The vulnerability of the Runtime Catalog component of the Oracle iStore system, a system for creating, managing, and personalizing online stores, allows a perpetrator to gain unauthorized access to protected information or to read, add, or delete data.

The vulnerability of the Runtime Catalog component of the Oracle iStore system, which is used for creating, managing, and personalizing online stores, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized acce...

The vulnerability of the Outcome-Result component of the Oracle Customer Interaction History software allows a perpetrator to gain unauthorized access to protected information or to have read, add, or delete privileges over the data.

The vulnerability of the Outcome-Result component of the Oracle Customer Interaction History software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information or to have read, add,...

The vulnerability of the UI Servlet component of the Oracle Configurator allows a perpetrator to gain unauthorized access to protected information or to read, modify, add, or delete data.

The vulnerability of the UI Servlet component of the Oracle Configurator is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information or to read, modify, add, or delete data using the...

CVE-2021-2003

Vulnerability in the Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Analytics Web Dashboards. Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with...

PT-2021-7578 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS for Java version 7.50 Description: The issue is related to improper access control in SAP NetWeaver AS for Java, allowing an unauthenticated attacker to attach to an open interface and utilize an open naming and directory API...

GLPI Insecure Direct Object Reference Vulnerability

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

...

OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

CVE-2020-14900

Vulnerability in the Oracle Application Express Group Calendar component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromi...

CVE-2020-14856

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2020-14826

Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite component: SQL Extensions. Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2020-14761

Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite component: Oracle Diagnostics Interfaces. Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2020-16978

A cross site scripting vulnerability exists when Microsoft Dynamics 365 on-premises does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics...

CVE-2020-16946

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

CVE-2020-16945

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

PT-2020-4315 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint...

PT-2020-4314 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: This issue occurs when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server. An authenticated attacker could exploit...

CVE-2020-3426 Cisco IOS Software for Cisco Industrial Routers Virtual-LPWA Unauthorized Access Vulnerability

A vulnerability in the implementation of the Low Power, Wide Area LPWA subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Industrial ISRs and Cisco 1000 Series Connected Grid Routers CGR1000 could allow an unauthenticated, remote attacker to gain...

PT-2020-5089 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: The issue is related to multiple vulnerabilities in the web management framework of Cisco IOS XE Software. These vulnerabilities could allow an authenticated, remote attacker...

mysql: Server: Information Schema unspecified vulnerability (CPU Jan 2020)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Information Schema. Supported versions that are affected are 8.0.18 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...