CVE-2020-14713

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Orac...

Buffer overflow

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network...

Design/Logic Flaw

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering component: Web Access. Supported versions that are affected are 17.1.0.0-17.12.17.1, 18.1.0.0-18.8.19 and 19.12.0-19.12.5. Difficult to exploit vulnerability allows...

Design/Logic Flaw

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Orac...

Design/Logic Flaw

Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications component: WebGUI. Supported versions that are affected are 3.0.0-3.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2020-14717

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite component: CRM User Management Framework. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

CVE-2020-14690

CVE-2020-14690 affects Oracle Fusion Middleware’s Oracle Business Intelligence Enterprise Edition (Analytics Actions). Affects supported versions: 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0. The vulnerability permits unauthenticated, network-based access via HTTP with user interaction required...

CVE-2020-14612

Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle PeopleSoft component: Time and Labor. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HRMS. Successful...

CVE-2020-14534

The CVE-2020-14534 entry concerns Oracle E-Business Suite’s OA Framework (Popups) in version 12.2.9. A vulnerability allows an unauthenticated attacker who can reach Oracle Applications Framework over HTTP to compromise it, with human interaction required. The impact described includes potential ...

CVE-2020-14533

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce component: Dynamo Application Framework. Supported versions that are affected are 11.1, 11.2 and prior to 11.3.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise...

OSV-2020-862 Use-of-uninitialized-value in std::__1::vector<std::__1::vector<Sass::Extension, std::__1::allocator<Sass::Ext

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21223 Crash type: Use-of-uninitialized-value Crash state: std::1::vectorstd::1::vectorSass::Extension, std::1::allocatorSass::Ext Sass::Extender::extendCompound Sass::Extender::extendComplex...

OSV-2020-823 Object-size in std::__1::vector<wabt::DataSegment*, std::__1::allocator<wabt::DataSegment*> >::

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20367 Crash type: Object-size Crash state: std::1::vector :: wabt::BinaryReaderIR::OnDataSymbol wabt::BinaryReader::ReadLinkingSection...

CVE-2020-13993

An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated attackers to retrieve information from the database via a ticket...

The vulnerability of the fscrypt_do_page_crypto() function in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the fscryptdopagecrypto function in the Linux operating system is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

hw: Vector Register Data Sampling

A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read...

Moderate: Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update

An update for microcodectl is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Libstar Intelligent Library Service Platform of Jiangsu Tuxing Software Technology Limited Liability Company suffers from logic flaw vulnerability

Libstar Intelligent Library Service Platform is a library management system that utilizes a service-oriented architecture framework. Libstar Intelligent Library Service Platform of Jiangsu Tuxing Software Technology Co., Ltd. has a logic flaw vulnerability that can be exploited by an attacker to...

Enterprise Token Ecosystem Digital Error Vulnerability

Enterprise Token Ecosystem ETE ContractName:NetkillerToken is an ethereum-based digital currency. An integer overflow vulnerability exists in the 'mintToken' function in ETE's smart contract implementation. An attacker could use this vulnerability to set the balance of any user to an arbitrary...

RHEL 7 : microcode_ctl (RHSA-2020:2842)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2842 advisory. Security Fixes: hw: Special Register Buffer Data Sampling SRBDS CVE-2020-0543 hw: L1D Cache Eviction Sampling CVE-2020-0549 hw: Vector...

OSV-2020-612 Use-of-uninitialized-value in std::__1::vector<std::__1::vector<Sass::SharedImpl<Sass::ComplexSelector>, std::

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18066 Crash type: Use-of-uninitialized-value Crash state: std::1::vector, std:: Sass::ComplexSelector::resolveparentrefs Sass::Eval::operator...