1117 matches found
CVE-2024-22059
A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS...
ROS-20240529-01
Vulnerability in the Lightweight HTTP Server component of the Oracle Java SE software platform and virtual machine Oracle GraalVM Enterprise Edition is related to unrestricted resource allocation. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a denial of...
CVE-2021-20451
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 196643...
mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
CVE-2024-21072
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite component: Data Provider UI. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base...
CVE-2024-21064
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Analytics Web Answers. Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...
CVE-2024-21034
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
CVE-2024-21029
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
CVE-2024-2453
There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database...
YourSpotify Security Breach
YourSpotify is a self-hosted Spotify tracking dashboard. A security vulnerability exists in versions of YourSpotify prior to 1.9.0 that stems from the presence of a cross-site request forgery CSRF vulnerability that allows an attacker to retrieve, modify, or delete data, as well as create new use...
CVE-2023-26282
IBM Watson CP4D Data Stores 4.6.0 through 4.6.3 could allow a user with physical access and specific knowledge of the system to modify files or data on the system. IBM X-Force ID: 248415...
Cisco Unified Intelligence Center Security Vulnerabilities
Cisco Unified Intelligence Center is the United States Cisco Cisco company's set of Web-based reporting platform. The platform provides for the presentation of report-related business data and call center data. A security vulnerability exists in Cisco Unified Intelligence Center, which stems from...
CVE-2024-20951
Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite component: Outcome-Result. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Custom...
CVE-2024-20941
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite component: HTML UI. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful...
CVE-2024-26262
EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even...
CVE-2024-22131
In SAP ABA Application Basis - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions...
The vulnerability of the synchronization application for Qsync Central files arises from the improper assignment of permissions to the critical resource. This allows a malicious actor to gain access to read, modify, or delete data.
The vulnerability of the Qsync Central file synchronization application is related to the improper assignment of permissions for the critical resource. Exploiting this vulnerability may allow an attacker who operates remotely to gain access to read, modify, or delete data...
CVE-2024-20928
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Content Server. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content...
CVE-2024-20908
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: Advanced UI. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites...
CVE-2023-49587
SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network...