SUSE CVE-2020-6561

Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

SUSE CVE-2020-14797

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

SUSE CVE-2021-21135

Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

SUSE CVE-2021-21349

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is...

SUSE CVE-2021-39150

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...

SUSE CVE-2021-39152

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...

SUSE CVE-2022-0109

Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page...

SUSE CVE-2022-21248

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerabili...

SUSE CVE-2022-21496

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

Malicious Package

Overview requet is a malicious package. It attempts typosquatting popular packages. The malicious script is base64 obfuscated located in init.py file and tries to steal the current username, platform and IP information and send them to a remote host. Malicious behavior python import getpass impor...

Malicious Package

Overview certefi is a malicious package. It attempts typosquatting popular packages. The malicious script is base64 obfuscated located in init.py file and tries to steal the current username, platform and IP information and send them to a remote host. Malicious behavior python import getpass impo...

Malicious Package

Overview s3trnasfers is a malicious package. It attempts typosquatting popular packages. The malicious script is base64 obfuscated located in init.py file and tries to steal the current username, platform and IP information and send them to a remote host. Malicious behavior python import getpass...

Malicious Package

Overview rquest is a malicious package. This malicious package attempts typosquatting the popular requests package. The malicious script is base64 obfuscated and tries to steal the current username and platform information and send them to a remote host. Malicious behavior python import getpass...

Information disclosure

In Boa, there is a possible information disclosure due to a missing permission check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB001232...

The vulnerability of the Synchronization sub-component of the Oracle Mobile Field Service component in the Oracle E-Business Suite system allows a perpetrator to gain access to modify, add, or delete protected data.

The vulnerability of the Synchronization sub-component of the Oracle Mobile Field Service component in the Oracle E-Business Suite enterprise automation system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker who operates remotely to modify,...

The vulnerabilities of the Workflow, Approval, and Work Force Management components of the Oracle Self-Service Human Resources system, as well as the Oracle E-Business Suite, allow attackers to gain access to modify, add, or delete protected data.

The vulnerability of the Workflow, Approval, and Work Force Management components of the Oracle Self-Service Human Resources system, as well as the Oracle E-Business Suite, is related to insufficient validation of entered data. Exploiting this vulnerability can allow an attacker to modify, add, o...

The vulnerability of the E-Business Collections component of the Oracle Demantra Demand Management demand management platform, which allows a fraudster to manipulate data.

The vulnerability of the E-Business Collections component of the Oracle Demantra Demand Management demand management platform is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to manipulate data remotely...

The vulnerability of the sub-component of the Automated Test Suite of the Oracle HCM Common Architecture component of the Oracle E-Business Suite allows a perpetrator to manipulate data.

The vulnerability of the sub-component of the Automated Test Suite of the Oracle HCM Common Architecture in the Oracle E-Business Suite system relates to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to manipulate data remotely...

CVE-2022-42406

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2022-42404

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...