CVE-2024-21018

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2024-21020

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2024-21016

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2024-21001

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: BI Platform Security. The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2024-20990

Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite component: Templates. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications...

CVE-2024-20989

Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications component: Simphony POS. Supported versions that are affected are 19.1.0-19.5.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

UBUNTU-CVE-2024-21108

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

UBUNTU-CVE-2024-21096

Vulnerability in the MySQL Server product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to...

PT-2024-4907 · Oracle +1 · Virtualbox +1

Name of the Vulnerable Software and Affected Versions: Oracle VM VirtualBox versions prior to 7.0.16 Description: The issue is related to insufficient input validation in the Core component of Oracle VM VirtualBox, allowing a low-privileged attacker with logon access to the infrastructure to...

PT-2024-3732 · Oracle · Oracle Complex Maintenance

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the LOV component of Oracle Complex Maintenance, Repair, and Overhaul, allowing an...

PT-2024-4882 · Oracle · Oracle Complex Maintenance

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the LOV component of Oracle Complex Maintenance, Repair, and Overhaul, allowing an...

lunary 信息泄露漏洞

lunary is a production toolkit for LLM. lunary suffers from an information disclosure vulnerability that stems from inadequate validation of user permissions when joining the organization. An attacker could use this vulnerability to read and modify all data within the organization...

CVE-2024-29237

Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and...

PT-2024-2354 · Advantech · Advantech Webaccess/Scada

Name of the Vulnerable Software and Affected Versions: Advantech WebAccess/SCADA affected versions not specified Description: The issue is related to a lack of protection against SQL query structure attacks, allowing a remote attacker to execute arbitrary SQL queries on the database. This can...

Delinea PAM Secret Server Information Disclosure Vulnerability

Delinea PAM Secret Server is a key service manager from Delinea. An information disclosure vulnerability exists in Delinea PAM Secret Server version 11.4, which can be exploited by an attacker to read data from a memory dump...

PT-2024-2144 · Mitsubishi · Melsec-L Series +1

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules affected versions not specified Description: The issue is related to an Incorrect Pointer Scaling vulnerability in the CPU modules of Mitsubishi Electric...

mysql: Client programs unspecified vulnerability (CPU Jul 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: Client programs. Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Pluggable Auth. Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

Server Side Request Forgery (SSRF)

mpdf/mpdf is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to not sanitizing user input while creating PDF when using html2pdf service. An attacker can exploit this flaw to use crafted html to include any arbitrary URL in the input to read the data from or to attack the...

CVE-2024-23125

A maliciously crafted SLDPRT file when parsed ODXSWDLL.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...