29 matches found
DoS (Denial of Service) semver Dependency in Jira Software Data Center and Server
This High severity DoS Denial of Service vulnerability known as CVE-2022-25883 was introduced in versions 11.3.0 and 11.3.1 of Jira Software Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...
CVE-2022-21559
Vulnerability in the Oracle Commerce Platform product of Oracle Commerce component: Dynamo Application Framework. Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle...
CVE-2021-2462
Vulnerability in the Oracle Commerce Service Center product of Oracle Commerce component: Commerce Service Center. Supported versions that are affected are 11.0.0, 11.1.0, 11.2.0 and 11.3.0-11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...
CVE-2025-21576
Vulnerability in the Oracle Commerce Platform product of Oracle Commerce component: Dynamo Personalization Server. Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
Oracle Commerce 安全漏洞
Oracle Commerce is a suite of e-commerce solutions from Oracle Corporation, of which Commerce Platform is one component that provides a versatile e-commerce platform. A security vulnerability exists in Oracle Commerce's Commerce Platform versions 11.3.0, 11.3.1, and 11.3.2, which stems from...
OPENSUSE-SU-2025:14681-1 grafana-11.3.2-1.1 on GA media
These are all security issues fixed in the grafana-11.3.2-1.1 package on the GA media of openSUSE Tumbleweed...
Security Bulletin: Multiple Vulnerabilities in IBM Event Endpoint Management
Summary Multiple vulnerabilities were addressed in IBM Event Endpoint Management version 11.3.2 Vulnerability Details CVEID:CVE-2024-47176 DESCRIPTION: OpenPrinting cups-browsed could allow a remote attacker to obtain sensitive information, caused by the binding on UDP INADDRANY:631 and trusting...
Security Bulletin: IBM Event Streams is vulnerable to a cross-site request forgery due to the Axios component (CVE-2023-45857).
Summary IBM Event Streams is vulnerable to XSS vulnerability due to Axios component . Axios is a promise-based HTTP library that lets developers make requests to either their own or a third-party server to fetch data. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to...
Security Bulletin: IBM Event Streams is vulnerable to sensitive information leakage and directory traversal attack due to the Golang related packages (CVE-2023-45285, CVE-2023-39326, CVE-2023-45283).
Summary Golang Go is used by IBM Event Streams and could allow a remote attacker to obtain sensitive information, caused by a flaws in modules with ".git" suffix and in the net/http package. By sending specially crafted requests, an attacker can attain these privileges. Vulnerability Details...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack (CVE-2024-28176).
Summary IBM Event Streams is vulnerable to a denial of service due to the jose module component, caused by a flaw during JWE Decryption operations. Jose module is a javaScript implementation of the JSON Object Signing and Encryption JOSE for current web browsers and node. js-based servers...
PT-2024-4884 · Oracle · Oracle Commerce Platform
Name of the Vulnerable Software and Affected Versions: Oracle Commerce Platform versions 11.3.0 through 11.3.2 Description: The issue is related to insufficient input validation in the Oracle Commerce Platform, allowing an unauthenticated attacker with network access via HTTP to compromise the...
CVE-2023-22029
Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce component: Workbench. The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successf...
CVE-2023-22029
Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce component: Workbench. The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successf...
CVE-2023-22029
Oracle Commerce Guided Search (Workbench) vulnerability tracked as CVE-2023-22029 affects version 11.3.2. The issue stems from insufficient input validation in the Workbench component, allowing an unauthenticated attacker with network access over HTTP to compromise the product. Attacks require us...
Oracle Commerce Security Vulnerability
Oracle Commerce is a suite of e-business solutions from Oracle Corporation. A security vulnerability exists in Oracle Commerce's Oracle Commerce Guided Search version 11.3.2, which originated from a vulnerability that could allow an unauthenticated attacker to compromise Oracle Commerce Guided...
CVE-2022-21559
Vulnerability in the Oracle Commerce Platform product of Oracle Commerce component: Dynamo Application Framework. Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle...
CVE-2022-21559
Vulnerability in the Oracle Commerce Platform product of Oracle Commerce component: Dynamo Application Framework. Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle...
CVE-2022-21559
Vulnerability in the Oracle Commerce Platform product of Oracle Commerce component: Dynamo Application Framework. Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle...
CVE-2022-21466
Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce component: Tools and Frameworks. The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Searc...
CVE-2022-21466
Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce component: Tools and Frameworks. The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Searc...