Lucene search
K

1367 matches found

OSV
OSV
added 2021/07/21 3:15 p.m.2 views

CVE-2021-2366

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering component: Web Access. Supported versions that are affected are 17.12.0-17.12.20, 18.8.0-18.8.23, 19.12.0-19.12.14 and 20.12.0-20.12.3. Easily exploitable vulnerability allows...

6.4CVSS7.3AI score0.00555EPSS
Exploits0References1
OSV
OSV
added 2021/07/21 3:15 p.m.2 views

CVE-2021-2346

Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce component: Tools and Frameworks. The supported version that is affected is 11.3.1.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

5.4CVSS6.7AI score0.00511EPSS
Exploits0References1
OSV
OSV
added 2021/07/21 3:15 p.m.1 views

CVE-2021-2338

Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM component: Email Marketing Stand-Alone. Supported versions that are affected are 21.5 and Prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps -...

6.1CVSS6.8AI score0.00934EPSS
Exploits0References1
OSV
OSV
added 2021/07/21 3:15 p.m.0 views

UBUNTU-CVE-2021-2417

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: GIS. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

6CVSS7.2AI score0.01729EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/07/21 11:52 a.m.5 views

OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows...

4.3CVSS7.4AI score0.04238EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/07/21 8:53 a.m.3 views

OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows...

4.3CVSS7.4AI score0.04238EPSS
Exploits0References4
OSV
OSV
added 2021/07/21 12:15 a.m.4 views

CVE-2021-2460

Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 21.1.0.00.04. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to...

5.4CVSS6.7AI score
Exploits0References1
CNNVD
CNNVD
added 2021/07/20 12:0 a.m.2 views

Oracle Fusion Middleware 安全漏洞

Oracle Outside In Technology is a software development kit SDK that provides developers with a comprehensive solution for extracting, normalizing, cleaning, converting, and viewing content in more than 600 unstructured file formats. In Filters component contains a security vulnerability. The...

7.5CVSS8.3AI score0.01063EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/07/20 12:0 a.m.2 views

Oracle Construction and Engineering Suite输入验证错误漏洞

Primavera P6 Enterprise Project Portfolio Management is a comprehensive project portfolio management PPM solution that includes role-specific functionality to meet the needs, responsibilities, and skills of each team member.Primavera P6 Enterprise Project Portfolio Management versions...

4.3CVSS8.3AI score0.00662EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/07/20 12:0 a.m.3 views

Oracle Fusion Middleware 安全漏洞

Oracle Outside In Technology is a software development kit SDK that provides developers with a comprehensive solution for extracting, normalizing, cleaning, converting, and viewing content in more than 600 unstructured file formats. A security vulnerability exists in the Outside In Filters...

7.5CVSS5.7AI score0.01063EPSS
Exploits0References5
OSV
OSV
added 2021/06/24 7:15 p.m.2 views

DEBIAN-CVE-2021-32492

A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::hasdata via crafted djvu file may lead to application crash and other consequences...

7.8CVSS7.2AI score0.0093EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2021/06/16 5:51 p.m.78 views

Arbitrary code execution in Apache Druid

Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker...

8.8CVSS4.4AI score0.22588EPSS
Exploits1References13Affected Software1
OSV
OSV
added 2021/06/16 4:15 a.m.2 views

CVE-2021-28815

Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link...

4.9CVSS5.8AI score0.01711EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/06/11 2:33 p.m.18 views

CVE-2021-25425

Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component...

5.5AI score0.00793EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/06/01 12:0 a.m.8 views

Nginx 控制器 安全漏洞

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller that stems from the fact that intra-cluster communication do...

7.4CVSS7.5AI score0.00544EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/05/19 12:0 a.m.4 views

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a perpetrator to gain read access to data, modify data, or cause partial service disruption.

The vulnerability of the Outside In Filters component within Oracle’s software development kit SDK “Outside In Technology” exists due to insufficient testing of input data. Exploiting this vulnerability can allow an attacker to gain read access to data, modify, add, or delete data, or cause a...

7.5CVSS6.8AI score0.00907EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/19 12:0 a.m.3 views

The vulnerability of the Web Listener component of the Oracle HTTP Server allows a perpetrator to gain access to read data or modify data.

The vulnerability of the Web Listener component of the Oracle HTTP Server exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to gain read access to data or modify data remotely...

5.8CVSS6.7AI score0.00959EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/05/14 7:10 p.m.20 views

CVE-2021-29553 Heap OOB in `QuantizeAndDequantizeV3`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can read data outside of bounds of heap allocated buffer in tf.rawops.QuantizeAndDequantizeV3. This is because the...

2.5CVSS7.2AI score0.00198EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2021/04/24 7:0 a.m.2 views

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

...

4CVSS7AI score0.01012EPSS
Exploits0
OSV
OSV
added 2021/04/23 9:15 p.m.3 views

CVE-2020-7035

An XML External Entities XXEvulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer includes all 7.x...

6.5CVSS5.8AI score0.01067EPSS
Exploits0References1
Rows per page
Query Builder