USN-4753-1: Linux kernel (OEM) vulnerability

It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data...

Sql injection

PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...

Ubuntu 18.04 LTS : Linux kernel vulnerability (USN-4713-2)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4713-2 advisory. It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker wi...

The vulnerability of the Worklist component of the Oracle Workflow system allows a perpetrator to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the Worklist component of the Oracle Workflow system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information, or to modify, add, or delete data using the HTTP...

The vulnerability of the Miscellaneous component of the Oracle Scripting environment for creating and processing scripts allows a malicious individual to gain unauthorized access to protected information or to read, add, or delete data.

The vulnerability of the Miscellaneous component of the Oracle Scripting environment for creating and processing scripts is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information or...

The vulnerability of the UI Servlet component of the Oracle Configurator allows a perpetrator to gain unauthorized access to protected information or to read, modify, add, or delete data.

The vulnerability of the UI Servlet component of the Oracle Configurator is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information or to read, modify, add, or delete data using the...

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a malicious actor to gain read, modify, add, or delete access to data, or to cause a service failure.

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain read, modify, add, or delete access to data, or cause a service failure using the HTTP...

CVE-2021-25910

Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an authenticated user...

CVE-2020-35547

A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access view and modify to user data...

Ubuntu: Security Advisory (USN-4713-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-1135

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory...

CVE-2021-1270

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this...

CVE-2021-1133

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory...

CVE-2021-2117

Vulnerability in the Oracle Application Express Survey Builder component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromi...

CVE-2021-2003

Vulnerability in the Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Analytics Web Dashboards. Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with...

Vulnerability fixed in Red Hat kernel

A vulnerability has been fixed in the Red Hat kernel. The vulnerability allows a local malicious agent to cause a denial-of-service and to modify data. Red Hat has released updates to fix the vulnerability. More information can be found on the page below:...

PT-2021-7578 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS for Java version 7.50 Description: The issue is related to improper access control in SAP NetWeaver AS for Java, allowing an unauthenticated attacker to attach to an open interface and utilize an open naming and directory API...

CVE-2020-26045

FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...

CVE-2020-26045

FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...

mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructu...