Oracle Retail Applications Retail Integration Bus Component Unauthorized Operation Vulnerability

Oracle Retail Applications is a set of retail application store solutions from Oracle Corporation. Retail Integration Bus is one of the components that provides real-time messaging for retailers' surveys. A security vulnerability exists in the RIB Kernal Apache Commons Collections subcomponent of...

Oracle Fusion Middleware Outside In Technology Component Denial of Service Vulnerability (CNVD-2018-10966 )

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle Corporation. The platform provides middleware, software collections, etc. Outside In Technology is one of the software development kit components. A securi...

WebLogic WLS core components deserialization Vulnerability, CVE-2018-2628-a vulnerability warning-the black bar safety net

Vulnerability/event summary Beijing Time 4 month 18 days morning, Oracle officially released 4 months a critical patch update CPU CriticalPatchUpdate,which contains a high risk of the Weblogic deserialization VulnerabilityCVE-2018-2628, by the vulnerability, the attacker may unauthorized remote...

The vulnerability of the Android operating system’s loader from the CAF repository allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Android operating system’s loader from the CAF repository is related to insufficient checks on the sizes of headers in compressed load images. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protect...

Unspecified Vulnerability in Oracle Support Tools OSS Support Tools Component

Oracle Support Tools is the United States Oracle Oracle company's set of Oracle support tools. OSS Support Tools is one of the object storage support tools. A security vulnerability exists in the Diagnostic Assistant subcomponent of the OSS Support Tools component of Oracle Support Tools prior to...

Oracle VM VirtualBox Elevation of Privilege Vulnerability (CNVD-2018-02060)

Oracle Virtualization is the American Oracle Oracle company's set of hardware and software virtualization management solutions. Oracle VM VirtualBox is one of the virtual machine components. A security vulnerability exists in the Oracle VM VirtualBox component of Oracle Virtualization, versions...

Oracle VM VirtualBox Elevation of Privilege Vulnerability (CNVD-2018-02061)

Oracle Virtualization is the American Oracle Oracle company's set of hardware and software virtualization management solutions. Oracle VM VirtualBox is one of the virtual machine components. A security vulnerability exists in the Oracle VM VirtualBox component of Oracle Virtualization, versions...

Oracle VM VirtualBox Elevation of Privilege Vulnerability (CNVD-2018-02058)

Oracle Virtualization is the American Oracle Oracle company's set of hardware and software virtualization management solutions. Oracle VM VirtualBox is one of the virtual machine components. A security vulnerability exists in the Oracle VM VirtualBox component of Oracle Virtualization, versions...

The vulnerability of the 802.1X component of the Mac OS X operating system allows a intruder to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the 802.1X component in the Mac OS X operating system is related to errors in the implementation of the TLS 1.0 protocol. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

Unspecified Vulnerability in Oracle Fusion Middleware (CNVD-2018-02273)

Oracle Fusion Middleware Oracle Fusion Middleware is a suite of Oracle's business innovation platforms for enterprise and cloud environments.Oracle HTTP Server is one of the web server components based on Apache open source technology, which delivers static and dynamic content and can be integrat...

The vulnerability of the queue_push function in the yodl package, which allows a perpetrator to compromise data confidentiality, integrity, and accessibility.

The vulnerability of the queuepush function in the yodl package occurs due to the operation being performed outside the buffer in memory. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of data...

The vulnerability of cnPilot R200/201 routers, related to RSA key management errors, allows attackers to compromise the confidentiality, integrity, and accessibility of data.

The vulnerability of cnPilot R200/201 routers is related to RSA key management errors. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality, integrity, and accessibility of data...

The vulnerability of the ImagingResampleHorizontal function (libImaging/Resample.c) in the Pillow image processing library allows an attacker to compromise the confidentiality, integrity, and accessibility of data.

The vulnerability of the ImagingResampleHorizontal function libImaging/Resample.c in the Pillow image processing library is due to a numerical overflow issue. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of data by setting t...

RUSTSEC-2017-0006 Unchecked vector pre-allocation

Affected versions of this crate pre-allocate memory on deserializing raw buffers without checking whether there is sufficient data available. This allows an attacker to do denial-of-service attacks by sending small msgpack messages that allocate gigabytes of memory...

The vulnerability of the ftptpd component in the microprogramming software of TP-Link Technologies CO.,LTD.’s C2 and C20i routers allows attackers to compromise the confidentiality, integrity, and accessibility of data.

The vulnerability of the ftptpd component in the C2 and C20i router microprogramming systems is related to the use of pre-installed accounts admin, guest, and test, with passwords “1234”, “guest”, and “test” respectively. Exploiting this vulnerability allows a malicious actor to compromise the...

The vulnerability of the ReadEnhMetaFile function (coders/emf.c) in the console-based image editing tool ImageMagick allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the ReadEnhMetaFile function in the console-based image editing tool ImageMagick is related to pointer aliasing errors. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability in the web interface of the Cisco IOS XE operating system allows attackers to enhance their privileges and affect the confidentiality, integrity, and accessibility of data.

The vulnerability of the Cisco IOS XE operating system’s web interface is related to deficiencies in access control for new users—specifically, the access settings that are configured for users through the web interface. Exploiting this vulnerability allows a malicious actor to enhance their...

Vulnerability in the UI framework of the Android operating system, which allows attackers to enhance their privileges and affect the confidentiality, integrity, and accessibility of data.

The vulnerability in the Android operating system’s UI framework is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to enhance their privileges and compromise the confidentiality, integrity, and accessibility of data...

The vulnerability of the FaxFinder fax server, related to errors in managing registration data, allows a perpetrator to compromise the confidentiality, integrity, and accessibility of these data.

The vulnerability of the FaxFinder fax server stems from errors in the management of registration data, which are embedded in the original HTML code /systemconfiguration/ldap in an open manner. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, an...

Oracle Sun Systems Products Suite Sun ZFS Storage Appliance Kit Component Security Vulnerability

Oracle Sun Systems Products Suite is a suite of Sun systems products from Oracle Corporation.Sun ZFS Storage Appliance Kit AK is one of the ZFS storage appliance kits. An unspecified vulnerability exists in the Filesystem subcomponent of the Sun ZFS Storage AK component of the Oracle Sun Systems...