802 matches found
[SECURITY] Fedora 40 Update: mysql8.0-8.0.40-1.fc40
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...
CVE-2024-47223
A vulnerability in the AWV Audio, Web and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access...
CVE-2024-47189
The API Interface of the AWV Audio, Web and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful exploit could allow an attacker with knowledge of...
CVE-2024-47822
Directus is a real-time API and App dashboard for managing SQL database content. Access tokens from query strings are not redacted and are potentially exposed in system logs which may be persisted. The access token in req.query is not redacted when the LOGSTYLE is set to raw. If these logs are no...
CVE-2024-47822 Directus inserts access token from query string into logs
Directus is a real-time API and App dashboard for managing SQL database content. Access tokens from query strings are not redacted and are potentially exposed in system logs which may be persisted. The access token in req.query is not redacted when the LOGSTYLE is set to raw. If these logs are no...
CVE-2024-46990
Directus is a real-time API and App dashboard for managing SQL database content. When relying on blocking access to localhost using the default 0.0.0.0 filter a user may bypass this block by using other registered loopback devices like 127.0.0.2 - 127.127.127.127. This issue has been addressed in...
Debian dla-3891 : libmariadb-dev - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-3891 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3891-1 [email protected] https://www.debian.org/lts/security/...
VICIdial 2.14-917a Remote Code Execution Vulnerability
An attacker with authenticated access to VICIdial version 2.14-917a as an agent can execute arbitrary shell commands as the root user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective. Title: VICIdial Authenticated Remo...
CVE-2024-45596 Directus's session is cached for OpenID and OAuth2 if `redirect` is not used
Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication URL did not include redirect query string. This happens because on that endpoint for both OpenId...
CVE-2024-45596 Directus's session is cached for OpenID and OAuth2 if `redirect` is not used
Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication URL did not include redirect query string. This happens because on that endpoint for both OpenId...
CVE-2024-45596 Directus's session is cached for OpenID and OAuth2 if `redirect` is not used
Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication URL did not include redirect query string. This happens because on that endpoint for both OpenId...
VICIdial Authenticated Remote Code Execution
Vulnerability Details Affected Vendor: VICIdial Affected Product: VICIdial Affected Version: 2.14-917a Platform: GNU/Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' CVE ID: CVE-2024-8504 2. Vulnerability Description An...
AlmaLinux 8 : postgresql:13 (ALSA-2024:6018)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:6018 advisory. postgresql: PostgreSQL relation replacement during pgdump executes arbitrary SQL CVE-2024-7348 Tenable has extracted the preceding description block directly from...
[SECURITY] Fedora 40 Update: mysql8.0-8.0.39-1.fc40
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...
Fedora: Security Advisory (FEDORA-2024-5d9dc19f2d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PYSEC-2024-203
DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using sniffcsv, even with enableexternalaccess=false. This vulnerability provides an attacker with access to filesystem even when access is expected to be disabled and other...
CVE-2024-41672
DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using sniffcsv, even with enableexternalaccess=false. This vulnerability provides an attacker with access to filesystem even when access is expected to be disabled and other...
CVE-2024-41672 DuckDB: sniff_csv provides filesystem access even when enable_external_access is disabled
DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using sniffcsv, even with enableexternalaccess=false. This vulnerability provides an attacker with access to filesystem even when access is expected to be disabled and other...
CVE-2024-41672 DuckDB: sniff_csv provides filesystem access even when enable_external_access is disabled
DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using sniffcsv, even with enableexternalaccess=false. This vulnerability provides an attacker with access to filesystem even when access is expected to be disabled and other...
CVE-2024-41672
CVE-2024-41672 affects DuckDB prior to 1.1.0. In versions 1.0.0 and earlier, content on the filesystem could be read via the sniff_csv function even when enable_external_access is false, giving an attacker access to files that should be restricted (for example /etc/hosts, /proc/self/environ). Two...