Lucene search
K

1367 matches found

CNNVD
CNNVD
added 2022/01/19 12:0 a.m.4 views

Oracle Construction and Engineering Suite 输入验证错误漏洞

Oracle Construction and Engineering Suite is a portfolio management solution suite product for construction projects from Oracle Corporation. A security vulnerability in Oracle Construction and Engineering Suite's Primavera Portfolio Management product could allow an unauthenticated attacker to...

5.8CVSS6.8AI score0.00825EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/01/19 12:0 a.m.5 views

Oracle Commerce 输入验证错误漏洞

Oracle Commerce is the United States Oracle Oracle company's set of e-business solutions. Commerce Platform is one of them to provide a multi-functional e-business platform components. A security vulnerability in Oracle Commerce's Oracle Commerce Platform product could allow an unauthenticated...

5.3CVSS5.7AI score0.01147EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/01/19 12:0 a.m.4 views

Oracle Financial Services Applications 安全漏洞

Oracle Financial Services Applications is a suite of financial services software, and Oracle Financial Services Analytical Applications is a financial services analytics software. Oracle Financial Services Applications is a financial services software. Analytical Applications is a financial...

4.3CVSS6.4AI score0.00688EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/01/19 12:0 a.m.5 views

Oracle Communications Applications 输入验证错误漏洞

Oracle Communications Applications is an advanced communications and collaboration services application from Oracle Corporation. A security vulnerability exists in the Oracle Communications Billing and Revenue Management product for Oracle Communications Applications Component: Pipeline Manager...

3.3CVSS6.6AI score0.00316EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/01/19 12:0 a.m.4 views

PT-2022-2012 · Oracle +1 · Virtualbox +1

Name of the Vulnerable Software and Affected Versions: Oracle VM VirtualBox versions prior to 6.1.32 Description: The issue allows a low-privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox, potentially impacting additional...

9CVSS5.4AI score0.02167EPSS
Exploits1References116
CNNVD
CNNVD
added 2022/01/18 12:0 a.m.6 views

Oracle WebLogic Server 输入验证错误漏洞

Oracle WebLogic Server is an application services middleware from Oracle for cloud and traditional environments that provides a modern, lightweight development platform that supports full lifecycle management of applications from development to production and simplifies application deployment and...

6.1CVSS5.6AI score0.00946EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/01/18 12:0 a.m.8 views

PT-2022-6851

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 7u321, 8u311, 11.0.13, 17.0.1 Oracle GraalVM Enterprise Edition versions 20.3.4, 21.3.0 Description The issue allows an unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE an...

5.3CVSS6.8AI score0.02877EPSS
Exploits0References220
Cvelist
Cvelist
added 2022/01/14 7:11 p.m.19 views

CVE-2021-39680

In secSHA256Transform of sha256core.c, there is a possible way to read heap data due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

4.6AI score0.00115EPSS
Exploits0References1
OSV
OSV
added 2022/01/01 12:0 a.m.5 views

PUB-A-197965864

In secSHA256Transform of sha256core.c, there is a possible way to read heap data due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...

4.4CVSS6.9AI score0.00115EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/11/15 12:0 a.m.11 views

PT-2021-6982 · Oracle +6 · Mysql Server +5

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.28 and prior Description: The issue is related to insufficient input validation in the Server: Optimizer component of MySQL Server. It allows a high-privileged attacker with network access via multiple protocols to...

10CVSS6.8AI score0.87816EPSS
Exploits22References822
CNNVD
CNNVD
added 2021/11/10 12:0 a.m.2 views

vivo Jovi Smart Scene 安全漏洞

Vivo Jovi Smart Scene is used by China's Vivo to provide users with efficient, interactive and decision-making personalized services. The vivo Jovi Smart Scene suffers from a security vulnerability that allows an attacker to access sensitive information stored in the jovi Smart Scene module by...

5.5CVSS5.8AI score0.00201EPSS
Exploits0References2
OSV
OSV
added 2021/11/09 12:15 p.m.3 views

CVE-2021-40366

A vulnerability has been identified in Climatix POL909 AWB module All versions V11.42, Climatix POL909 AWM module All versions V11.34. The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to...

7.4CVSS7.1AI score0.00408EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/11/09 12:0 a.m.4 views

SAP ERP HCM 安全漏洞

SAP ERP HCM is an enterprise human resource management solution from SAP, Germany. A security vulnerability exists in SAP ERP HCM that stems from the fact that SAP ERP HCM Portugal does not perform the necessary authorization checks on reports that read employee payroll data for a specific region...

4.3CVSS6.1AI score0.00553EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/11/02 10:21 a.m.5 views

OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows...

4.3CVSS7.4AI score0.04238EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2021/10/27 7:0 a.m.3 views

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

...

4CVSS7AI score0.01342EPSS
Exploits0
Cvelist
Cvelist
added 2021/10/22 11:23 a.m.22 views

CVE-2021-38451 AUVESY Versiondog

The affected product’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the user must supply parameters. There is no sanitation on the value of the offset, which allows the client to specify any offset and read out-of-bounds data...

4.8CVSS5.8AI score0.00637EPSS
Exploits0References1
OSV
OSV
added 2021/10/20 11:17 a.m.4 views

CVE-2021-35649

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization component: Server. The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle Secure Global Deskto...

5.4CVSS6.7AI score0.00779EPSS
Exploits0References1
OSV
OSV
added 2021/10/20 11:17 a.m.5 views

AZL-6717 CVE-2021-35625 affecting package mysql for versions less than 8.0.28-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

2.7CVSS6.3AI score0.01342EPSS
Exploits0References1
OSV
OSV
added 2021/10/20 11:17 a.m.5 views

AZL-6715 CVE-2021-35623 affecting package mysql for versions less than 8.0.28-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Roles. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

2.7CVSS6.3AI score0.01342EPSS
Exploits0References1
OSV
OSV
added 2021/10/20 11:17 a.m.2 views

CVE-2021-35616

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: UI Infrastructure. The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation...

5.4CVSS6.3AI score0.27974EPSS
Exploits0References1
Rows per page
Query Builder