CVE-2024-20938

The CVE-2024-20938 flaw affects Oracle E-Business Suite’s Oracle iStore component (ECC) in versions 12.2.3–12.2.13. An unauthenticated attacker with network access over HTTP can compromise iStore, with successful attacks requiring user interaction and potentially impacting related products. The i...

K15094237: MySQL vulnerabilities CVE-2022-21460, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479, CVE-2022-21482

Security Advisory Description CVE-2022-21460 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Logging. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access...

CVE-2023-21834

Vulnerability in the Oracle Self-Service Human Resources product of Oracle E-Business Suite component: Workflow, Approval, Work Force Management. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP t...

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to denial of service. The vulnerability exists in the Server: Optimizer component, allowing an attacker to cause an application crash and modify some MySQL Server accessible data through the multiple protocols...

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to denial of service. The vulnerability exists in the Server: Options component, allowing an attacker to cause an application crash and modify some MySQL Server accessible data through the multiple protocols...

Improper Access Control

openjdk is vulnerable to improper access control. The vulnerability allows an attacker to perform unauthorized updates, insertions or deletions of some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data...

Oracle MySQL Shell Information Disclosure Vulnerability (CNVD-2023-01495)

Oracle MySQL Server is a relational database from Oracle Corporation. An information disclosure vulnerability exists in the Shell: Core Client component of Oracle MySQL. An attacker can exploit this vulnerability to corrupt the MySQL Shell and gain unauthorized access to a subset of MySQL...

CVE-2022-21615

Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware component: Dashboard. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

Oracle JD Edwards Products输入验证错误漏洞

Oracle JD Edwards Products is a fully integrated suite of enterprise resource planning applications ERP from Oracle Corporation USA. A security vulnerability exists in Oracle JD Edwards Products that could result in unauthorized update, insert, or delete access to certain JD Edwards EnterpriseOne...

CVE-2021-35640

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

CVE-2021-35541

Vulnerability in the PeopleSoft Enterprise SCM product of Oracle PeopleSoft component: Supplier Portal. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM. Successful...

Oracle Secure Global Desktop Unauthorized Access Vulnerability

Oracle Secure Global Desktop is a secure remote access solution for any cloud-hosted enterprise applications and hosted desktops running on Microsoft Windows, Linux, Oracle Solaris, and mainframe servers. oracle Secure Global Desktop Unauthorized Access Vulnerability. An attacker can compromise...

CVE-2021-2365

Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite component: People Management. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Human Resources...

Design/Logic Flaw

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft component: Notification Configuration. The supported version that is affected is 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

CVE-2021-2334

Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access vi...

CVE-2021-2163

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2...

Doxing in the corporate sector

Introduction Doxing refers to the collection of confidential information about a person without their consent for the purpose of inflicting harm on that person or to otherwise gain some benefit from gathering or disclosing such information. Normally, doxing involves a threat to specific people,...

Code Injection in sodadata/soda-sql

Description soda-sql Metric collection, data testing and monitoring for SQL accessible data, which is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash pip3 install soda-sql Run exploit.py...

CVE-2020-14667

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite component: Preferences. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM...

CVE-2020-14572

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...