Vulnerability of the MySQL Server component: The Optimizer component of the MySQL database management system allows a hacker to cause service failures or gain access to modify, add, or delete data.

The vulnerability of the MySQL Server component of the database management system involves insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions using the MySQL network protocol...

Improper Authorization in chocobozzz/peertube

Description The app doesn't check the status of video when making data changes. Normal users can create new comment or reply comment in private videos. Proof of Concept note: I'm using instance p.lu for testing - Step 1: Login as video test1 and upload private video. Get video ID of private video...

Improper Access Control in chocobozzz/peertube

Description The app doesn't check the status of video when making data changes. Normal users can rating like or dislike in private videos. Proof of Concept note: I'm using instance p.lu for testing - Step 1: Login as video test1 and upload private video. Get video ID of private video - Step 2: Ca...

Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321 8u311 11.0.13 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of Oracle Java SE Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments typically in clients running sandboxed Java Web Start applications or sandboxed Java applets that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component e.g. through a web service which supplies data to

...

OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerabili...

CVE-2022-21397

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications component: Mediation Engine. Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromi...

AZL-7694 CVE-2022-21278 affecting package mysql for versions less than 8.0.28-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2022-21260

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Samples. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Serve...

Oracle Construction and Engineering Suite 安全漏洞

Oracle Construction and Engineering Suite is a portfolio management solution suite product for construction projects from Oracle Corporation. A security vulnerability exists in Oracle Construction and Engineering Suite's Primavera Portfolio Management product that could allow an attacker with...

Oracle Communications 安全漏洞

Oracle Communications is a product of Oracle Corporation USA. provides integrated communications and cloud solutions for service providers and enterprises to accelerate their digital transformation.A security vulnerability exists in Oracle Communications Operations Monitor, which could be exploit...

PT-2022-2013 · Oracle +6 · Mysql Server +5

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.26 and prior Description: The issue is related to insufficient input validation in the InnoDB component of MySQL Server, allowing a highly privileged attacker with network access via multiple protocols to compromise...

Oracle Java SE和Oracle GraalVM 输入验证错误漏洞

Oracle Java SE, an Oracle company, is used to develop and deploy Java applications on desktops, servers, and embedded devices and in real-time environments. Edition accessible data for unauthorized update, insert, or delete access...

PT-2021-6985 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.28 and prior Description: The issue is related to insufficient input validation in the Server: Optimizer component of MySQL Server, allowing a high-privileged attacker with network access via multiple protocols to...

PT-2021-6434 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.7.36 and prior MySQL Server versions 8.0.27 and prior Description: The issue is related to insufficient input validation in the MySQL Server product, specifically in the Server: Security: Privileges component. This...

AZL-6712 CVE-2021-35610 affecting package mysql for versions less than 8.0.28-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

DEBIAN-CVE-2021-35604

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

UBUNTU-CVE-2021-35610

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

Oracle E-Business Suite和Oracle Universal Work Queue 安全漏洞

Oracle E-Business Suite is an extension of the original Application ERP and includes a collection of ERP Enterprise Resource Planning Management, HR Human Resource Management, CRM Customer Relationship Management and other applications that are seamlessly integrated into one management suite...

Oracle Communications 安全漏洞

Oracle Communications is a product of Oracle Corporation USA. provides integrated communications and cloud solutions for service providers and enterprises to accelerate their digital transformation.A security vulnerability exists in Oracle Communications Interactive Session Recorder, which could ...

PT-2021-22017 · Apache · Apache Couchdb

Name of the Vulnerable Software and Affected Versions: Apache CouchDB versions prior to 3.1.2 Description: A malicious user with permission to create documents in a database can attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, any JavaScript code...