CVE-2024-3942

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticate...

Privilege Escalation

github.com/kubevirt/kubevirt/ is vulnerable to Privilege Escalation. This vulnerability arises due to insufficient access controls, enabling an attacker to assume the privileges of the VM process on the host system. Consequently, attackers could potentially read and modify any file on the system...

CVE-2024-21064

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Analytics Web Answers. Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2024-21034

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2024-21033

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2024-21029

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2024-21016

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

PT-2024-2354 · Advantech · Advantech Webaccess/Scada

Name of the Vulnerable Software and Affected Versions: Advantech WebAccess/SCADA affected versions not specified Description: The issue is related to a lack of protection against SQL query structure attacks, allowing a remote attacker to execute arbitrary SQL queries on the database. This can...

PT-2024-22261 · Schoolbox · Schoolbox

Name of the Vulnerable Software and Affected Versions: Schoolbox versions prior to 23.1.3 Description: The issue concerns a blind SQL Injection vulnerability in the chat functionality of the Schoolbox application. This vulnerability allows authenticated attackers to read, modify, and delete...

Schoolbox SQL Injection Vulnerability

Schoolbox is an online learning platform from Schoolbox Australia. A SQL injection vulnerability exists in Schoolbox versions prior to 23.1.3, which stems from vulnerability to a blind SQL injection attack that allows an authenticated attacker to read, modify, and delete database records...

The vulnerability of the Visual Analyzer component of the Oracle Business Intelligence Enterprise Edition software allows a malicious individual to gain unauthorized access to read, modify, or delete data.

The vulnerability of the Visual Analyzer component of the Oracle Business Intelligence Enterprise Edition software is related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to read, modify, or delete...

CVE-2024-20951

Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite component: Outcome-Result. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Custom...

CVE-2024-20933

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite component: Engineering Change Order. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed...

CVE-2024-20917

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Log Management. The supported version that is affected is 13.5.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2024-20913

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: BI Platform Security. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

QNAP Multiple Product Security Vulnerabilities

QNAP Systems QuTScloud and others are products of China Weilian Technology QNAP Systems.QNAP Systems QuTScloud is a cloud-optimized version of the QNAP NAS operating system.QNAP Systems QTS is an operating system for entry- to mid-range QNAP NAS use. QNAP Systems QuTS hero is an operating system....

The vulnerability of the Firewall component of the Oracle Audit Vault and Database Firewall (AVDF) management tool allows a perpetrator to gain access to read, modify, or delete data.

The vulnerability of the Firewall component of the Oracle Audit Vault and Database Firewall AVDF management tool is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to gain read, modify, or delete access to data...

CVE-2024-20936

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite component: Documents. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One...

CVE-2024-20908

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: Advanced UI. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites...

PT-2023-8518 · Qnap · Qsync Central

Name of the Vulnerable Software and Affected Versions: Qsync Central versions prior to 4.3.0.11 Qsync Central versions prior to 4.4.0.15 Description: The issue is related to an incorrect permission assignment for a critical resource in Qsync Central. This could allow an authenticated user to read...