DEBIAN-CVE-2024-20932

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easi...

PT-2024-1212 · Oracle · Oracle E-Business Suite

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the CRM User Management Framework component of Oracle Common Applications in Oracle E-Business Suite. This can be...

PT-2024-13390 · Npm · @Evershop/Evershop

Name of the Vulnerable Software and Affected Versions: @evershop/evershop versions prior to 1.0.0-rc.8 Description: The issue is related to a lack of authentication in the @evershop/evershop package, which allows remote attackers to obtain sensitive information via improper authorization in Graph...

Bosch Nexo cordless nutrunner security breach

Bosch Nexo Cordless nutrunner is a series of cordless tightening wrenches with integrated controls from Bosch Germany. A security vulnerability exists in Bosch Nexo cordless nutrunner. The vulnerability allows a remote attacker to access sensitive data within the export package or perform remote...

CVE-2023-50481

An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js...

VulnCheck KEV: CVE-2022-31711

VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication...

The vulnerability of the 5G mobile communication network organization software free5GC, related to the lack of authentication for critical functions, allows attackers to disclose protected information.

The vulnerability of the software for managing fifth-generation mobile communication networks 5G, free5GC, is related to the absence of authentication for a critical function. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose protected information...

CVE-2023-46495

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter...

CVE-2023-46497

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint...

PT-2023-9573 · Oracle · Oracle E-Business Suite

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to weaknesses in the authorization mechanism of the Common Components component in Oracle Financials, part of the Oracle E-Business Suite. This can allo...

PT-2023-9062 · Oracle · Oracle E-Business Suite +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the Campaign LOV component of the Oracle Marketing product. This can allow a remote attacker to gain unauthorized...

VulnCheck KEV: CVE-2023-39026

Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component...

CVE-2023-6414

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via perfil.php in the id and user parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and...

CVE-2023-49030

SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain sensitive information via a crafted script to the web/user.php component...

CVE-2023-48185

Directory Traversal vulnerability in TerraMaster v.s1.0 through v.2.295 allows a remote attacker to obtain sensitive information via a crafted GET request...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system...

The vulnerability of the ProcXIPassiveUngrabDevice function in the Wayland protocol for X.Org XWayland, which is part of the X.Org Server for the X Window System, allows a intruder to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the ProcXIPassiveUngrabDevice function in the Wayland protocol for X.Org XWayland, implemented by the X.Org Server, is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity...

The vulnerabilities of the ProcXIChangeProperty and ProcXChangeDeviceProperty functions in the X Window System X.Org Server, as well as those in the Wayland protocol for X.Org XWayland, allow attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the ProcXIChangeProperty and ProcXChangeDeviceProperty functions in the X Window System X.Org Server, as well as the Wayland protocol for X.Org and XWayland, is related to reading data from beyond the allowed buffer limits. Exploiting this vulnerability allows a remote attack...

The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to the lack of protective measures for web page structures, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...

SUSE CVE-2023-5868

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...