CVE-2022-21481

Vulnerability in the PeopleSoft Enterprise FIN Cash Management product of Oracle PeopleSoft component: Financial Gateway. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

CVE-2022-21484

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

CVE-2022-21448

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Visual Analyzer. The supported version that is affected is 5.9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2022-21458

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Navigation Pages, Portal, Query. Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2022-21458

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Navigation Pages, Portal, Query. Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

Oracle Solaris 输入验证错误漏洞

Oracle Solaris is a UNIX operating system from Oracle. A security vulnerability in Oracle Systems' Oracle Solaris product could allow an unauthenticated attacker to compromise Oracle Solaris by accessing the network via multiple protocols, which could be exploited by an attacker to potentially...

Oracle E-Business Suite 输入验证错误漏洞

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management, and other functions. An input validation error vulnerability exists in...

Oracle MySQL 缓冲区错误漏洞

Oracle MySQL is an open source relational database management system from Oracle Corporation.MySQL Server is one of the database server components.MySQL Connectors is one of the drivers for connecting applications that use MySQL. Oracle MySQL suffers from a buffer overflow vulnerability that allo...

多款Adobe产品缓冲区错误漏洞

Adobe Acrobat is a set of PDF file editing and conversion tools. The software is used to print, sign and annotate PDFs.Several Adobe products are vulnerable to an out-of-bounds read vulnerability, which stems from a boundary error when processing PDF files. A remote attacker could use the...

The vulnerability of the Web Access component of the Primavera Portfolio Management software allows a malicious individual to gain unauthorized access to read, modify, or delete data.

The vulnerability of the Web Access component of Primavera Portfolio Management, a software solution for automating production process management, is related to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized...

The vulnerability of the Web Access component of the Primavera Portfolio Management software allows a malicious individual to gain unauthorized access to read, modify, or delete data.

The vulnerability of the Web Access component of Primavera Portfolio Management, a software solution for automating production process management, is related to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized...

The vulnerability of the Core server component of Oracle WebLogic Server allows a perpetrator to gain unauthorized access to read, modify, or delete data, or to cause a service failure.

The vulnerability of the Core server component of Oracle WebLogic Server is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to read, modify, or delete data, or to cause service failures using...

The vulnerability of the WebLogic component of the Oracle PeopleSoft Enterprise PeopleTools business application allows a perpetrator to gain read access to data.

The vulnerability of the WebLogic component of the Oracle PeopleSoft Enterprise PeopleTools business application exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain read access to data through HTTP requests...

OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated...

CVE-2022-23972

ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database...

Elasticsearch 安全漏洞

Elasticsearch is a set of open source distributed RESTful search engine built on Lucene from the Dutch company Elasticsearch. The product is mainly used in cloud computing and supports data indexing using JSON over HTTP. Elasticsearch is vulnerable to privilege permission and access control issue...

CVE-2022-22766

Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.7 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L).

...

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior 7.5.24 and prior 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

...

CVE-2022-21400

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications component: Mediation Engine. Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromi...