Aggregator

A vulnerability was found in Microsoft SQL Server 2012 SP4/2014 SP3/2016 SP2. It has been rated as critical. This issue affects some unknown processing of the component Reporting Services. The manipulation leads to deserialization. The identification of this vulnerability is CVE-2020-0618. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as very critical was found in Oracle WebLogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0. Affected by this vulnerability is an unknown functionality of the component Core. The manipulation leads to Remote Code Execution. This vulnerability is known as CVE-2020-14644. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, has been found in Oracle JDeveloper 12.2.1.3.0/12.2.1.4.0. Affected by this issue is some unknown functionality of the component ADF Faces. The manipulation leads to deserialization. This vulnerability is handled as CVE-2022-21445. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Ivanti CSA up to 4.6 Patch 518. This affects an unknown part. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2024-8190. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Progress WhatsUp Gold. This issue affects the function HasErrors. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2024-6670. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Захват заложников, нападения и драки - новая реальность для криптоинвесторов.

A vulnerability was found in Aeries Student Information System 3.8.2.8 and classified as critical. Affected by this issue is some unknown functionality of the file comments.asp. The manipulation of the argument Term leads to sql injection. This vulnerability is handled as CVE-2008-0943. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in cvat up to 2.18.x. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-47063. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Authors/Presenters:Yang Zhou, Xingyu Xiang, Matthew Kiley, Sowmya Dharanipragada, Minlan Yu

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

Permalink

The post USENIX NSDI ’24 – DINT: Fast In-Kernel Distributed Transactions with eBPF appeared first on Security Boulevard.

Cyfirma раскрыла все карты пакистанских хакеров.