The vulnerability of the E-Business Suite component XDO, a reporting tool within the Oracle BI Publisher software from Oracle Fusion Middleware, allows an intruder to gain unauthorized access to protected information.

The vulnerability of the E-Business Suite component XDO, a reporting tool within the Oracle BI Publisher software from Oracle Fusion Middleware, is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized...

CVE-2022-26834

Improper access control vulnerability in Rakuten Casa version APFV141 or APFV200 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser from Google, Inc. and V8 is an open source JavaScript engine. A buffer error vulnerability exists in Google Chrome versions 90.0.4430.72 through 102.0.5005.63, which stems from the presence of a boundary condition in the synthesis component. A remote attacker could...

OpenJDK: URI parsing inconsistencies (JNDI, 8278972)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

Qualcomm 缓冲区错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way of miniaturizing circuits including primarily semiconductor devices, but also passive components, etc., and from time to time fabricated on the surface of semiconductor wafers. A buffer error vulnerability exists in several Qualcomm...

The vulnerability of the func2.php function in the web application for managing a medical institution, the PHPGurukul Hospital Management System, allows a perpetrator to disclose protected information.

The vulnerability of the func2.php function in the web application of the PHPGurukul Hospital Management System is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to disclose the protected information remotely...

Square OkHttp can accept the wrong certificate

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

The vulnerability of the Libraries component of the Oracle GraalVM Enterprise Edition virtual machine allows a hacker to modify data.

The vulnerability of the Libraries component in the Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to modify, add, or delete data using network packet...

QNAP Systems 多款产品跨站脚本漏洞

QNAP Systems QUTS Hero and QNAP QuTScloud are both products of China Weilian QNAP Systems.QUTS Hero is a NAS operating system for file management. The system retains the application ecosystem of QTS and integrates the more powerful 128-bit ZFS file system to provide enterprises with a more stable...

The vulnerability of the display mechanism of Blink web pages in Microsoft Edge and Google Chrome browsers allows attackers to disclose protected information.

The vulnerability of the Blink web page display mechanism in Microsoft Edge and Google Chrome exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

Vulnerabilities fixed in cURL

Vulnerabilities have been fixed in cURL. The vulnerabilities allow a remote malicious party potentially able to obtain sensitive data obtain or to bypass authentication. The developers of cURL have released updates to fix the vulnerabilities. More information can be found on the pages below:...

OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

OpenJDK: URI parsing inconsistencies (JNDI, 8278972)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

The vulnerability of the Oracle Communications Convergence component of the Oracle Communications Applications network management and organization software package allows a hacker to gain access to, modify, add, or delete data.

The vulnerability of the Oracle Communications Convergence software component for network management and organization applications exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to remotely gain access to modify, add, or delete dat...

The vulnerability of the AVI_ExtractSubtitle component of the VLC Media Player allows a hacker to gain access to confidential data and also trigger a service failure.

The vulnerability of the AVIExtractSubtitle component in the VLC Media Player media player is related to the copying of buffers without checking the input data. Exploiting this vulnerability allows a remote attacker to gain access to confidential data and also cause a service failure by using a...

The vulnerability of the Mediation Engine component of the Oracle Communications Operations Monitor system allows a perpetrator to gain access to read, modify, add, or delete data, or to cause a partial service disruption.

The vulnerability of the Mediation Engine component of the Oracle Communications Operations Monitor visualization and monitoring system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add...

The vulnerability of Puppet’s infrastructure automation tool lies in the absence of a mechanism to neutralize elements in CSV files. This allows attackers to access confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the Puppet infrastructure automation tool relates to the absence of a mechanism for neutralizing elements in the CSV file. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause service interruptions...

The vulnerability of the decoder in the SIX functional decoding system for MPEG-4 multimedia platform GPAC allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the SSIX decoder for MPEG-4 multimedia platform GPAC is related to incorrect checking of the result of an arithmetic operation. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause service failures...

The vulnerability of the decoder for MPEG-4 multimedia platform GPAC allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the SVHD decoder, a component of the MPEG-4 multimedia platform GPAC, lies in the lack of verification for the result of the addition arithmetic operation. Exploiting this vulnerability allows an attacker operating remotely to gain access to confidential data, compromise its...