CVE-2019-19194

The Bluetooth Low Energy Secure Manager Protocol SMP implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices installs a zero long term key LTK if an out-of-order link-layer encryption request...

The vulnerability of the SWSE Server component of the Siebel UI Framework allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the SWSE Server component of the Siebel UI Framework is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015 are related to an operation that goes beyond the buffer in memory, allowing attackers to disclose protected information.

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015 are due to an operation that goes beyond the buffer in memory. Exploiting these vulnerabilities...

The vulnerability of the Security component of the Oracle Demantra Demand Management platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of Oracle Demantra Demand Management’s Security component is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015 are related to an operation that allows data to be written beyond the buffer in memory, enabling attackers to disclose protected information.

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015 are due to an operation that goes beyond the buffer in memory. Exploiting these vulnerabilities...

The vulnerability of the Console component of Oracle WebLogic Server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Oracle WebLogic Server application server’s Console component is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

The vulnerability of the Advanced UI interface of Oracle WebCenter Sites for online user services allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Advanced UI interface of Oracle WebCenter Sites for online user services is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information using the HTTP...

The vulnerability of the Outside In Filters component within Oracle’s SDK for software development tools allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

The vulnerability of the Configuration Standard Framework component of the Enterprise Manager Base Platform allows a perpetrator to gain access to modify, add, or delete data, to gain unauthorized access to protected information, or to cause service failures.

The vulnerability of the Configuration Standard Framework component of the Enterprise Manager Base Platform is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, gain unauthorized access to protecte...

Vulnerability of the MySQL Server component: The MySQL Server component of the database management system allows attackers to gain unauthorized access to protected information.

Vulnerability of the MySQL Server component: The MySQL Server component of the database management system has a vulnerability related to the lack of protection for operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected...

PT-2020-6507

Name of the Vulnerable Software and Affected Versions EyesOfNetwork version 5.3 Description The issue is related to the use of a hardcoded API key, EONAPI KEY, in the include/api functions.php file for API version 2.4.2. This allows an attacker to calculate or guess the admin access token,...

The vulnerability in the web interface for managing physical infrastructure and Cisco UCS Director’s virtual environments allows a attacker to disclose protected information.

The vulnerability of the Web interface for managing physical infrastructure and Cisco UCS Director virtual environments is related to the lack of authentication for a critical function. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose sensitive information...

The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking financial analysis system’s simulation modeling applications allows a perpetrator to disclose protected information.

The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model application is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor to disclose sensitive...

The vulnerability of the XML platform’s syntactic analyzer, which is designed to enhance the effectiveness of educational materials and documentation. SAP Enable Now allows unauthorized access to protected information.

The vulnerability of the XML syntax analyzer on the SAP Enable Now platform, which is designed to improve the effectiveness of educational materials and documentation, is related to errors in XML link restrictions. Exploiting this vulnerability could allow an attacker to gain unauthorized access ...

The vulnerability of the Core component of the Oracle Banking Corporate Lending software allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Core component of the Oracle Banking Corporate Lending software lies in its lack of access control mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

The vulnerability of the Core component of the real-time payment processing software in Oracle Banking Payments allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Core component of the real-time payment processing software in Oracle Banking Payments is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information using...

The vulnerability in the driver drivers/net/can/usb/peak_usb/pcan_usb_fd.c of the Linux operating system allows a hacker to disclose protected information.

The vulnerability in the driver drivers/net/can/usb/peakusb/pcanusbfd.c of the Linux operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose protected information...

The vulnerability of the Core component of the real-time payment processing software in Oracle Banking Payments allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Core component of the real-time payment processing software in Oracle Banking Payments is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information using...

The vulnerability of the Infrastructure component of the Oracle FLEXCUBE Investor Servicing financial management software allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Infrastructure component of the Oracle FLEXCUBE Investor Servicing financial management software lies in its lack of access control mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Core component of the Oracle Banking Corporate Lending software allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Core component of the Oracle Banking Corporate Lending software lies in its lack of access control mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...