Microsoft SQL Server versions 2014, 2016, 2017, 2019, and 2022 suffer from an issue where masked data can be exposed through a brute force attack.
b0624723532f370b9f34af37f303e61f5b293ddd86ebcbb2599460d727a10878By having specific DDL permissions set in Oracle 19c, you can bypass access restrictions normally in place for VPD (virtual private database).
ff60854406414096e014384dc484cf5d2a0ecd59484b16d36d5fb5dd40a2a5f3Oracle Database versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c allows for unauthorized access to password hashes by an account with the DBA role.
edea13d6bbb4e899e5a14a7b29742067ce892997ff2cae4bac02dd2d1a895ab2MongoDB versions 2.0.1, 2.1.1, 2.1.4, and 2.1.5 appear to suffer from multiple localized password disclosure issues.
ec43188752263df8468c0d1efaa74c0c5834d7a2469f132a2cf3841157e23944Microsoft SQL Server versions 2014 through 2022 suffers from a db_ddladmin privilege escalation vulnerability. When escalated to Microsoft as a concern, they instead opted to update their documentation to note that this is possible instead of addressing the issue.
cac3f425f4cca8e96dd9616578d2788098261640c115710127e2b2ec6da21b6cOracle database versions 19.3 through 19.20 and 21.3 through 21.11 have an issue where an account with create session and select any dictionary can view password hashes stored in a system table that is part of a sharding component setup.
d2f153475e1ccb9fba7a3c56502ebe8182c7fe13f5f32cca180c60ebe9c205c7Proof of concept exploit for Oracle RMAN on Oracle database versions 19c, 18c, 12.2.0.1, and 12.1.0.2 where an RMAN controlfile operation is not adequately logged.
a4b527febec8b5e2538fa176029d4e006f6958e1699c0f13efc73dce25b4e691Proof of concept exploit for Oracle RMAN on Oracle database versions 19c, 18c, 12.2.0.1, and 12.1.0.2 where recovery actions are not adequately logged.
4059913b910843fd7806fdd44a93afe09ba3bfaf7adb61de29614d5ac1df0dfcMicrosoft SQL Server 2014, 2016, 2017, 2019, and 2022 appears to ignore audit rules for sys.sysxlgns allowing an attacker with administrative permissions to extract password hashes under the radar. Microsoft told the researcher they are not willing to fix it but acknowledge it as a security problem.
220eab344c9585b4ceae5580fc752834a0002dfd5cc1a78c95445e4b2af32787Proof of concept details for Oracle database versions 12.1.0.2, 12.2.0.1, 18c, and 19c that had a PDB isolation vulnerability allowing viewing of metadata for a different database within the same container.
7a77b45fcc76d5afb91f7f9e5267626d1904eb000933f05496369762ff8b6fb4Oracle Database Vault had a flaw that would allow unauthorized privileged users to extract data from a protected table. Oracle 19c versions 19.18 and below are affected. Fixed in the Oracle Critical Patch Update October 2022.
9793cd8f9b7072bec5dd6bf77759bc5e3eb357c40e0c937e857487981ea190abOracle Database version 12.1.0.2 suffers from a privilege escalation vulnerability that achieves DBA access via the Spatial component.
caf48bbfad39123ef07fb0bb705d943592ffa4c124bb8e5f2f2978fd30974220Oracle Database versions 12.1.0.2, 12.2.0.1, 18c, and 19c suffer from a vault metadata exposure vulnerability.
6d636ac988e2da4e604986a058092a2597791439751bb9ff71e51d032dd50eefProof of concept overview on how the DBMS_REDACT Dynamic Data Masking security feature in Oracle can be bypassed. Affected versions include 19c and 21c.
faa91bafa9b2e6c720d769cabe566e32648af86218a89d1e65f2e8680b811db4Oracle versions 12.1.0.2, 12.2.0.1, and 19c suffer from a Unified Audit Policy bypass vulnerability.
7e5b1b4347cc242b7461a29b645553a188ed4ddb848dbd5b5689d7909dc614f0
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed