CVE-2023-22125

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2023-22105

Vulnerability in the BI Publisher product of Oracle Analytics component: Web Server. Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. Successful attacks requir...

CVE-2023-22093

Vulnerability in the Oracle iRecruitment product of Oracle E-Business Suite component: Requisition and Vacancy. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iRecruitment...

CVE-2023-22076

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Personalization. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application...

CVE-2023-22080

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: PIA Core Technology. Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

UBUNTU-CVE-2023-22113

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

PT-2023-6269 · Oracle · Oracle Applications Framework +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.12 Description: The issue is related to insufficient input validation in the Personalization component of the Oracle Applications Framework product. This allows an unauthenticated attacker...

PT-2023-6418 · Oracle · Oracle Banking Trade Finance

Name of the Vulnerable Software and Affected Versions: Oracle Banking Trade Finance versions 14.5 through 14.7 Description: The issue exists due to insufficient input validation in the Infrastructure component of Oracle Banking Trade Finance, allowing a remote attacker to gain read, modify, add, ...

The vulnerability of the SASL Quorum Peer authentication function in the centralized service for supporting configuration information, naming, distributed synchronization, and providing group services via Apache ZooKeeper allows attackers to circumvent security restrictions and gain read, modify, or delete access to data.

The vulnerability of the SASL Quorum Peer authentication function in the centralized service for supporting configuration information, naming, distributed synchronization, and providing group services via Apache ZooKeeper is related to the ability to bypass authentication by using a user-controll...

Debian dla-3606 : freerdp2-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3606 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3606-1 [email protected]...

CVE-2023-4092

SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data insert/update/delete, perform database administration operations and, in some cases, execute commands on the...

Fujitsu Arconte Áurea SQL Injection Vulnerability

Fujitsu Arconte Áurea is a view recording system from Fujitsu Japan. A security vulnerability exists in Fujitsu Arconte Áurea versions prior to 1.5.0.0. An attacker could exploit the vulnerability to read sensitive data from the database, modify data insert/update/delete, perform database...

CVE-2023-21521

An SQL Injection vulnerability in the Management Console Operator Audit Trail of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database data Insert/Update/Delete, execute administration operations on the database, recover the...

BlackBerry AtHoc SQL Injection Vulnerability

BlackBerry AtHoc is a crisis communications solution for federal, state and local governments, public safety and law enforcement agencies, and schools from BlackBerry Canada. A security vulnerability exists in BlackBerry AtHoc version 7.15, which stems from a SQL injection vulnerability in the...

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain access to read, modify, or delete data.

The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to read, modify, or delete data...

The vulnerability of the SAP Message Server, a software integration platform of SAP NetWeaver, allows attackers to gain read, modify, or delete access to data, or to cause service interruptions.

The vulnerability of the SAP Message Server, a software integration platform of SAP NetWeaver, is related to deficiencies in the authentication process when processing the Access Control List ACL. Exploiting this vulnerability allows an attacker to gain read, modify, or delete access to data, or ...

The vulnerability of component B1i Layer of the SAP Business One resource management system allows a hacker to gain access to read, modify, or delete data.

The vulnerability of component B1i Layer in the SAP Business One resource management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to remotely gain access to read, modify, or delete data by sending...

CVE-2023-37491

The ACL Access Control List of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the...

The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system for resource management allows a perpetrator to gain read access to data and modify it.

The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system for resource management involves errors in processing input data. Exploiting this vulnerability can allow an attacker to gain read access to data and modify it...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H).

...