130 matches found
CVE-2024-48868
CVE-2024-48868 is a CRLF injection vulnerability reported to affect QNAP QTS and QuTS hero. The flaw permits remote modification of application data when exploited. Affected versions have been fixed: QTS 5.1.9.2954 build 20241120 and later; QTS 5.2.2.2950 build 20241114 and later; QuTS hero h5.1....
JDK: Array indexing integer overflow (8328544)
Vulnerability in Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...
PT-2024-10162 · Qnap · Qnap Qts +1
Name of the Vulnerable Software and Affected Versions: QNAP QTS versions prior to 5.1.9.2954 build 20241120 QNAP QTS versions prior to 5.2.2.2950 build 20241114 QNAP QuTS hero versions prior to h5.1.9.2954 build 20241120 QNAP QuTS hero versions prior to h5.2.2.2952 build 20241116 Description: An...
UBUNTU-CVE-2024-21068
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle...
PT-2024-4902 · Oracle · Oracle Production Scheduling
Name of the Vulnerable Software and Affected Versions: Oracle Production Scheduling versions 12.2.4 through 12.2.12 Description: The issue exists due to insufficient input validation in the Import Utility component of Oracle Production Scheduling in Oracle E-Business Suite. This allows a remote...
The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow lies in authentication errors, which allow attackers to modify arbitrary data.
The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow is related to authentication errors. Exploiting this vulnerability allows a malicious actor to modify arbitrary data remotely...
PT-2023-8562 · Apache · Apache Ofbiz
Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions prior to 18.12.09 Description: The issue is related to missing authentication in the Solr plugin of Apache OFBiz, allowing a remote attacker to modify protected information. It is estimated that around 1,891 devices are...
CVE-2023-43700
Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication...
The vulnerability of the Hotspot component of Oracle’s software platform and the Oracle GraalVM Enterprise Edition virtual machine allows a perpetrator to gain access to modify, add, or delete data.
The vulnerability of the Hotspot component of Oracle’s software platform and the Oracle GraalVM Enterprise Edition virtual machine is related to a numerical overflow condition. Exploiting this vulnerability can allow an attacker to gain access to modify, add, or delete data remotely...
The vulnerability of the Application Express component in the Oracle Application Express development environment allows access to data modification, addition, deletion, or partial service disruption.
The vulnerability of the Application Express development environment for Oracle Application Express is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker operating remotely to gain access to modify, add, or delete data, or cause a partial service...
PT-2023-3627 · Oracle · Application Express Customers Plugin
Name of the Vulnerable Software and Affected Versions: Application Express Customers Plugin versions 18.2 through 22.2 Description: The issue exists due to insufficient input validation in the Application Express Customers Plugin component of Oracle Application Express. This allows a remote...
The vulnerability of the OXI software component for managing hotel resources, Oracle Hospitality Opera 5, allows a hacker to modify data, cause partial service interruptions, or gain unauthorized access to the device.
The vulnerability of the OXI software component for managing hotel resources in Oracle Hospitality Opera 5 exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to modify data remotely, cause partial service interruptions, or gain unauthorized...
DEBIAN-CVE-2023-21938
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...
SUSE CVE-2011-5057
Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an...
SUSE CVE-2017-3509
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...
SUSE CVE-2020-2590
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Security. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
SUSE CVE-2022-21248
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerabili...
SUSE CVE-2022-21496
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...
The vulnerability of the Synchronization sub-component of the Oracle Mobile Field Service component in the Oracle E-Business Suite system allows a perpetrator to gain access to modify, add, or delete protected data.
The vulnerability of the Synchronization sub-component of the Oracle Mobile Field Service component in the Oracle E-Business Suite enterprise automation system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker who operates remotely to modify,...
PT-2023-1198 · Oracle · Oracle Sales For Handhelds
Name of the Vulnerable Software and Affected Versions: Oracle Sales for Handhelds versions 12.2.3 through 12.2.12 Description: The issue is related to insufficient input validation in the Pocket Outlook Sync PocketPC component of Oracle Sales for Handhelds, part of the Oracle E-Business Suite...