KB5032250: Windows Server 2008 R2 Security Update (November 2023)

The remote Windows host is missing security update 5032250. It is, therefore, affected by multiple vulnerabilities - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability CVE-2023-36402 - Windows Pragmatic General Multicast PGM Remote Code Execution Vulnerability...

KB5032192: Windows 11 version 21H2 Security Update (November 2023)

The remote Windows host is missing security update 5032192. It is, therefore, affected by multiple vulnerabilities - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability CVE-2023-36402 - Windows Pragmatic General Multicast PGM Remote Code Execution Vulnerability...

CVE-2023-47800

Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL...

CVE-2023-47800

Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL...

Default credentials

Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL...

CVE-2023-47800

Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL...

CVE-2023-47800

CVE-2023-47800 affects Natus NeuroWorks and SleepWorks prior to version 8.4 GMA3. The root cause is a default password (xltek) on the Microsoft SQL Server service account sa, enabling a threat actor to perform remote code execution, data exfiltration, or data/tampering and disruption of MSSQL ser...

Veeam ONE 11.x < 11.0.0.1379 / 11.0.1.x < 11.0.1.1880 / 12.x < 12.0.1.2591 Multiple Vulnerabiltiies (KB4508)

The version of Veeam ONE installed on the remote Windows host is affected by multiple vulnerabilities, as disclosed in the vendor's advisory with KB ID 4508, including the following: - A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection...

PT-2023-30615 · Natus +1 · Natus Neuroworks +2

Name of the Vulnerable Software and Affected Versions: Natus NeuroWorks and SleepWorks versions prior to 8.4 GMA3 Description: The issue arises from the use of a default password xltek for the Microsoft SQL Server service sa account in Natus NeuroWorks and SleepWorks. This allows a threat actor t...

CVE-2023-38547

A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database...

Design/Logic Flaw

A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database...

CVE-2023-38547

The CVE-2023-38547 issue affects Veeam ONE (versions 11, 11a, 12), where an unauthenticated user can access information about the SQL Server connection to the Veeam ONE configuration database, potentially enabling remote code execution on the SQL server. Mitigation is via the vendor hotfix descri...

CVE-2023-38547

A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database...

CVE-2023-38547

A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database...

Critical Flaws Discovered in Veeam ONE IT Monitoring Software – Patch Now

Veeam has released security updates to address four flaws in its ONE IT monitoring and analytics platform, two of which are rated critical in severity. The list of vulnerabilities is as follows - CVE-2023-38547 CVSS score: 9.9 - An unspecified flaw that can be leveraged by an unauthenticated user...

Provisioning 2203 : Citrix PVS breaks with Microsoft OLEDB driver v19

When upgrading PVS 2203 servers to mitigate a Microsoft OLEDB driver vulnerability CVE-2023-36728, a customer incorrectly removed Microsoft OLE DB Driver 18 and installed Microsoft OLE DB Driver 19. PVS Server 2203 cannot use Microsoft OLE DB Driver 19 to communicate with the SQL server...

SUSE CVE-2020-2921

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Serve...

The vulnerability of the Microsoft SQL Server database management system, related to insufficient validation of input data, allows a hacker to trigger a service failure.

The vulnerability of the Microsoft SQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to cause service failures...

The vulnerability of the ODBC driver for SQL Server on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the ODBC driver for SQL Server on Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the ODBC driver for SQL Server on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the ODBC driver for SQL Server on Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...