The vulnerability of the On Demand Billing component of Oracle Financial Services’ Revenue Management and Billing system allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the On Demand Billing component in Oracle Financial Services’ Revenue Management and Billing system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to modify, add, or delete data usi...

The vulnerability of the BI Publisher Security component of the Oracle BI Publisher reporting tool allows a malicious individual to gain access to modify, add, or delete data, or to cause service interruptions.

The vulnerability of the BI Publisher Security component of the Oracle BI Publisher reporting tool is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data, or cause service failures using the HTTP protocol...

The vulnerability of the Oracle CRM Technical Foundation component of the Oracle E-Business Suite system, which allows a perpetrator to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the Oracle CRM Technical Foundation component of the Oracle E-Business Suite exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information or to modify, add,...

The vulnerability of the Outcome-Result component of the Oracle Customer Interaction History software allows a perpetrator to gain unauthorized access to protected information or to have read, add, or delete privileges over the data.

The vulnerability of the Outcome-Result component of the Oracle Customer Interaction History software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information or to have read, add,...

The vulnerability of the E-Business Suite component – XDO, a software tool for creating reports with Oracle BI Publisher – allows an intruder to gain unauthorized access to protected information. This enables the intruder to read, modify, add, or delete data, or to cause service interruptions.

The vulnerability of the E-Business Suite component – XDO, a software tool for creating reports in Oracle BI Publisher – is related to deficiencies in access control. Exploiting this vulnerability could allow an intruder to gain unauthorized access to protected information, read, modify, add, or...

GitLab: FogBugz import attachment full SSRF requiring vulnerability in *.fogbugz.com

Summary: Hi Team, a bit of a odd one here. The FogBugz import code uses CarrierWave::Uploader::Base:download! to download attachments from fogbugz.com when importing a FogBugz repository. CarrierWave::Uploader::Base:download! ultimately uses Kernel.Open to download the provided attachment URL...

The vulnerability of the Marketing Administration component of the Oracle Marketing marketing platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of Oracle Marketing’s Marketing Administration component is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP network protocol...

CVE-2021-2098

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite component: Message Display. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Ema...

CVE-2020-28217

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 firmware 2.7 and older, that would allow an attacker to read network traffic over HTTP protocol...

CVE-2020-28216

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 firmware 2.7 and older, that would allow an attacker to read network traffic over HTTP protocol...

Code injection

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 firmware 2.7 and older, that would allow an attacker to read network traffic over HTTP protocol...

CVE-2020-28217

Schneider Electric Easergy T300 firmware 2.7 and earlier is affected by CVE-2020-28217 (Missing Encryption of Sensitive Data) in the IEC60870-5-104 communication path. The NVD/NVD-derived entry indicates vulnerability to reading network traffic due to lack of encryption, with a CVSSv3 base score ...

CVE-2020-28217

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 firmware 2.7 and older, that would allow an attacker to read network traffic over HTTP protocol...

CVE-2020-28216

CVE-2020-28216 affects Schneider Electric Easergy T300 with firmware version 2.7 and earlier. The root cause is Missing Encryption of Sensitive Data (CWE-311), allowing an attacker to read network traffic over HTTP. The vulnerability impact includes exposure of sensitive information via HTTP traf...

Unspecified Vulnerability in Schneider Electric Easergy T300

Easergy T300 is a new generation intelligent terminal for distribution network automation, which is designed with the concept of "Modularity, Flexibility, and Application Oriented", and can be widely used in medium voltage distribution network management, fault location, isolation, and restoratio...

The vulnerability of the System Wide Java environment for creating, integrating, and managing applications within the Oracle Utilities Framework allows a perpetrator to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the System Wide Java environment used for creating, integrating, and managing applications within the Oracle Utilities Framework is related to lack of access control. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information, o...

The vulnerability of the Core component of the real-time payment processing software in Oracle Banking Payments allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Core component of the real-time payment processing software in Oracle Banking Payments is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using...

The vulnerability of the Console component of the Oracle WebLogic Server application server allows a attacker to gain full control over the application.

The vulnerability of the Console component of the Oracle WebLogic Server application lies in insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to gain full control over the application using the HTTP protocol...

Some HTTP/2 implementations are vulnerable to a header leak potentially leading to a denial of service

...

The vulnerability of the Print Server component of the Oracle One-to-One Fulfillment application in the Oracle E-Business Suite allows a perpetrator to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the Print Server component of the Oracle One-to-One Fulfillment application in the Oracle E-Business Suite is related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to protected...