JVN#57942454: Cybozu Garoon vulnerable to improper input validation

Cybozu Garoon provided by Cybozu, Inc. contains an improper input validation vulnerability CWE-20. Impact A user who can login to the product may delete some data of the bulletin board. Solution Update the software and Apply the patch Update the software to Cybozu Garoon version 5.0.2, and then...

Oracle Trade Management Unauthorized Access Vulnerability

Oracle Trade Management is a trade management system from Oracle. It provides functions such as product categorization and allocation, import of purchase orders and letters of credit, and reconciliation of estimated and actual costs to improve trade efficiency and profitability. An unauthorized...

Microsoft Windows Elevation of Privilege Vulnerability (CNVD-2020-54910)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows, which can be exploite...

CVE-2020-1571

An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions. A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or...

CVE-2020-1554

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an...

Microsoft Windows Push Notification Service Elevation of Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A security vulnerability exists in the way memory objects are handled in the Microsoft...

CVE-2020-14627

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Query. Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise...

CVE-2020-2787

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. Supported versions that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...

CVE-2020-2538

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: Advanced UI. The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites...

New Consumer Online Privacy Rights Act (COPRA) would empower American users

Despite the already dizzying number of comprehensive data privacy proposals before the US Senate—nearly 10 have been introduced since mid-2018—yet another bill has entered the conversation: the Consumer Online Privacy Rights Act. This time, the bill, called COPRA for short, is sponsored by a...

Siemens SiNVR 3 Central Control Server (CCS) Elevation of Privilege Vulnerability

SiNVR is the Siemens OEM version of SiVMS, a video management solution acquired by PKE Deutsch land gmmbH and formerly distributed by Schille Informationssysteme gmmbH. An elevation of privilege vulnerability exists in Siemens SiNVR 3 Central Control Server CCS. A remote attacker could use this...

PT-2019-3659 · Oracle +7 · Mysql Server +6

Name of the Vulnerable Software and Affected Versions: Oracle MySQL versions 8.0.17 and prior Description: The issue is related to inadequate access control in the Server: Optimizer component of Oracle MySQL, allowing a high-privileged attacker with network access via multiple protocols to...

eQ-3 HomeMatic CCU2 and eQ-3 Homematic CCU3 Access Control Error Vulnerabilities

The eQ-3 Homematic CCU3 and the eQ-3 HomeMatic CCU2 are both central control units for a smart home system from eQ-3 Germany. An access control error vulnerability exists in the JSON API in the eQ-3 Homematic CCU2 version prior to 2.47.10 and the eQ-3 Homematic CCU3 version prior to 3.47.10, whic...

PT-2019-3029 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in handling objects in memory by the Windows kernel. This can be exploited by an attacker to elevate their privileges and run arbitrary code in kernel mode...

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver luafv.sys. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change...

CVE-2018-20424

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to delete the commonmemberwechatmp data structure via an ac=unbindmp request to plugin.php...

Bakeshop Inventory System SQL Injection Vulnerability

Bakeshop Inventory System is a bakery inventory management system. A SQL injection vulnerability exists in Bakeshop Inventory System version 1.0. A remote attacker can use the login page to view, add, modify, or delete information in the back-end database...

Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2018-24267)

Oracle E-Business Suite E-Business Suite is a set of Oracle's fully integrated global business management software.Applications Manager is one of the components used to monitor the performance and availability of Oracle application servers. A security vulnerability exists in the None subcomponent...

CVE-2018-2656

Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite subcomponent: Data Manager Server. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with...

Oracle Communications Policy Management Unauthorized Operation Vulnerability

Oracle Communications Applications is a suite of Oracle applications for rapidly delivering and monetizing digital life communications.Oracle Communications Policy Management is one of the communications policy management components. A security vulnerability exists in the Portal, CMP subcomponent...