685 matches found
Vulnerabilities fixed in Oracle Virtualization
Vulnerabilities have been fixed in Oracle Virtualization. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Remote code...
Vulnerabilities fixed in Oracle Fusion Middleware
Vulnerabilities have been fixed in Oracle Fusion Middleware. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...
Vulnerabilities fixed in Oracle Supply Chain Products Suite
Vulnerabilities have been fixed in Oracle Supply Chain Products Suite. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data Access to...
CVE-2022-39013
Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system data and make the system unavailable leading to high impact on confidentiality and low impact on integrity and availability of the applicatio...
Vulnerabilities fixed in Debian
Vulnerabilities have been fixed in the Linux kernel as used by Debian. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Access to sensitive data Access to system data Increased user privileges SAP...
CVE-2022-32244
Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve non-personal system data, modify system data but can't make the system unavailable. This needs the attacker to have high privilege access to the same physical/logical network ...
CVE-2022-32244
Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve non-personal system data, modify system data but can't make the system unavailable. This needs the attacker to have high privilege access to the same physical/logical network ...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in RUGGEDCOM, SCALANCE and SIMATIC products. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of authentication. Remote co...
Vulnerabilities fixed in macOS
Apple has fixed vulnerabilities in macOS Big Sur and Monterey. The vulnerabilities allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Remote code execution Kernel/Root permissions. Access to sensitive data Access to system data Increased...
Vulnerabilities fixed in Android
Google has fixed vulnerabilities in the Android operating system. A malicious person could exploit them to cause the following categories of damage: Remote code execution Administrator/Root privileges Access to sensitive data Access to system data Increased user privileges To exploit the...
Vulnerabilities fixed in GitLab CE and EE
Vulnerabilities have been fixed in GitLab Community Edition and Enterprise Edition. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Bypassing...
CVE-2022-38116
Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service...
CVE-2022-38116
Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service...
CVE-2022-38116 Le-yan Co., Ltd. Personnel and Salary Management System - Hard-coded password
Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service...
SAP BusinessObjects Business Intelligence Platform 4.2 < 4.2 SP9 P9 / 4.3 < 4.3 SP2 P5 Multiple Vulnerabilities
The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is prior to 4.2 SP9 P9, 4.3 SP2 P5 or 4.3 SP3. It is, therefore, affected by multiple vulnerabilities vulnerabilities: - An unauthenticated, remote attacker can view any data available for a...
The vulnerability of the Jenkins Repository Connector Plugin, related to deficiencies in the authentication process, allows attackers to disclose sensitive information about the file system.
The vulnerability of the Jenkins Repository Connector Plugin is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose sensitive information about the file system...
Insecure Signature Verification
github.com/sigstore/cosign is vulnerable to insecure signature verification. The vulnerability exists in the Exec function in verifyattestation.go because the library does not properly validate the signature which allows an attacker to gain access to system data and execute malicious code...
CVE-2022-32965
OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service...
CVE-2022-32965
OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service...