Lucene search
K

130 matches found

CVE
CVE
added 2024/12/06 4:36 p.m.72 views

CVE-2024-48868

CVE-2024-48868 is a CRLF injection vulnerability reported to affect QNAP QTS and QuTS hero. The flaw permits remote modification of application data when exploited. Affected versions have been fixed: QTS 5.1.9.2954 build 20241120 and later; QTS 5.2.2.2950 build 20241114 and later; QuTS hero h5.1....

8.7CVSS6.7AI score0.00448EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2024/10/16 3:16 p.m.8 views

JDK: Array indexing integer overflow (8328544)

Vulnerability in Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

3.7CVSS7.4AI score0.00827EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/09/10 12:0 a.m.5 views

PT-2024-10162 · Qnap · Qnap Qts +1

Name of the Vulnerable Software and Affected Versions: QNAP QTS versions prior to 5.1.9.2954 build 20241120 QNAP QTS versions prior to 5.2.2.2950 build 20241114 QNAP QuTS hero versions prior to h5.1.9.2954 build 20241120 QNAP QuTS hero versions prior to h5.2.2.2952 build 20241116 Description: An...

5.3CVSS7.3AI score0.00495EPSS
Exploits0References7
OSV
OSV
added 2024/04/16 10:15 p.m.1 views

UBUNTU-CVE-2024-21068

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle...

3.7CVSS6.7AI score0.01289EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/04/16 12:0 a.m.7 views

PT-2024-4902 · Oracle · Oracle Production Scheduling

Name of the Vulnerable Software and Affected Versions: Oracle Production Scheduling versions 12.2.4 through 12.2.12 Description: The issue exists due to insufficient input validation in the Import Utility component of Oracle Production Scheduling in Oracle E-Business Suite. This allows a remote...

7.8CVSS7.3AI score0.0052EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/02/14 12:0 a.m.4 views

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow lies in authentication errors, which allow attackers to modify arbitrary data.

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow is related to authentication errors. Exploiting this vulnerability allows a malicious actor to modify arbitrary data remotely...

4.3CVSS5.5AI score0.01305EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/07 12:0 a.m.6 views

PT-2023-8562 · Apache · Apache Ofbiz

Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions prior to 18.12.09 Description: The issue is related to missing authentication in the Solr plugin of Apache OFBiz, allowing a remote attacker to modify protected information. It is estimated that around 1,891 devices are...

5.3CVSS7.4AI score0.01793EPSS
Exploits0References7
OSV
OSV
added 2023/10/09 12:15 p.m.4 views

CVE-2023-43700

Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication...

7.5CVSS5.9AI score0.00628EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/09/05 12:0 a.m.4 views

The vulnerability of the Hotspot component of Oracle’s software platform and the Oracle GraalVM Enterprise Edition virtual machine allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Hotspot component of Oracle’s software platform and the Oracle GraalVM Enterprise Edition virtual machine is related to a numerical overflow condition. Exploiting this vulnerability can allow an attacker to gain access to modify, add, or delete data remotely...

5.3CVSS6.1AI score0.02755EPSS
Exploits0References16Affected Software6
BDU FSTEC
BDU FSTEC
added 2023/07/24 12:0 a.m.6 views

The vulnerability of the Application Express component in the Oracle Application Express development environment allows access to data modification, addition, deletion, or partial service disruption.

The vulnerability of the Application Express development environment for Oracle Application Express is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker operating remotely to gain access to modify, add, or delete data, or cause a partial service...

5.6CVSS6.7AI score0.00321EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/18 12:0 a.m.4 views

PT-2023-3627 · Oracle · Application Express Customers Plugin

Name of the Vulnerable Software and Affected Versions: Application Express Customers Plugin versions 18.2 through 22.2 Description: The issue exists due to insufficient input validation in the Application Express Customers Plugin component of Oracle Application Express. This allows a remote...

9CVSS8.6AI score0.00521EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/05/02 12:0 a.m.5 views

The vulnerability of the OXI software component for managing hotel resources, Oracle Hospitality Opera 5, allows a hacker to modify data, cause partial service interruptions, or gain unauthorized access to the device.

The vulnerability of the OXI software component for managing hotel resources in Oracle Hospitality Opera 5 exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to modify data remotely, cause partial service interruptions, or gain unauthorized...

7.2CVSS7.4AI score0.44684EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/04/18 8:15 p.m.3 views

DEBIAN-CVE-2023-21938

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...

3.7CVSS6AI score0.01208EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.5 views

SUSE CVE-2011-5057

Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an...

5CVSS6.9AI score0.28628EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:51 a.m.3 views

SUSE CVE-2017-3509

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

4.2CVSS6.9AI score0.02211EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2023/02/15 4:3 a.m.5 views

SUSE CVE-2020-2590

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Security. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

3.7CVSS6.5AI score0.03085EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 3:30 a.m.4 views

SUSE CVE-2022-21248

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerabili...

3.7CVSS6.7AI score0.03763EPSS
Exploits0References19
SUSE CVE
SUSE CVE
added 2023/02/15 3:29 a.m.3 views

SUSE CVE-2022-21496

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

5.3CVSS5.8AI score0.02651EPSS
Exploits0References17
BDU FSTEC
BDU FSTEC
added 2023/01/31 12:0 a.m.7 views

The vulnerability of the Synchronization sub-component of the Oracle Mobile Field Service component in the Oracle E-Business Suite system allows a perpetrator to gain access to modify, add, or delete protected data.

The vulnerability of the Synchronization sub-component of the Oracle Mobile Field Service component in the Oracle E-Business Suite enterprise automation system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker who operates remotely to modify,...

7.8CVSS7.3AI score0.00517EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.5 views

PT-2023-1198 · Oracle · Oracle Sales For Handhelds

Name of the Vulnerable Software and Affected Versions: Oracle Sales for Handhelds versions 12.2.3 through 12.2.12 Description: The issue is related to insufficient input validation in the Pocket Outlook Sync PocketPC component of Oracle Sales for Handhelds, part of the Oracle E-Business Suite...

7.8CVSS8.9AI score0.00517EPSS
Exploits0References5
Rows per page
Query Builder