The vulnerability of the Web Runtime component of the JD Edwards EnterpriseOne Tools system allows a perpetrator to gain access to read, modify, add, or delete data, or to cause partial service interruption.

The vulnerability of the Web Runtime component of the JD Edwards EnterpriseOne Tools system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data, or cause a partial service...

CVE-2022-21563

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Core. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to...

CVE-2022-21552

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Search. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter...

CVE-2022-21552

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Search. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter...

CVE-2022-32247

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modif...

PT-2022-19171 · Cybozu · Cybozu Garoon

Name of the Vulnerable Software and Affected Versions: Cybozu Garoon versions 4.0.0 through 5.5.1 Description: The issue is related to improper input validation in the Scheduler component, allowing a remote authenticated attacker to modify Scheduler data. Recommendations: For Cybozu Garoon versio...

The vulnerability of the Web Services Security component of the Oracle Web Services Manager allows a perpetrator to gain read access to data or modify data.

The vulnerability of the Web Services Security component of the Oracle Web Services Manager exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain read access to data or modify data using specially crafted HTTP...

The vulnerability of components in the Oracle Applications Framework’s File Upload and Attachments programs allows a perpetrator to gain access to read data or modify data.

The vulnerability of the Attachments and File Upload components of the Oracle Applications Framework exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain read access to data or modify data using specially craft...

The vulnerability of the User Interface component of the Oracle Transportation Management software allows a perpetrator to gain access to read data or modify data.

The vulnerability of the User Interface component of the Oracle Transportation Management software is related to errors in the code. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to data or modify data using HTTP requests...

The vulnerability of the Infrastructure component of the real-time payment processing software Oracle Banking Payments allows a attacker to create, delete, or alter access to critical data, gain read-only access to data, or cause partial service disruption.

The vulnerability of the Infrastructure component of the real-time payment processing software in Oracle Banking Payments is related to the improper assignment of permissions for a critical resource. Exploiting this vulnerability allows an attacker, operating remotely, to create, delete, or modif...

The vulnerability of the Application Service component of the software for working with Oracle Web Applications Desktop Integrator allows a perpetrator to gain access to modify, add, or delete data, or to gain unauthorized access to protected information.

The vulnerability of the Application Service component of the Oracle Web Applications Desktop Integrator software exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, or gain unauthorized...

CVE-2022-31768

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database...

Car Rental Management System SQL注入漏洞

Car Rental Management System is a car rental management system. SQL injection vulnerability exists in Car Rental Management System, which can be exploited by attackers to view, add, modify or delete information in the back-end database...

CVE-2022-30190

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs,...

The vulnerability of the RubyGems.org hosting service, related to authentication errors, allows a perpetrator to gain access to create, modify, or delete data.

The vulnerability of the RubyGems.org hosting service is related to authentication errors during data copying. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to create, modify, or delete data...

CVE-2022-22413

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 223022...

CVE-2022-20742

A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel. This vulnerability is due to an improper implementatio...

CVE-2022-21492

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Analytics Server. The supported version that is affected is 5.9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2022-21458

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Navigation Pages, Portal, Query. Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2022-21450

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub product of Oracle PeopleSoft component: My Links. The supported version that is affected is 9.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL...