vaadin-server 跨站脚本漏洞

Vaadin-server is a Vaadin open source application . A platform for rapid development of Web applications on the Java backend . A security vulnerability exists in vaadin-server versions 7.4.0 through 7.7.19, which can be exploited by an attacker to inject malicious JavaScript via an unspecified...

CVE-2021-2234

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM...

CVE-2021-2197

Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: Shopping Cart. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore...

CVE-2021-2171

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

CVE-2021-2306

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

CVE-2021-2261

CVE-2021-2261 affects Oracle E-Business Suite, Oracle Lease and Finance Management Quotes component. Affected versions are 12.1.1–12.1.3 and 12.2.3–12.2.10. The flaw allows a low-privilege, network-accessible attacker (via HTTP) to compromise data, enabling unauthorized creation, deletion, or mod...

CVE-2021-2172

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...

CVE-2021-2135

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Coherence Container. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to...

CVE-2021-2145

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...

CVE-2021-2217

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

Nextcloud: Targeted phishing attacks in Login flow v2

Vulnerability description not provided...

GPAC 输入验证错误漏洞

GPAC is an open source multimedia framework. GPAC 1.0.1 is vulnerable to integer overflow, which can be exploited by attackers to cause assignment failures...

PT-2024-11112 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the KVM: SVM component of the Linux kernel. Access to the GHCB Guest-to-Host Communication Buffer is mainly in the VMGEXIT path and it is known that the GHCB wi...

SUSE: Security Advisory (SUSE-SU-2018:1076-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:3457-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

In the standard library in Rust before 1.52.0 a double free can occur in the Vec::from_iter function if freeing the element panics.

...

[SECURITY] Fedora 33 Update: batik-1.14-2.fc33

Batik is a Javatm technology based toolkit for applications that want to use images in the Scalable Vector Graphics SVG format for various purposes, such as viewing, generation or manipulation...

Security Bulletin: IBM Security Guardium is affected by an Apache Xalan-Java library vulnerability (CVE-2014-0107)

Summary IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID: CVE-2014-0107 DESCRIPTION: Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An attacker could exploit this vulnerability t...

GO-2020-0005 Panic due to malformed WALs in go.etcd.io/etcd

Malformed WALs can be constructed such that WAL.ReadAll can cause attempted out of bounds reads, or creation of arbitrarily sized slices, which may be used as a DoS vector...

GO-2021-0061 Denial of service in gopkg.in/yaml.v2

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector...