49 matches found
Fedora 37 : mingw-python-werkzeug (2023-af75e27098)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-af75e27098 advisory. Update to python-werkzeug-2.2.3. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...
SUSE CVE-2012-3139
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity, related to Signon local and SSO...
CVE-2023-25577
Werkzeug prior to 2.2.3 contains a DoS vulnerability in its multipart form data parser that can parse an unlimited number of parts (including file parts). Attacks that send crafted multipart data to endpoints reading request.data, request.form, request.files, or request.get_data(parse_form_data=F...
CVE-2023-23934
CVE-2023-23934 affects the Werkzeug WSGI library. A bug in parsing nameless cookies (e.g., =__Host-test=bad) can lead to cookie shadowing where the cookie value is set for one subdomain but read as a different key by adjacent subdomains. The issue applies to Werkzeug versions before 2.2.3 and is ...
CVE-2023-23951
Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application...
ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.4.0.1), ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12) +14527 more potentially affected by CVE-2022-27772 via org.springframework.boot:spring-boot (>=1.0.0.RELEASE <=2.2.10.RELEASE)
org.springframework.boot:spring-boot MAVEN version =1.0.0.RELEASE, =4.4.0.0, =0.1.8, =0.1.6, =0.1.2, =0.0.6, =0.0.11, =0.0.16, =0.0.1, =0.0.47, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.21 and more Source cves: CVE-2022-27772 Source advisory: OSV:GHSA-CM59-PR5Q-CW85...
ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.2 <=4.6.0.0), ai.ylyue:yue-library-auth-client (=j11.2.6.0) +1751 more potentially affected by CVE-2022-22978 via org.springframework.security:spring-security-core (>=5.6.0 <=5.6.3)
org.springframework.security:spring-security-core MAVEN version =5.6.0, =4.4.0.2, =1.3.1.RELEASE, =0.2.0, =0.8.3, =2.1.0.M8, =1.0.0, =2.7.0.Beta3, =2.7.0.Beta4, =2.7.0.Beta3, =2.7.0.Beta3, =2.7.0.Beta3, =2.7.0.RC1 and more Source cves: CVE-2022-22978 Source advisory: OSV:GHSA-HH32-7344-CG2F...
CVE-2022-29126
Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability...
The vulnerability of the acron application library of Avrora Center, related to uncontrolled resource consumption, allows a perpetrator to cause a service failure.
The vulnerability of the acron application library in Avroa Software Solutions is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures using a specially crafted regular expression...
libtpms stack corruption vulnerability
libtpms is an application. Library that provides software emulation of trusted platform modules TPM 1.2 and TPM 2.0. libtpms has a security vulnerability that stems from a stack corruption bug that could lead to SIGBUS bad memory access and termination of swtpm. No detailed vulnerability details...
The vulnerability of the Diagnostics sub-component of the Oracle Application Object Library in the Oracle E-Business Suite system allows a perpetrator to gain access to modify, add, or delete data.
The vulnerability of the Diagnostics sub-component of the Oracle Application Object Library in the Oracle E-Business Suite exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data using the HTTP...
CVE-2019-8931
Redbrick Shift through 3.4.3 allows an attacker to extract emails of services such as Gmail, Outlook, etc. used in the application...
The vulnerability of the Attachments/File Upload component in the Oracle Application Object Library for Oracle E-Business Suite applications allows a malicious individual to gain unauthorized access to protected data.
The vulnerability of the Attachments/File Upload component in the Oracle Application Object Library of the Oracle E-Business Suite relates to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected data...
CVE-2018-3244
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite subcomponent: Attachments / File Upload. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with...
CVE-2018-2867
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite subcomponent: Diagnostics. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access v...
CVE-2018-2874
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite subcomponent: Logging. The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows physical access to compromise Oracle Application Object Library. Successful attacks require...
CVE-2018-2804
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite subcomponent: DB Privileges. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...
Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2018-02401)
Oracle E-Business Suite is based on the original Application ERP expansion, including ERP Enterprise Resource Planning, HR Human Resource Management, CRM Customer Relationship Management, and so on a variety of management software collection, is a seamless integration of a management suite. An...
CVE-2017-10328
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite subcomponent: Diagnostics. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access v...
CVE-2017-10244
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite subcomponent: Attachments. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP ...