CVE-2021-44835 An issue was found in Active Intelligent Visualization 5. The Vdc header is used in a SQL query without being sanitized.

This problem can lead to data being exposed in the query like this example where a user name and password are input in the Vdc parameter.

With the potential to cause a lot of damage with only a few lines of SQL, this is a critical security risk. When installing this package, be sure to upgrade to version 9.0.6 or higher that fixes this issue.

Establish a baseline of functions provided by MariaDB

This is a critical security risk, so it’s important to establish a baseline of functions provided by MariaDB. When installing this package, be sure to upgrade to version 9.0.6 or higher that fixes this issue.

Bug Description:

This issue is a vulnerability in Oracle VM VirtualBox.
A remote attacker may exploit this vulnerability to obtain sensitive information from the host system. This can result in the disclosure of credentials, data and/or other types of sensitive information from the host system that may lead to further attacks on systems within the network.

Timeline

Published on: 09/09/2022 19:15:00 UTC
Last modified on: 09/15/2022 15:17:00 UTC

References

• https://www.aivhub.com
• https://gist.github.com/rntcruz23/199782fb65b7dc3c4492d168770b71e5
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44835