CVE-2021-21859

An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The striboxread function is used when processing atoms using the 'stri' FOURCC code. An attacker can convince a user to open a video to trigger...

CVE-2021-2427

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2021-2418

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2021-2369

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Library. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows...

CVE-2021-2443

CVE-2021-2443 affects Oracle VM VirtualBox Core, prior to 6.1.24. A locally authenticated attacker can cause a hang/crash (DOS) and may read, update or delete data in VirtualBox data, with exploitation tied to Solaris x86 and Linux. Upgrading to 6.1.24 (or later) is recommended per multiple advis...

CVE-2020-27230

A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findSector parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection An attacker can make an authenticated HTTP request to trigger this...

Arbitrary Code Execution

f2fs-tools is vulnerable to arbitrary code execution. An exploitable code execution vulnerability exists in the fsckchkorphannode functionality allows an attacker to execute arbitrary code on the host OS via heap-based buffer overflow using a malicious f2fs file...

CVE-2021-2248

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization component: Server. The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Secure Global...

Design/Logic Flaw

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...

CVE-2021-2266

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

Design/Logic Flaw

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Coherence Container. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to...

Buffer overflow

Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: Shopping Cart. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore...

CVE-2021-2250

CVE-2021-2250 affects Oracle VM VirtualBox Core (pre-6.1.20). The issue allows high-privilege attackers with logon to compromise VirtualBox, with potential takeover of the product and impact to connected products. The family of CVEs discussed (including CVE-2021-2250, 2145, 2264–2310, etc.) share...

CVE-2021-2250

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

CVE-2021-2192

Vulnerability in the Oracle Solaris product of Oracle Systems component: Kernel. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful...

CVE-2021-2178

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

Arbitrary Code Execution

Mozilla is vulnerable to arbitrary code execution. Memory safety bugs leads to memory corruption which could be exploited to run arbitrary code...

CVE-2021-27077

Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26863, CVE-2021-26875, CVE-2021-26900. Recent assessments: gwillcox-r7 at March 11, 2021 6:25pm UTC reported: Interesting, so this was a bug within win32kfull.sys!BLTRECORD::bRotate originally disclosed by ZDI...

Privilege escalation

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege...

Denial of service

An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...