Memory corruption

An exploitable denial of service vulnerability exists in the freeDiameter functionality of freeDiameter 1.3.2. A specially crafted Diameter request can trigger a memory corruption resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2020-6098

An exploitable denial of service vulnerability exists in the freeDiameter functionality of freeDiameter 1.3.2. A specially crafted Diameter request can trigger a memory corruption resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2020-14697

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2020-14643

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Roles. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

CVE-2020-14712

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle ...

Buffer overflow

Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications component: Installation. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle...

CVE-2020-2975

Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application...

CVE-2020-2971

CVE-2020-2971 affects Oracle Application Express within Oracle Database Server (versions 5.1–19.2). The vulnerability allows a low-privileged attacker with SQL Workshop privilege and network access via HTTP to compromise APEX. Attacks require human interaction, and the impact can include unauthor...

CVE-2020-14686

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite component: Others. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport...

CVE-2020-2978

Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracl...

CVE-2020-6074

An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

Remote code execution

An exploitable code execution vulnerability exists in the TIFF fillinraster function of the igcore19d.dll library of Accusoft ImageGear 19.4, 19.5 and 19.6. A specially crafted TIFF file can cause an out-of-bounds write, resulting in remote code execution. An attacker can provide a malicious file...

CVE-2020-2774

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

Oracle Solaris Critical Patch Update : apr2020_SRU11_3_36_20_0

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Common Desktop Environment. Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileg...

CVE-2020-2905

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ...

CVE-2020-2910

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

Design/Logic Flaw

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: SSO Engine. Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Access Manage...

Code injection

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to...

Design/Logic Flaw

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: Security. Supported versions that are affected are 9.3.3, 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attac...

CVE-2020-2938

Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning product of Oracle Financial Services Applications component: User Interface. Supported versions that are affected are 8.0.6 - 8.0.8. Easily exploitable vulnerability allows low privileged attacker with network...