CVE-2022-32244

Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve non-personal system data, modify system data but can't make the system unavailable. This needs the attacker to have high privilege access to the same physical/logical network ...

CVE-2022-36857

Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data...

PT-2022-23661 · Unknown · Photo Editor

Name of the Vulnerable Software and Affected Versions: Photo Editor versions prior to SMR Sep-2022 Release 1 Description: The issue allows physical attackers to read internal application data due to an improper authorization flaw. Recommendations: For versions prior to SMR Sep-2022 Release 1,...

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to gain unauthorized access to read, modify, or add data, or to cause a service failure.

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to read, modify, or add data, or cause a service...

Fortinet FortiAnalyzer和FortiManager 安全漏洞

Fortinet FortiManager and Fortinet FortiAnalyzer are both products from Fortinet, Inc. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can be grouped into different management domains...

Joomla 安全漏洞

Joomla is an open source, cross-platform content management system CMS developed using PHP and MySQL by the U.S.-based Open Source Matters team. A security vulnerability exists in Joomla Core, which stems from the fact that an attacker can bypass access restrictions on data to read sensitive...

The vulnerability of the Web Runtime component of the JD Edwards EnterpriseOne Tools system allows a perpetrator to gain access to read, modify, add, or delete data, or to cause partial service interruption.

The vulnerability of the Web Runtime component of the JD Edwards EnterpriseOne Tools system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data, or cause a partial service...

OpenJDK: class compilation issue (Hotspot, 8281859)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitab...

OpenJDK: class compilation issue (Hotspot, 8281859)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitab...

CVE-2022-21552

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Search. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter...

CVE-2022-21523

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware component: BI Publisher Security. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI...

UBUNTU-CVE-2022-21540

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitab...

Siemens SIMATIC 访问控制错误漏洞

The SIMATIC MV500 is a fixed optical reader used to reliably capture printed, laser, drilled, punched, and dot-marked codes on a variety of different surfaces.The Siemens SIMATIC MV500 is vulnerable to an authentication error that could be exploited by an unauthenticated, remote attacker to read...

The vulnerability of components in the Oracle Applications Framework’s File Upload and Attachments programs allows a perpetrator to gain access to read data or modify data.

The vulnerability of the Attachments and File Upload components of the Oracle Applications Framework exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain read access to data or modify data using specially craft...

The vulnerability of the Web Services Security component of the Oracle Web Services Manager allows a perpetrator to gain read access to data or modify data.

The vulnerability of the Web Services Security component of the Oracle Web Services Manager exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain read access to data or modify data using specially crafted HTTP...

The vulnerability of the User Interface component of the Oracle Transportation Management software allows a perpetrator to gain access to read data or modify data.

The vulnerability of the User Interface component of the Oracle Transportation Management software is related to errors in the code. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to data or modify data using HTTP requests...

Guzzle 信息泄露漏洞

Guzzle is a PHP HTTP client for guzzlehttp individual developers that makes it easy to send HTTP requests and easily integrates with web services. An information disclosure vulnerability exists in Guzzle. An attacker can exploit this vulnerability to bypass access restrictions to Guzzle data via...

curl: CVE-2022-32208: FTP-KRB bad message verification

Summary: libcurl handles gssunwrap GSSSBADSIG error incorrectly. This enables malicious attacker to inject arbitrary FTP server responses to GSSAPI protected FTP control connection and/or make the client consume unrelated heap memory as a FTP command response. The defective krb5decode function is...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H).

...

CVE-2022-21492

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Analytics Server. The supported version that is affected is 5.9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...