Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite E-Business Suite is a fully integrated set of global business management software from Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle Complex Maintenanc...

PT-2024-3742 · Oracle · Oracle Complex Maintenance

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the LOV component of Oracle Complex Maintenance, Repair, and Overhaul, allowing an...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a security issue in vfio/fsl-mc...

XZ Utils Backdoor

The cybersecurity world got really lucky last week. An intentionally placed backdoor in XZ Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer--weeks before it would have been incorporated into both Debian and Red Hat Linux. From ArsTehnica:...

BIT-ELASTICSEARCH-2020-7020

Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documen...

es5-ext Security Vulnerability

es5-ext is an ECMAScript extension from the individual developer Mariusz Nowak. A security vulnerability exists in es5-ext prior to v0.10.63, which stems from the use of functions with very long names or complex default parameter names that may cause the script to halt...

CVE-2024-0944 Totolink T8 cstecgi.cgi session expiration

A vulnerability was found in Totolink T8 4.1.5cu.83320220905. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is...

Vulnerabilities fixed in Oracle Supply Chain products

Oracle has fixed vulnerabilities in several Supply Chain products. A malicious party could exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Access to sensitive data The vulnerabilities have been...

CVE-2024-20942

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain component: LOV. Supported versions that are affected are 11.5, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

Design/Logic Flaw

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain component: LOV. Supported versions that are affected are 11.5, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2024-20942

The CVE-2024-20942 vulnerability affects Oracle Complex Maintenance, Repair, and Overhaul (LOV component) in Oracle Supply Chain. Affected versions: 11.5, 12.1, 12.2. The issue arises from insufficient input validation in LOV, allowing a remote attacker with network access via HTTP to compromise ...

Oracle Supply Chain Products Suite Security Vulnerability

Oracle Supply Chain Products Suite is a set of supply chain solutions from Oracle Oracle. The product provides value chain planning, value chain execution, product lifecycle management and other functions. A security vulnerability exists in Oracle Supply Chain's Oracle Complex Maintenance, Repair...

PT-2024-1234 · Oracle · Oracle Complex Maintenance

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 11.5 through 12.2 Description: The issue exists due to insufficient input validation in the LOV component of the Oracle Complex Maintenance, Repair, and Overhaul application. This allo...

EulerOS Virtualization 2.9.1 : ntp (EulerOS-SA-2023-2964)

According to the versions of the ntp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpcpdec while loop. An adversary may be able to attack ...

AI and Lossy Bottlenecks

Artificial intelligence is poised to upend much of society, removing human limitations inherent in many systems. One such limitation is information and logistical bottlenecks in decision-making. Traditionally, people have been forced to reduce complex choices to a small handful of options that do...

CVE-2014-125108 w3c online-spellchecker-py spellchecker cross site scripting

A vulnerability was found in w3c online-spellchecker-py up to 20140130. It has been rated as problematic. This issue affects some unknown processing of the file spellchecker. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rathe...

Which DevOps Skills are the Hardest to Learn?

DevOps professionals face expansive challenges, from learning complex technologies to developing and honing interpersonal skills. Read on to discover some of the most difficult skills the role demands...

WPS Server Side Request Forgery vulnerability

Summary The OGC Web Processing Service WPS specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. Details This vulnerability requires: The WPS extension to be installed The WPS security setting...

GHSA-CX2Q-HFXR-RJ97 Vyper's `_abi_decode` input not validated in complex expressions

Impact abidecode does not validate input when it is nested in an expression. the following example gets correctly validated bounds checked: vyper x: int128 = abidecodeslicemsg.data, 4, 32, int128 however, the following example is not bounds checked vyper @external def abidecodex: uint256 - uint25...

CVE-2023-4095

User enumeration vulnerability in Arconte Áurea 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to obtain a list of registered users in the application, obtaining the necessary information to perform more complex attacks on the platform...