UBUNTU-CVE-2020-8021

a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5...

undertow: AJP File Read/Inclusion Vulnerability

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...

undertow: AJP File Read/Inclusion Vulnerability

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...

Authorization Bypass Vulnerability in Configuration King Real-Time Database

Configuration King, i.e. Configuration King development monitoring system software, is a new type of industrial automatic control system, which replaces the traditional closed system with an integrated system composed of standard industrial computer software and hardware platforms. There is an...

OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424)

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

PT-2020-2595

Name of the Vulnerable Software and Affected Versions Java SE versions 11.0.6 and 14 Description The issue is related to insufficient access control in the JSSE component of Oracle Java SE, allowing a remote attacker to gain unauthorized access to protected information via the HTTPS protocol. Thi...

mysql: C API unspecified vulnerability (CPU Jan 2021)

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...

CVE-2020-5555

Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write data of the files placed in the same directory where it is placed via unspecified vector due to the improper input validation issue...

Eclipse Theia Data Forgery Issue Vulnerability

Eclipse Theia is the Eclipse Foundation's set of Visual Studio Code-based open source integrated development environment for desktop and Web applications framework. A data forgery vulnerability exists in Eclipse Theia versions 0.3.9 through 0.15.0. A remote attacker can exploit this vulnerability...

DEBIAN-CVE-2014-4650

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...

The vulnerability of the Core component of the real-time payment processing software in Oracle Banking Payments allows a perpetrator to gain unauthorized access and modify data.

The vulnerability of the Core component of the real-time payment processing software in Oracle Banking Payments is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to read, modify, add, or delet...

Siemens SiNVR 3 Central Control Server (CCS) Authentication Bypass Vulnerability

SiNVR is the Siemens OEM version of SiVMS, a video management solution acquired by PKE Deutsch land gmmbH and formerly distributed by Schille Informationssysteme gmmbH. Siemens SiNVR 3 Central Control Server CCS has an authentication bypass vulnerability in its xml-based communication protocol. A...

AliCloud Storage Application Override Access and File Upload Vulnerability

Cloud storage is a new concept developed on the basis of the extension and derivation of cloud computing, the integrated use of distributed processing, parallel processing and grid computing and other means, the network of different types of storage devices through the application software...

UBUNTU-CVE-2019-2922

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...

UBUNTU-CVE-2019-2894

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Security. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

PT-2019-3730 · Mysql Server +6 · Mysql Server +6

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.6.45 and prior MySQL Server versions 5.7.27 and prior MySQL Server versions 8.0.17 and prior Description: The issue is related to insufficient access control in the Information Schema component of MySQL Server, allowin...

PT-2022-5171 · Oracle +6 · Mysql Server +5

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.7.39 and prior MySQL Server versions 8.0.16 and prior Description: The issue exists due to insufficient input validation in the MySQL Server component, specifically in the Security: Privileges subcomponent. This allows...

CVE-2019-2846

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows...

CVE-2018-6136

Missing type check in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...

CVE-2019-2704

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite subcomponent: IPS Package Manager. The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris. Successfu...