The vulnerability of the Rules Framework component of the Oracle Financial Services Analytical Applications Infrastructure software allows a perpetrator to gain read access to data or modify data.

The vulnerability of the Rules Framework component of the Oracle Financial Services Analytical Applications Infrastructure software exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain read access to data or modify...

CVE-2021-3507

A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 including. It could occur in fdctrltransferhandler in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU...

CVE-2021-3507

CVE-2021-3507 refers to a heap buffer overflow in QEMU’s floppy disk emulator up to version 6.0.0, triggered in fdctrl_transfer_handler() (hw/block/fdc.c) during DMA read data transfers from the floppy to the guest. Reported impact includes host DoS via crashing the QEMU process and potential inf...

CVE-2021-3507

A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 including. It could occur in fdctrltransferhandler in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU...

CVE-2020-7036

An XML External Entities XXEvulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Callback Assist includes all 4.0.x versions before 4.7.1.1 Patch 7...

CVE-2021-2218

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft component: Health Center. Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterpris...

CVE-2021-2173

Vulnerability in the Recovery component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA Level Account privilege with network access via Oracle Net to compromise Recover...

Nagios SQL注入漏洞

Nagios Network Analyzer is a network data flow analyzer that provides a view of all network traffic and bandwidth utilization. A SQL injection vulnerability exists in Nagios Network Analyzer versions prior to 2.4.3. The vulnerability can be exploited to read sensitive data from the database and...

ClusterLabs Hawk 安全漏洞

ClusterLabs Hawk is a ClusterLabs open source application. It is used to manage and monitor Pacemaker HA clusters. ClusterLabs Hawk has a security vulnerability that allows an attacker to bypass access restrictions to read or modify data using chmod...

UBUNTU-CVE-2020-1917

xbufformatconverter, used as part of exifreaddata, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to...

IBM DB2 安全漏洞

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. A security vulnerability exists in IBM DB2, which can be exploited by an attacker to bypass access...

VulnCheck KEV: CVE-2020-2506

QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information...

OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136)

Vulnerability in the Java SE product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of th...

UBUNTU-CVE-2021-3405

A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml...

PT-2021-4588 · Libebml +1 · Libebml +1

Name of the Vulnerable Software and Affected Versions: libebml versions prior to 1.4.2 Description: A flaw was found in the implementation of the EbmlString::ReadData and EbmlUnicodeString::ReadData functions in libebml, which can cause a heap overflow error. This issue is related to writing beyo...

CVE-2020-4832

IBM PowerHA 7.2 could allow a local attacker to obtain sensitive information from temporary directories after a discovery failure occurs. IBM X-Force ID: 189969...

JetBrains Hub 信息泄露漏洞

JetBrains Hub is a server that can handle authentication, authorization, users, groups, permissions, and projects across multiple JetBrains Team Tools installations. An information disclosure vulnerability exists in JetBrains Hub versions prior to 2020.1.12669. An attacker can exploit this...

The vulnerability of the Message Display component of the Oracle Email Center software allows a perpetrator to gain unauthorized access to protected information or to have read, add, or delete privileges over that data.

The vulnerability of the Message Display component of the Oracle Email Center messaging software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information or to have read, add, or...

The vulnerability of the Outcome-Result component of the Oracle Customer Interaction History software allows a perpetrator to gain unauthorized access to protected information or to have read, add, or delete privileges over the data.

The vulnerability of the Outcome-Result component of the Oracle Customer Interaction History software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information or to have read, add,...

The vulnerability of the Print Server component of the Oracle One-to-One Fulfillment application allows a perpetrator to gain unauthorized access to protected information or to have read, add, or delete privileges over that information.

The vulnerability of the Print Server component of the Oracle One-to-One Fulfillment application is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information or to have read, add, or...