CVE-2022-21376

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering component: Web Access. Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2 and 20.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

CVE-2022-21377

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering component: Web API. Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2 and 20.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v...

CVE-2022-21331

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

AZL-7713 CVE-2022-21323 affecting package mysql for versions less than 8.0.28-1

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication...

CVE-2022-21313

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to...

CVE-2022-21317

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

AZL-7704 CVE-2022-21313 affecting package mysql for versions less than 8.0.28-1

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to...

CVE-2022-21263

Vulnerability in the Oracle Solaris product of Oracle Systems component: Fault Management Architecture. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle...

CVE-2022-21246

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications component: Mediation Engine. Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromi...

UBUNTU-CVE-2022-21295

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.32. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

CVE-2021-44757

Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server...

Oracle WebLogic Server 输入验证错误漏洞

Oracle WebLogic Server is an application services middleware from Oracle for cloud and traditional environments that provides a modern, lightweight development platform that supports full lifecycle management of applications from development to production and simplifies application deployment and...

Oracle WebLogic Server 输入验证错误漏洞

Oracle WebLogic Server is an application services middleware for cloud and legacy environments from Oracle Corporation Oracle that provides a modern lightweight development platform that supports the full lifecycle management of applications from development to production and simplifies applicati...

UBUNTU-CVE-2021-45101

An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Using standard command-line tools, a user with only READ access to an HTCondor SchedD or Collector daemon can discover secrets that could allow them to control other users' jobs and/or read their data...

The vulnerability in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData functions of the EBML analysis library Libebml, related to writing beyond the buffer boundary, allows a attacker to cause a service failure.

The vulnerability in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData functions of the EBML analysis library in Libebml is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

...

OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated...

OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated...

CVE-2021-2476

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: Authentication. The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Transportation...