220 matches found
Qualcomm 组件输入验证错误漏洞
The Qualcomm Component is a component of Qualcomm Incorporated USA. An intrinsic part that provides the functionality of Qualcomm devices. The Qualcomm Component is vulnerable to an input validation error vulnerability that could result in a denial of service condition due to improper handling of...
U.S. Weapons Programs Lack 'Key' Cybersecurity Measures
Weapons programs from the U.S. Department of Defense DoD are falling short when it comes to incorporating cybersecurity requirements, according to a new watchdog report. While the DoD has developed a range of policies aimed at hardening the security for its weapon systems, the guidance leaves out...
CVE-2021-2093
CVE-2021-2093 affects Oracle E-Business Suite, specifically the Oracle Common Applications component (CRM User Management Framework). Affected versions are 12.1.1–12.1.3 and 12.2.3–12.2.10. The vulnerability enables unauthenticated access via HTTP from a network contact; exploitation requires use...
Command execution vulnerability in vaeThink backend Au***.php file
vaeThink is a PHP content management framework built on Layui and tp5. A command execution vulnerability exists in the vaeThink backend Au.php file. An attacker can exploit this vulnerability to gain server privileges...
Apache Calcite Clickjacking Vulnerability
Apache Calcite is a dynamic data management framework that has many of the features of a typical database management system, such as SQL parsing, SQL validation, SQL query optimization, SQL generation, and data connection queries. clickjacking vulnerability exists in versions of Apache Calcite...
Cisco IOS XE Information Disclosure and Denial of Service Vulnerability (CNVD-2020-57582)
Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. An information disclosure and denial of service vulnerability exists in the Web management framework of Cisco IOS XE. An attacker could exploit this vulnerability to gain...
CVE-2020-3141
Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the...
CVE-2020-3425 Cisco IOS XE Software Privilege Escalation Vulnerabilities
Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the...
CVE-2020-3475 Cisco IOS XE Software Web Management Framework Vulnerabilities
Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service DoS...
The vulnerability of the CRM User Management Framework component of Oracle Common Applications allows a hacker to gain access to modify, add, or delete data.
The vulnerability of the CRM User Management Framework component of Oracle Common Applications is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker operating remotely to gain access to modify, add, or delete data...
CVE-2020-14716
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite component: CRM User Management Framework. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...
CVE-2020-14716
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite component: CRM User Management Framework. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...
CVE-2020-14688
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite component: CRM User Management Framework. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...
CVE-2020-14717
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite component: CRM User Management Framework. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...
CVE-2020-14717
CVE-2020-14717 affects Oracle E-Business Suite, specifically the Common Applications CRM User Management Framework . Affected versions are 12.1.3 and 12.2.3–12.2.9 . The vulnerability allows an unauthenticated attacker with network access over HTTP to compromise Oracle Common Applications. Althou...
CVE-2020-14716
CVE-2020-14716 affects Oracle E-Business Suite, specifically the Common Applications component (CRM User Management Framework). Affected versions are 12.1.3 and 12.2.3–12.2.9 . The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Common Applicatio...
Salt Bugs Allow Full RCE as Root on Cloud Servers
The open-source Salt management framework contains high-severity security vulnerabilities that allow full remote code execution as root on servers in data centers and cloud environments. And in-the-wild attacks are expected imminently. According to F-Secure researchers, the framework, authored by...
File Upload Vulnerability in vaethink v1.0.1
vaeThink pronounced:v think is a lightweight, high speed PHP content management framework built on ThinkPHP backend and Layui frontend ui. vaethink v1.0.1 has a file upload vulnerability that can be exploited by attackers to gain access to server information and permissions...
Debian: Security Advisory (DLA-1960-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
katello-installer-base: QMF methods exposed to goferd via qdrouterd
A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent. A malicious user authenticated to a host registered to Satellite or Capsule can use this flaw to access QMF methods to any host also registered to Satellite or Capsule and...