Lucene search
K

685 matches found

NCSC
NCSC
added 2022/10/19 12:0 a.m.5 views

Vulnerabilities fixed in Oracle Virtualization

Vulnerabilities have been fixed in Oracle Virtualization. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Remote code...

8.8CVSS7.3AI score0.01635EPSS
Exploits0
NCSC
NCSC
added 2022/10/19 12:0 a.m.9 views

Vulnerabilities fixed in Oracle Fusion Middleware

Vulnerabilities have been fixed in Oracle Fusion Middleware. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...

9.8CVSS8.2AI score0.99298EPSS
Exploits23
NCSC
NCSC
added 2022/10/19 12:0 a.m.39 views

Vulnerabilities fixed in Oracle Supply Chain Products Suite

Vulnerabilities have been fixed in Oracle Supply Chain Products Suite. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data Access to...

9.8CVSS7.5AI score0.71653EPSS
Exploits7
Cvelist
Cvelist
added 2022/10/11 12:0 a.m.32 views

CVE-2022-39013

Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system data and make the system unavailable leading to high impact on confidentiality and low impact on integrity and availability of the applicatio...

7.5AI score0.00601EPSS
Exploits0References2
NCSC
NCSC
added 2022/10/04 12:0 a.m.3 views

Vulnerabilities fixed in Debian

Vulnerabilities have been fixed in the Linux kernel as used by Debian. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to...

7.8CVSS7.2AI score0.12746EPSS
Exploits18
NCSC
NCSC
added 2022/09/14 12:0 a.m.79 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Access to sensitive data Access to system data Increased user privileges SAP...

8.1CVSS6.2AI score0.22318EPSS
Exploits6
NVD
NVD
added 2022/09/13 8:15 p.m.21 views

CVE-2022-32244

Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve non-personal system data, modify system data but can't make the system unavailable. This needs the attacker to have high privilege access to the same physical/logical network ...

5.2CVSS0.00457EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/09/13 7:24 p.m.33 views

CVE-2022-32244

Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve non-personal system data, modify system data but can't make the system unavailable. This needs the attacker to have high privilege access to the same physical/logical network ...

6.2AI score0.00457EPSS
Exploits0References2
NCSC
NCSC
added 2022/09/13 12:0 a.m.10 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in RUGGEDCOM, SCALANCE and SIMATIC products. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of authentication. Remote co...

9.8CVSS6.9AI score0.78675EPSS
Exploits19
NCSC
NCSC
added 2022/09/13 12:0 a.m.5 views

Vulnerabilities fixed in macOS

Apple has fixed vulnerabilities in macOS Big Sur and Monterey. The vulnerabilities allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Remote code execution Kernel/Root permissions. Access to sensitive data Access to system data Increased...

7.8CVSS7.4AI score0.05557EPSS
Exploits0
NCSC
NCSC
added 2022/09/07 12:0 a.m.13 views

Vulnerabilities fixed in Android

Google has fixed vulnerabilities in the Android operating system. A malicious person could exploit them to cause the following categories of damage: Remote code execution Administrator/Root privileges Access to sensitive data Access to system data Increased user privileges To exploit the...

9.8CVSS6.1AI score0.04829EPSS
Exploits3
NCSC
NCSC
added 2022/08/31 12:0 a.m.37 views

Vulnerabilities fixed in GitLab CE and EE

Vulnerabilities have been fixed in GitLab Community Edition and Enterprise Edition. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Bypassing...

9.9CVSS7.7AI score0.86194EPSS
Exploits5
OSV
OSV
added 2022/08/30 5:15 a.m.3 views

CVE-2022-38116

Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service...

9.8CVSS5.8AI score0.00984EPSS
Exploits0References1
NVD
NVD
added 2022/08/30 5:15 a.m.7 views

CVE-2022-38116

Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service...

9.8CVSS0.00984EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/08/30 4:25 a.m.13 views

CVE-2022-38116 Le-yan Co., Ltd. Personnel and Salary Management System - Hard-coded password

Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service...

9.8CVSS9.9AI score0.00984EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/08/11 12:0 a.m.79 views

SAP BusinessObjects Business Intelligence Platform 4.2 < 4.2 SP9 P9 / 4.3 < 4.3 SP2 P5 Multiple Vulnerabilities

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is prior to 4.2 SP9 P9, 4.3 SP2 P5 or 4.3 SP3. It is, therefore, affected by multiple vulnerabilities vulnerabilities: - An unauthenticated, remote attacker can view any data available for a...

8.2CVSS6.7AI score0.00457EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2022/08/10 12:0 a.m.6 views

The vulnerability of the Jenkins Repository Connector Plugin, related to deficiencies in the authentication process, allows attackers to disclose sensitive information about the file system.

The vulnerability of the Jenkins Repository Connector Plugin is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose sensitive information about the file system...

4.3CVSS5.4AI score0.00561EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2022/08/05 5:12 a.m.15 views

Insecure Signature Verification

github.com/sigstore/cosign is vulnerable to insecure signature verification. The vulnerability exists in the Exec function in verifyattestation.go because the library does not properly validate the signature which allows an attacker to gain access to system data and execute malicious code...

9.8CVSS9.2AI score0.0054EPSS
Exploits1References2Affected Software2
NVD
NVD
added 2022/08/04 10:15 a.m.22 views

CVE-2022-32965

OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service...

9.8CVSS0.01138EPSS
Exploits0References2
OSV
OSV
added 2022/08/04 10:15 a.m.3 views

CVE-2022-32965

OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service...

9.8CVSS6.1AI score0.01138EPSS
Exploits0References2
Rows per page
Query Builder