CVE-2020-14635

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: Logging. Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Obje...

PT-2020-3530

Name of the Vulnerable Software and Affected Versions Java SE versions 7u261 and 8u251 Java SE Embedded version 8u251 Description The issue is related to insufficient input validation in the Libraries component of Oracle Java SE and Java SE Embedded. It can be exploited by an unauthenticated...

PT-2020-4071 · Apple · Itunes For Windows +7

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 13.5 iPadOS versions prior to 13.5 tvOS versions prior to 13.4.5 watchOS versions prior to 6.2.5 Safari versions prior to 13.1.1 iTunes for Windows versions prior to 12.10.7 iCloud for Windows versions prior to 11.2 and...

PT-2020-4070 · Apple · Macos Catalina +5

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 13.5 iPadOS versions prior to 13.5 macOS Catalina versions prior to 10.15.5 tvOS versions prior to 13.4.5 watchOS versions prior to 6.2.5 Description: The issue is related to an out-of-bounds write problem, which can be...

Ruby on Rails Cross-Site Request Forgery Vulnerability (CNVD-2020-32423)

Ruby on Rails is a set of Rails team based on the Ruby language open source Web application framework. A cross-site request forgery vulnerability exists in Ruby on Rails versions prior to 5.2.5 and 6.0.4, which stems from a WEB application that does not adequately validate that a request is comin...

Autodesk Dynamo BIM Code Issue Vulnerability

Autodesk Dynamo BIM is a suite of open-source graphic programming design software from Autodesk USA. A security vulnerability exists in Autodesk Dynamo BIM version 2.5.1 and 2.5.0, which originates from the program's inability to properly verify signatures. The vulnerability can be exploited by a...

Rukovoditel SQL Injection Vulnerability (CNVD-2020-26656)

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management , customer relationship management and other functions . A SQL injection vulnerability exists in Rukovoditel version 2.5.2. The vulnerability stems from a lack ...

CVE-2020-2864

Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite component: Accounts. Supported versions that are affected are 12.1.3 and 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupplier...

CVE-2020-10382

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an authenticated remote code execution in the backup-scheduler...

PT-2020-12693 · Nch · Express Invoice

Name of the Vulnerable Software and Affected Versions: NCH Express Invoice version 7.25 Description: The issue allows local users to discover the cleartext password by reading the configuration file. Recommendations: For version 7.25, consider restricting access to the configuration file to...

PT-2022-11605 · Libxml2 +3 · Libxml2 +3

Name of the Vulnerable Software and Affected Versions: VTK versions prior to 9.2.5 Description: The issue is a NULL pointer dereference vulnerability that lies in IO/Infovis/vtkXMLTreeReader.cxx. It occurs because the vendor did not check the return value of the libxml2 API xmlDocGetRootElement a...

DEBIAN-CVE-2014-6262

Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted third argument to the rrdtool.graph function, aka ZEN-15415...

PT-2020-9918 · Apache · Apache Dubbo

Name of the Vulnerable Software and Affected Versions: Apache Dubbo versions 2.5.x Apache Dubbo versions 2.6.0 through 2.6.7 Apache Dubbo versions 2.7.0 through 2.7.4 Description: Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a PO...

CVE-2019-17651

An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack XSS by injecting malicious JavaScript code into...

PT-2019-15858 · Alfresco · Alfresco Enterprise

Name of the Vulnerable Software and Affected Versions: Alfresco Enterprise versions prior to 5.2.5 Description: The issue allows for stored XSS via an uploaded HTML document. This means an attacker can upload a malicious HTML file to the system, which can then execute scripts on the user's browse...

USN-4201-1 ruby2.3, ruby2.5 vulnerabilities

It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access. CVE-2019-15845 It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could use this issue to...

PT-2019-15720 · Cyrus +5 · Cyrus Imap +5

Name of the Vulnerable Software and Affected Versions: Cyrus IMAP versions 2.5.x through 2.5.13 Cyrus IMAP versions 3.x through 3.0.11 Description: The issue allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that...

March 5, 2019, update for Access 2010 (KB4018363)

March 5, 2019, update for Access 2010 KB4018363 This article describes update 4018363 for Microsoft Access 2010 that was released on March 5, 2019.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2010. It doesn't apply to th...

CVE-2019-4398

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. IBM X-Force ID: 162259...

Dell RSA BSAFE Crypto-J Encryption Issue Vulnerability

Dell RSA BSAFE Crypto-J is RSA's FIPS-validated Java cryptographic module. A security vulnerability exists in Dell RSA BSAFE Crypto-J versions prior to 6.2.5. An attacker could exploit this vulnerability to force both parties to compute the same predictable shared key...