com", the SSL connection was to "SRA.XXXXX.COM.CN"...
DEBIAN-CVE-2022-4203
A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...
CVE-2023-25767
A cross-site request forgery CSRF vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server...
SUSE CVE-2016-5444
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection...
SUSE CVE-2016-5443
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection...
CVE-2023-23848
Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2023-25768
A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server...
Oracle MySQL Server 5.7.x < 5.7.41 (Jan 2023 CPU)
The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging cURL. Supported versions that are affected are 5.7.40 and pri...
ALPINE-CVE-2022-3786
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate...
Oracle MySQL Server (Oct 2022 CPU)
The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging OpenSSL. Supported versions that are affected are 5.7.39 and...
PT-2022-5170 · Oracle +7 · Mysql Server +6
Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.7.39 and prior MySQL Server versions 8.0.30 and prior Description: The issue is related to insufficient input validation in the Server: Connection Handling component of MySQL Server. This allows a high-privileged...
Schneider Electric Geo SCADA Mobile Information Disclosure Vulnerability
Schneider Electric Geo SCADA Mobile is a mobile extension from Schneider Electric, a French company. It provides real-time remote access to critical SCADA data, allowing system users to monitor performance while "on the go," increasing employee productivity and improving overall system performanc...
Design/Logic Flaw
A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. Affected Product: Geo SCADA Mobile...