CVE-2024-21132

Vulnerability in the Oracle Purchasing product of Oracle E-Business Suite component: Approvals. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Purchasing. Successful attacks...

CVE-2024-21128

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: APIs. Supported versions that are affected are 12.2.6-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Object...

UBUNTU-CVE-2024-21170

Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/Python. Supported versions that are affected are 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successfu...

OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0....

OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0....

OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0....

DEBIAN-CVE-2022-48806

In the Linux kernel, the following vulnerability has been resolved: eeprom: ee1004: limit i2c reads to I2CSMBUSBLOCKMAX Commit effa453168a7 "i2c: i801: Don't silently correct invalid transfer size" revealed that ee1004eepromread did not properly limit how many bytes to read at once. In particular...

RHEL 6 : libssh2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libssh2: Out-of-bounds memory comparison with specially crafted message channel request CVE-2019-3862 - A...

Havoc C2 0.7 Server-Side Request Forgery

Exploit Title: Havoc C2 0.7 Unauthenticated SSRF Date: 2024-07-13 Exploit Author: @chebuya Software Link: https://github.com/HavocFramework/Havoc Version: v0.7 Tested on: Ubuntu 20.04 LTS CVE: ? Description: This exploit works by spoofing a demon agent registration and checkins to open a TCP sock...

CVE-2024-6422

CVE-2024-6422 affects Pepperl+Fuchs OIT-series devices (e.g., OIT1500-F113-B12-CB, OIT200-F113-B12-CB, OIT500-F113-B12-CB, OIT700-F113-B12-CB) and is caused by an unauthenticated Telnet-enabled access control error that allows a remote attacker to manipulate the device, stop processes, and read/d...

Siemens SIPROTEC 5 加密问题漏洞

SIPROTEC 5 devices offer a range of integrated protection, control, measurement and automation functions for substations and other applications. A weak cryptography vulnerability exists in Siemens SIPROTEC 5 devices due to affected devices supporting weak cryptography on multiple ports 443/tcp fo...

PT-2024-28734 · Tcp · Tcp

Name of the Vulnerable Software and Affected Versions: TCP protocol affected versions not specified Description: The issue is related to a timing side channel in the TCP protocol, making it easier for remote attackers to infer the content of one TCP connection from a client system to any server...

CVE-2024-31898

IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: 288182...

CVE-2024-23154

A maliciously crafted SLDPRT file, when parsed in ODXSWDLL.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2024-23151

A maliciously crafted 3DM file, when parsed in ASMkern229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...

Puppeteer Security Vulnerabilities

Puppeteer is a web page renderer by the individual developer Yeongjin Lee. A security vulnerability exists in puppeteer-renderer v.3.2.0 and earlier versions that could allow an attacker to read sensitive information from the server using the URL parameter of the file protocol...

The vulnerability of the software for centralized management of FortiWeb Manager firewalls lies in the authentication procedures’ deficiencies, which allow an attacker to gain access to read, modify, or delete data.

The vulnerability of the FortiWeb Manager software for centralized control of network firewalls is related to deficiencies in its authentication procedures. Exploiting this vulnerability could allow an attacker to gain access to read, modify, or delete data by sending specially crafted HTTP...

CVE-2024-5665

The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘exportsettings’ function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and...

The vulnerability of the network management tool and Cisco Nexus Dashboard Orchestrator’s policies (formerly known as Cisco Multi-Site Orchestrator) is related to deficiencies in access control. This allows a malicious actor to gain read, modify, or delete access to data.

The vulnerability of the network management tool and Cisco Nexus Dashboard Orchestrator’s formerly Cisco Multi-Site Orchestrator policies is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to data...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from allowing read from data out of bounds...