Aggregator

CVE-2017-3322 | Oracle MySQL Cluster 7.2.25/7.3.14/7.4.12 Cluster NDBAPI denial of service (Nessus ID 96726 / BID-95574)

Vuldb Updates
1 month ago
A vulnerability identified as problematic has been detected in Oracle MySQL Cluster 7.2.25/7.3.14/7.4.12. Impacted is an unknown function of the component Cluster NDBAPI. Performing a manipulation results in denial of service. This vulnerability is reported as CVE-2017-3322. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.
vuldb.com

CVE-2017-3319 | Oracle MySQL Server up to 5.7.16 X Plugin information disclosure (Nessus ID 96618 / ID 20029)

Vuldb Updates
1 month ago
A vulnerability labeled as problematic has been found in Oracle MySQL Server up to 5.7.16. The affected element is an unknown function of the component X Plugin. Executing a manipulation can lead to information disclosure. This vulnerability appears as CVE-2017-3319. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.
vuldb.com

CVE-2017-3320 | Oracle MySQL Server up to 5.7.16 Encryption access control (Nessus ID 96618 / ID 20029)

Vuldb Updates
1 month ago
A vulnerability marked as problematic has been reported in Oracle MySQL Server up to 5.7.16. The impacted element is an unknown function of the component Encryption. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2017-3320. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

Shai-Hulud Worm Steals npm, GitHub, AWS, and Kubernetes Secrets From Developers

Cyber Security News
1 month ago

A dangerous new piece of malware called Shai-Hulud has emerged as one of the most alarming supply chain threats of 2026. It is a self-propagating worm that quietly tunnels through developer environments, stealing credentials from npm, GitHub, AWS, and Kubernetes all at once. Hundreds of malicious packages have already been tied to this campaign, making […]

The post Shai-Hulud Worm Steals npm, GitHub, AWS, and Kubernetes Secrets From Developers appeared first on Cyber Security News.

Tushar Subhra Dutta

英国对 MS Office 涉嫌垄断展开调查

Solidot
1 month ago
英国竞争市场管理局(CMA)正式启动调查,查明微软将 Windows、Office、Teams、Copilot 及相关产品捆绑销售是否构成不公平竞争。CMA CEO Sarah Cardell 表示,商业软件是英国经济的基石,数十万客户依赖微软的系统。她表示 CMA 的目标是了解市场的发展情况,微软在其中的地位,考虑是否需要采取任何有针对性的措施,以确保英国企业能从选择、创新和具有竞争力的价格中受益。微软捆绑销售办公软件、AI 和云计算的做法将是英国的调查对象。调查预计将于明年 2 月结束。

CVE-2026-22740 | Vmware Spring Framework up to 5.3.47/6.1.26/6.2.17/7.0.6 Multipart Request resource consumption (Nessus ID 314917 / WID-SEC-2026-1177)

Vuldb Updates
1 month ago
A vulnerability, which was classified as problematic, was found in Vmware Spring Framework up to 5.3.47/6.1.26/6.2.17/7.0.6. The affected element is an unknown function of the component Multipart Request Handler. Executing a manipulation can lead to resource consumption. The identification of this vulnerability is CVE-2026-22740. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.
vuldb.com

CVE-2026-22741 | Vmware Spring Framework up to 5.3.47/6.1.26/6.2.17/7.0.6 MVC/WebFlux cache containing sensitive information (EUVD-2026-26206 / Nessus ID 314917)

Vuldb Updates
1 month ago
A vulnerability marked as problematic has been reported in Vmware Spring Framework up to 5.3.47/6.1.26/6.2.17/7.0.6. This issue affects some unknown processing of the component MVC/WebFlux. This manipulation causes use of cache containing sensitive information. This vulnerability appears as CVE-2026-22741. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-22745 | Vmware Spring Framework up to 5.3.47/6.1.26/6.2.17/7.0.6 on Windows MVC/WebFlux resource consumption (EUVD-2026-26207 / Nessus ID 314917)

Vuldb Updates
1 month ago
A vulnerability described as problematic has been identified in Vmware Spring Framework up to 5.3.47/6.1.26/6.2.17/7.0.6 on Windows. Impacted is an unknown function of the component MVC/WebFlux. Such manipulation leads to resource consumption. This vulnerability is traded as CVE-2026-22745. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-44573 | vercel next.js up to 15.5.15/16.2.4 /_next/data/.json authorization (Nessus ID 314910 / WID-SEC-2026-1401)

Vuldb Updates
1 month ago
A vulnerability was found in vercel next.js up to 15.5.15/16.2.4 and classified as problematic. Impacted is an unknown function of the file /_next/data/.json. The manipulation results in incorrect authorization. This vulnerability is cataloged as CVE-2026-44573. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

Hackers Abuse OAuth Device Authorization Flow to Steal Microsoft 365 Tokens

Cyber Security News
1 month ago

Hackers are exploiting a little-known feature of Microsoft’s authentication system to steal account credentials at scale. Device code phishing campaigns now target organizations worldwide by manipulating the OAuth device authorization flow, turning a security feature into a major vulnerability. This emerging threat has surged dramatically since late 2024, catching security teams unprepared for attacks that […]

The post Hackers Abuse OAuth Device Authorization Flow to Steal Microsoft 365 Tokens appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2017-3310 | Oracle Database Server 11.2.0.4/12.1.0.2 OJVM information disclosure (Nessus ID 96611 / ID 20030)

Vuldb Updates
1 month ago
A vulnerability classified as critical has been found in Oracle Database Server 11.2.0.4/12.1.0.2. This vulnerability affects unknown code of the component OJVM. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2017-3310. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2017-3311 | Oracle Enterprise Manager 12.4.0.2/12.5.0.2/12.5.0.3 Application Testing Suite access control (BID-95584 / ID 1037633)

Vuldb Updates
1 month ago
A vulnerability, which was classified as critical, has been found in Oracle Enterprise Manager 12.4.0.2/12.5.0.2/12.5.0.3. Affected by this vulnerability is an unknown functionality of the component Application Testing Suite. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2017-3311. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2017-3303 | Oracle XML Gateway up to 12.2.6 Transport Agent access control (Nessus ID 96608 / BID-95602)

Vuldb Updates
1 month ago
A vulnerability identified as critical has been detected in Oracle XML Gateway up to 12.2.6. Affected by this vulnerability is an unknown functionality of the component Transport Agent. Performing a manipulation results in improper access controls. This vulnerability is identified as CVE-2017-3303. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.
vuldb.com

CVE-2017-3300 | Oracle PeopleSoft 8.54/8.55 PeopleTools mcfIM.jar access control (BID-95505 / ID 1037634)

Vuldb Updates
1 month ago
A vulnerability identified as problematic has been detected in Oracle PeopleSoft 8.54/8.55. This vulnerability affects unknown code of the file PORTAL.war/WEB-INF/lib/mcfIM.jar of the component PeopleTools. The manipulation leads to improper access controls. This vulnerability is referenced as CVE-2017-3300. Remote exploitation of the attack is possible. Furthermore, an exploit is available. You should upgrade the affected component.
vuldb.com

CVE-2017-3298 | Oracle PeopleSoft 8.54/8.55 PeopleTools 7pk security (BID-95504 / ID 1037634)

Vuldb Updates
1 month ago
A vulnerability labeled as critical has been found in Oracle PeopleSoft 8.54/8.55. This issue affects some unknown processing of the component PeopleTools. The manipulation results in 7pk security features. This vulnerability is identified as CVE-2017-3298. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.
vuldb.com

CVE-2017-3296 | Oracle Commerce Platform 10.0.3.5/10.2.0.5/11.2.0.2 Dynamo Application Framework information disclosure

Vuldb Updates
1 month ago
A vulnerability was found in Oracle Commerce Platform 10.0.3.5/10.2.0.5/11.2.0.2 and classified as critical. Affected by this issue is some unknown functionality of the component Dynamo Application Framework. Such manipulation leads to information disclosure. This vulnerability is traded as CVE-2017-3296. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

Managed ad