1388 matches found
The vulnerability of the Core RDBMS component of the database management system Oracle Database Server allows a hacker to disclose protected information.
The vulnerability of the Core RDBMS component of the database management system, Oracle Database Server, is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...
The vulnerability of the US Federal Specific sub-component of the PeopleSoft Enterprise HCM Human Resources package from Oracle PeopleSoft Products allows a perpetrator to gain unauthorized access to protected data.
The vulnerability of the US Federal Specific sub-component of the PeopleSoft Enterprise HCM Human Resources package from Oracle PeopleSoft Products is related to inadequate access control mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized...
The vulnerability of the Oracle Hospitality Reporting and Analytics component in the Oracle Food and Beverage Applications software package allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.
The vulnerability of the Oracle Hospitality Reporting and Analytics component in the Oracle Food and Beverage Applications suite is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to remotely modify, add, or delete data, or gain unauthorized access to...
The vulnerability of the Oracle Hospitality Reporting and Analytics component in the Oracle Food and Beverage Applications software package allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.
The vulnerability of the Oracle Hospitality Reporting and Analytics component in the Oracle Food and Beverage Applications suite is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to remotely modify, add, or delete data, or gain unauthorized access to...
Adobe ColdFusion RDS Authentication Bypass Vulnerability
Adobe ColdFusion is a dynamic Web server with CFML ColdFusion Markup Language, a programming language. An authentication bypass vulnerability exists in Adobe ColdFusion RDS, which arises from a lack of authentication measures or insufficient authentication strength in a networked system or produc...
The vulnerability of the Marketing Administration sub-component of the Oracle Marketing component of the Oracle E-Business Suite allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.
The vulnerability of the Marketing Administration sub-component of the Oracle Marketing component in the Oracle E-Business Suite is related to lack of access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, or to gain unauthorized...
The vulnerability of the audioflinger component in the Android operating system, which allows a hacker to disclose protected information
The vulnerability of the audioflinger component in the Android operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information remotely...
CloudBees Jenkins Google Kubernetes Engine Plugin Permission Check Missing Vulnerability
CloudBees Jenkins is a set of Java-based development of continuous integration tools . CloudBees Jenkins Google Kubernetes Engine Plugin suffers from a security vulnerability that allows remote attackers to exploit the vulnerability by submitting a special request that can be used to obtain...
CVE-2019-13683
Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
The vulnerability of the DirectWrite programming interface in Windows operating systems allows attackers to disclose sensitive information.
The vulnerability of the DirectWrite programming interface in Windows operating systems is related to errors in object handling in memory. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information through a specially crafted document or web page...
CVE-2019-9399
The Print Service is susceptible to man in the middle attacks due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-11563566...
CVE-2019-9353
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-123024201...
OpenJDK: Missing URL format validation (Networking, 8221518)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access v...
Ransomware Hits Dental Data Backup Service Offering Ransomware Protection
THIS WEEK IN THE IRONIC NEWS: DDS Safe, an online cloud-based data backup system that hundreds of dental practice offices across the United States are using to safeguard medical records and other information of their patients from ransomware attacks has been hit with ransomware. Provided by two...
CentOS 7 : gvfs (CESA-2019:2145)
An update for gvfs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
IBM Security Guardium Big Data Intelligence XML External Entity Injection Vulnerability
IBM Security Guardium Big Data Intelligence SonarG is a suite of big data security intelligence solutions from IBM, USA. The solution features interactive data exploration, automated connectivity analysis, and user activity analysis. An XML external entity injection vulnerability exists in IBM...
IBM Business Process Manager and IBM Business Automation Workflow XML External Entity Injection Vulnerability
IBM Business Process Manager BPM and IBM Business Automation Workflow are both products of IBM Corporation, U.S.A. IBM Business Process Manager is a comprehensive business process management platform. The platform provides a series of related tools for business process modeling, assembly,...
The vulnerability of the ComplexImage function (MagickCore/fourier.c) in the ImageMagick console-based graphics editor allows an attacker to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the ComplexImage function in the ImageMagick console-based graphics editor MagickCore/fourier.c is related to the execution of operations beyond the buffer’s boundaries. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its...
Malicious Package
Overview Version 1.1.3 of pensi-scheduler contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's...
IBM Intelligent Operations Center XML External Entity Injection Vulnerability
IBM Intelligent Operations Center IOC is a suite of city operations solutions from IBM in the United States. The product features data visualization and real-time collaboration. An XML external entity injection vulnerability exists in IBM IOC, which can be exploited by remote attackers to disclos...