923 matches found
UBUNTU-CVE-2021-35545
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...
PHP 缓冲区错误漏洞
PHP is a scripting language that executes on the server side. PHP suffers from a buffer error vulnerability that could allow an attacker to bypass PHP's access restrictions via FPM in order to read or alter data...
PT-2021-20965 · Oracle +2 · Virtualbox +2
Name of the Vulnerable Software and Affected Versions: Oracle VM VirtualBox versions prior to 6.1.28 Description: The issue allows a high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks can result in...
CVE-2021-30811
This issue was addressed with improved checks. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8. A local attacker may be able to read sensitive information...
mysql: Server: Security: Privileges unspecified vulnerability (CPU Oct 2020)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...
PT-2021-30996
Name of the Vulnerable Software and Affected Versions Google Chrome affected versions not specified Description A flaw exists in the Blink browser module’s rendering engine due to errors in the implementation of security checks for standard elements. Successful exploitation could allow a remote...
mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2021)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Information Schema. Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
CVE-2021-33704
The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited via Network stack...
Microsoft Office 信息泄露漏洞
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. Commonly used components of the product include Word, Excel, Access, Powerpoint, FrontPage, and so on. A security vulnerability exists in Microsoft Office version 2.8, which stems from a flaw in th...
CVE-2021-30654
This issue was addressed by removing additional entitlements. This issue is fixed in GarageBand 10.4.3. A local attacker may be able to read sensitive information...
Apple macOS 访问控制错误漏洞
Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. An access control error vulnerability exists in Apple macOS Monterey versions prior to 12.0.1, which can be exploited by a local attacker to read sensitive information...
GHSA-793H-6F7R-6QVM Druid ingestion system Authenticated users can read data from other sources than intended
In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not a...
CVE-2021-37593
PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest unauthenticated can inject a malicious SQL query in order to affect the execution of predefined SQL commands. Upon a successful SQL injection attack, an attacker can read sensitive data from the database and possibly...
PT-2021-6425 · Oracle +1 · Mysql Cluster +1
Name of the Vulnerable Software and Affected Versions: MySQL Cluster versions 7.4.34 and prior MySQL Cluster versions 7.5.24 and prior MySQL Cluster versions 7.6.20 and prior MySQL Cluster versions 8.0.27 and prior Description: The issue allows a high-privileged attacker with access to the physic...
CVE-2021-2403
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...
CVE-2021-2386
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering component: Web Access. Supported versions that are affected are 20.12.0-20.12.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...
CVE-2021-2345
Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce component: Tools and Frameworks. The supported version that is affected is 11.3.1.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...
DEBIAN-CVE-2021-2341
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows...
Bluetooth 竞争条件问题漏洞
Bluetooth is a Bluetooth Special Interest Group SIG standards organization standard for short-range wireless technology for exchanging data between fixed and mobile devices over short distances using UHF radio waves in the ISM band from 2.402 GHz to 2.48 GHz, and for building personal area networ...
Libwebp out-of-bounds read vulnerability (CNVD-2021-37659)
Libwebp is a WebP image format encoding and decoding library . A security vulnerability exists in versions of Libwebp prior to 1.0.1. An attacker could exploit the vulnerability to threaten data confidentiality and service availability...