PT-2024-1539 · Oracle · Oracle Bi Publisher

Name of the Vulnerable Software and Affected Versions: Oracle BI Publisher version 12.2.1.4.0 Description: The issue is related to insufficient input validation in the Web Server component of Oracle BI Publisher. This allows a low-privileged attacker with network access via HTTP to compromise...

PT-2024-1226

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u391 Oracle GraalVM Enterprise Edition versions 20.3.12 and 21.3.8 Description The issue exists due to insufficient input validation in the JavaFX component of Oracle Java SE and Oracle GraalVM Enterprise Edition. This...

Medium: golang

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

PT-2023-24231 · Desfire · Desfire

Name of the Vulnerable Software and Affected Versions: DesFire affected versions not specified Description: The function that reads the card isn't properly checking the boundaries when copying internally the data received, allowing a heap-based buffer overflow. This could lead to a potential Remo...

CVE-2023-44284

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an SQL Injection vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database...

PT-2023-9120 · Dell · Dell Powerprotect Dd

Name of the Vulnerable Software and Affected Versions: Dell PowerProtect DD versions prior to 7.13.0.10 Dell PowerProtect DD version 6.2.1.110 Dell PowerProtect DD LTS versions prior to 7.7.5.25 Dell PowerProtect DD LTS versions prior to 7.10.1.15 Description: The issue is related to an SQL...

Xen Buffer Error Vulnerability

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. Xen suffers from a security vulnerability th...

PT-2024-18848 · Oracle · Peoplesoft Enterprise Cc Common Application Objects

Name of the Vulnerable Software and Affected Versions: PeopleSoft Enterprise CC Common Application Objects version 9.2 Description: The issue allows a low-privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks can...

AZL-32124 CVE-2023-39326 affecting package msft-golang for versions less than 1.21.5-1

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data up to about...

CVE-2023-29074

A maliciously crafted CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2023-41140

A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2023-29073

A maliciously crafted MODEL file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

The vulnerability of the ide_dma_cb() function in the QEMU hardware emulation software allows a attacker to gain access to read, modify, or delete data, or to cause a service failure.

The vulnerability of the idedmacb function in the QEMU hardware emulation software is related to synchronization errors when processing the DRQSTAT parameter. Exploiting this vulnerability can allow an attacker to gain access to read, modify, or delete data, or cause a service failure...

The vulnerability of the Visual Analyzer component of the Oracle Business Intelligence Enterprise Edition software platform allows a perpetrator to gain access to read data or modify data.

The vulnerability of the Visual Analyzer component of the Oracle Business Intelligence Enterprise Edition software exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain read access to data or modify data using HTTP...

Huawei EMUI Security Vulnerability

Huawei EMUI is an Android-based mobile operating system developed by China's Huawei Huawei. A security vulnerability exists in Huawei EMUI version 11.0.1, which originates from a parameter in the QMI service module that is out of range, resulting in an error when reading file data...

SUSE CVE-2020-14838

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

SUSE CVE-2021-35623

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Roles. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to gain read, modify, add, or delete access to data.

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data...

Vulnerability of the Installer component: The general installer for MySQL allows a perpetrator to gain access to read, modify, or delete data, and trigger a service failure.

Vulnerability of the Installer component: The general installer for MySQL is vulnerable due to insufficient validation of input data. Exploiting this vulnerability can allow attackers to gain access to read, modify, or delete data, leading to service failure...

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a malicious individual to gain unauthorized access to read, modify, or delete data, as well as to trigger a service failure.

The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to read, modify, or delete data, thereby causing service failures...