mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Pluggable Auth. Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

mysql: Client programs unspecified vulnerability (CPU Jul 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: Client programs. Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

Medium: nerdctl

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

CVE-2024-20956

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Installation. Supported versions that are affected are Prior to 6.2.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2024-20933

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite component: Engineering Change Order. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed...

CVE-2024-20917

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Log Management. The supported version that is affected is 13.5.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2024-20913

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: BI Platform Security. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2024-21915

A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform FTSP. If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read an...

EBM Technologies RISWEB SQL Injection Vulnerability

EBM Technologies RISWEB is an application from China-based EBM Technologies EBM Technologies. EBM Technologies RISWEB suffers from a SQL injection vulnerability that stems from not properly restricting user input. A remote attacker can inject SQL commands without authentication to be able to read...

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow lies in the lack of protection for operational data, allowing attackers to gain access to and read this data.

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow is related to the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain read access to data...

CVE-2024-23769

Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 for Windows allows a local attacker to read privileged data...

CVE-2023-51947

Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication...

The vulnerability of NVIDIA’s SBIOS system, specifically the DGX A100 server, allows a hacker to gain access to read, modify, or delete data, or to cause service interruptions.

The vulnerability of NVIDIA’s SBIOS system, specifically the DGX A100 server, is related to a numerical overflow vulnerability. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to data, or cause service interruptions...

CVE-2024-20987

Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: Web Server. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks...

CVE-2024-20940

Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite component: Create, Update, Authoring Flow. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...

CVE-2024-20936

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite component: Documents. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One...

CVE-2024-20904

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Pod Admin. Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Orac...

CVE-2023-21901

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 8.0.7, 8.0.8, 8.0.9, 8.1.0, 8.1.1 and 8.1.2. Easily exploitable vulnerability allows low...

PT-2024-1156 · Oracle · Oracle Audit Vault/Database Firewall

Name of the Vulnerable Software and Affected Versions: Oracle Audit Vault and Database Firewall versions 20.1 through 20.9 Description: The issue is related to insufficient input validation in the Firewall component of Oracle Audit Vault and Database Firewall, allowing a remote attacker to gain...