Design/Logic Flaw

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server...

1Panel set-cookie is missing the Secure keyword

The https cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text when accessing http accidentally. https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/Set-Cookiesecure...

CVE-2024-20950

Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite component: Outcome-Result. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Custom...

CVE-2024-20942

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain component: LOV. Supported versions that are affected are 11.5, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2024-20940

Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite component: Create, Update, Authoring Flow. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...

CVE-2024-20928

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Content Server. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content...

CVE-2024-20904

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Pod Admin. Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Orac...

Design/Logic Flaw

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Content Server. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content...

Buffer overflow

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK. The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with network...

CVE-2024-20987

CVE-2024-20987 affects Oracle BI Publisher Web Server (Oracle Analytics). Version 12.2.1.4.0 is vulnerable due to insufficient input validation in the Web Server component. An unauthenticated attacker with network access over HTTP, requiring user interaction, can lead to unauthorized update/inser...

PT-2024-1216 · Oracle · Oracle Enterprise Manager Base Platform

Name of the Vulnerable Software and Affected Versions: Oracle Enterprise Manager Base Platform version 13.5.0.0 Description: The issue is related to insufficient input validation in the Log Management component, allowing an unauthenticated attacker with network access via HTTP to compromise the...

PT-2024-1335 · Oracle · Oracle Zfs Storage Appliance Kit

Name of the Vulnerable Software and Affected Versions: Oracle ZFS Storage Appliance Kit version 8.8 Description: The issue is related to insufficient input validation in the Core component of the Oracle ZFS Storage Appliance Kit. This easily exploitable vulnerability allows a low-privileged...

PT-2024-1210 · Oracle · Oracle E-Business Suite +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue exists due to insufficient input validation in the Engineering Change Order component of Oracle Application Object Library. This allows a remote attacker to gain...

PT-2024-1208 · Oracle · Oracle Crm Technical Foundation +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the Admin Console component of Oracle CRM Technical Foundation, allowing a low-privileged attacker with network acce...

VulnCheck KEV: CVE-2022-21500

Vulnerability in Oracle E-Business Suite component: Manage Proxies. The supported version that is affected is 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can...

PT-2023-9577 · Oracle · Oracle Mes +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to a vulnerability in the Device Integration component of Oracle MES for Process Manufacturing, which can be exploited by a low-privileged attacker with...

PT-2023-9573 · Oracle · Oracle E-Business Suite

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to weaknesses in the authorization mechanism of the Common Components component in Oracle Financials, part of the Oracle E-Business Suite. This can allo...

PT-2023-9049 · Oracle · Oracle Trade Management +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the Claim LOV component of Oracle Trade Management, allowing an unauthenticated attacker with network access via HTT...

PT-2023-9316 · Oracle · Oracle Enterprise Asset Management

Name of the Vulnerable Software and Affected Versions: Oracle Enterprise Asset Management versions 12.2.11 through 12.2.13 Description: The issue is related to insufficient input validation in the Work Definition Issues component of Oracle Enterprise Asset Management. This allows a low-privileged...

PT-2023-29364 · Galleon · Galeon

Name of the Vulnerable Software and Affected Versions: Galleon affected versions not specified Description: An improper initialization issue was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This could allow an attacker to acces...