Linux Distros Unpatched Vulnerability : CVE-2021-20247

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromise...

WeGIA SQL Injection Vulnerability (CNVD-2025-17268)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the /html/funcionario/profiledependente.php endpoint iddependente parameter. An attacker could exploit this...

The vulnerability of the Unified Audit component of the Oracle Database Server system allows a perpetrator to gain access to read, modify, and delete information.

The vulnerability of the Unified Audit component of the Oracle Database Server management system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain access to read, modify, and delete data...

CVE-2025-24860 Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions

Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control...

CVE-2025-23015 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...

PT-2025-5589 · Apache · Apache Cassandra

Name of the Vulnerable Software and Affected Versions: Apache Cassandra versions 4.0.0 through 4.0.15 Apache Cassandra versions 4.1.0 through 4.1.7 Apache Cassandra versions 5.0.0 through 5.0.2 Description: The issue allows users to access a datacenter or IP/CIDR groups they should not be able to...

Oracle JD Edwards Products 安全漏洞

Oracle JD Edwards Products is a fully integrated suite of Enterprise Resource Planning ERP applications from Oracle Corporation USA. The products provide application modules for financial management, project management, and asset lifecycle management. A security vulnerability exists in Oracle JD...

The vulnerability of the Advanced Networking Option component of the Oracle Database Server system allows a attacker to gain read, modify, add, or delete access to data.

The vulnerability of the Advanced Networking Option component of the Oracle Database Server management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain read, modify, add, or delete access to data...

CVE-2020-36126

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by incorrect access control that can lead to remote privilege escalation. PAXSTORE marketplace endpoints allow an authenticated user to read and write data not owned by them, including third-party users, application and payment...

Facebook Security Debacles: 2019 Year in Review

Facebook Security: 2019 Year in Review Facebook spent the past year both trying to deal with the consequences of the Cambridge Analytica scandal that rocked its public relations in 2018, as well as other issues afflicting the social media platform – from data security challenges to political...

Oracle Marketing Component Access Control Error Vulnerability (CNVD-2019-29195)

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. marketing is one of the Internet-based marketing...

Unspecified Vulnerability in Oracle Sun Systems Products Suite Solaris (CNVD-2019-30948)

Oracle Sun Systems Products Suite is a suite of Sun systems products from Oracle Corporation, of which Solaris is one of the computer operating system components. A security vulnerability exists in the LFTP subcomponent of the Solaris component of Oracle Sun Systems Products Suite, version 11.3. ...

The vulnerability of the WebSphere Application Server software allows a malicious intruder to compromise the integrity of protected information.

XSS attacks in IBM SmartCloud Analytics Log Analysis allow malicious actors to inject arbitrary web scripts or HTML code by using an invalid request parameter in the response from the final authentication endpoint of OAuth...

Sun Java Plugin 1.4.2 _01 - Cross-Site Applet Sandbox Security Model Violation

Sun Java Plugin 1.4.2 01 - Cross-Site Applet Sandbox Security Model Violation source: https://www.securityfocus.com/bid/8857/info A vulnerability has been reported in Java implementations that may potentially allow Java applets from two different domains to violate the sandbox security model and...