Lucene search
K

65 matches found

Positive Technologies
Positive Technologies
added 2024/04/08 12:0 a.m.7 views

PT-2024-21978

Name of the Vulnerable Software and Affected Versions: GNU Savane versions 3.12 and earlier Description: The issue allows a remote attacker to delete arbitrary files via crafted input to the trackers data delete file function. This is due to an Insecure Direct Object Reference IDOR in the softwar...

7.5CVSS6.3AI score0.00819EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/03/17 12:0 a.m.7 views

JFinalCMS SQL注入漏洞

JFinalCMS is a content management system. JFinalCMS version 5.0.0 suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the file /admin/divdata/delete. An attacker can exploit this vulnerability to execute illegal SQL comman...

7.2CVSS8.1AI score0.00698EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2023/11/15 12:0 a.m.5 views

The vulnerability of the ide_dma_cb() function in the QEMU hardware emulation software allows a attacker to gain access to read, modify, or delete data, or to cause a service failure.

The vulnerability of the idedmacb function in the QEMU hardware emulation software is related to synchronization errors when processing the DRQSTAT parameter. Exploiting this vulnerability can allow an attacker to gain access to read, modify, or delete data, or cause a service failure...

6.4CVSS6.6AI score0.00231EPSS
Exploits0References12Affected Software6
BDU FSTEC
BDU FSTEC
added 2023/10/25 12:0 a.m.5 views

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to gain read, modify, add, or delete access to data.

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data...

5.5CVSS5.9AI score0.00321EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/08/31 6:15 a.m.18 views

Design/Logic Flaw

The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletebadgeoslogentries function in versions up to, and including, 3.7.1.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

4CVSS4.4AI score0.00386EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/10 12:0 a.m.6 views

The vulnerability of the CreateOrConfigureAsync function on the Docker Desktop for Windows development and delivery platform allows a malicious actor to gain read, modify, or delete access to data.

The vulnerability of the CreateOrConfigureAsync function on the Docker Desktop for Windows development and delivery platform is related to errors in handling symbolic links with the DataFolder parameter. Exploiting this vulnerability may allow an attacker to gain read, modify, or delete access to...

6.4CVSS7.1AI score0.00332EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/04/18 8:15 p.m.4 views

CVE-2023-21992

Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft component: Administer Workforce. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft...

5.4CVSS6.7AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/10/06 12:0 a.m.5 views

The vulnerability of the file collection function of the Business Analytics platform Smart eVision allows a hacker to bypass security restrictions and gain access to read, modify, or delete data.

The vulnerability of the Smart eVision business intelligence platform’s file retrieval function is related to an incorrect restriction on the path name when accessing restricted catalogs. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain access to rea...

10CVSS7.8AI score0.01491EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2022/01/24 12:0 a.m.31 views

Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-17693)

Oracle MySQL Cluster is a write-scalable, real-time, ACID-compliant transactional database developed by Oracle Corporation USA. Oracle MySQL Cluster is vulnerable to an input validation error that could be exploited by attackers to corrupt or delete data...

6.3CVSS4.5AI score0.78951EPSS
Exploits0References1
OSV
OSV
added 2021/04/22 10:15 p.m.2 views

CVE-2021-2240

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...

7.3CVSS6.8AI score0.00907EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/02/02 12:0 a.m.7 views

The vulnerability of the Outcome-Result component of the Oracle Customer Interaction History software allows a perpetrator to gain unauthorized access to protected information or to have read, add, or delete privileges over the data.

The vulnerability of the Outcome-Result component of the Oracle Customer Interaction History software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information or to have read, add,...

8.2CVSS7.7AI score0.01169EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/02/02 12:0 a.m.5 views

The vulnerability of the Print Server component of the Oracle One-to-One Fulfillment application allows a perpetrator to gain unauthorized access to protected information or to have read, add, or delete privileges over that information.

The vulnerability of the Print Server component of the Oracle One-to-One Fulfillment application is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information or to have read, add, or...

9.4CVSS7.8AI score0.01511EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/05/21 12:0 a.m.6 views

The vulnerability of the Outside In Filters component of the Oracle Software Development Kit (SDK), as well as the Oracle Text component of the Oracle Database Server database management system, allows a malicious individual to gain access to read, delete, and modify data, or to cause a service failure.

The vulnerability of the Outside In Filters component of the Oracle Software Development Kit SDK and the Oracle Text component of the Oracle Database Server system is related to lack of access control mechanisms. Exploiting this vulnerability could allow an attacker to gain read, delete, and modi...

7.5CVSS6.9AI score0.01154EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2020/01/15 5:15 p.m.3 views

CVE-2020-2707

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering component: WebAccess. Supported versions that are affected are 15.1.0.0-15.2.18.7, 16.1.0.0-16.2.19.0, 17.1.0.0-17.12.16.0, 18.1.0.0-18.8.16.0 and 19.12.0.0. Easily exploitable...

5.4CVSS6.4AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/01/14 12:0 a.m.4 views

PT-2020-1330 · Oracle · Oracle Flexcube Investor Servicing

Name of the Vulnerable Software and Affected Versions: Oracle FLEXCUBE Investor Servicing versions 12.1.0 through 12.4.0 Oracle FLEXCUBE Investor Servicing versions 14.0.0 through 14.1.0 Description: The issue is related to inadequate access controls in the Infrastructure component of Oracle...

5.8CVSS4.8AI score0.01002EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2019/11/18 12:0 a.m.6 views

The vulnerability of the Services subcomponent of the Oracle Forms component in the Oracle Fusion Middleware software platform allows a malicious individual to gain unauthorized access to read, modify, add, or delete data.

The vulnerability of the Services sub-component of the Oracle Forms component of the Oracle Fusion Middleware software platform is related to lack of access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to read, modify, add, or...

6.1CVSS6.8AI score0.00986EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2019/10/16 12:0 a.m.3 views

Oracle Database Server Core RDBMS Component Input Validation Error Vulnerability

Oracle Database Server is a set of relational database management system of Oracle Oracle. The database management system provides data management, distributed processing and other functions.Core RDBMS is one of the relational database core components. An input validation error vulnerability exis...

2.3CVSS6.5AI score0.00387EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/17 12:0 a.m.3 views

Oracle Outside In Technology Component Access Control Error Vulnerability (CNVD-2019-27775)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle Corporation. The platform provides middleware, software collections, etc. Outside In Technology is one of the software development kit components. A securi...

7.5CVSS6.6AI score0.01244EPSS
Exploits0References1
CNVD
CNVD
added 2019/04/18 12:0 a.m.3 views

Oracle Commerce Platform Component Access Control Error Vulnerability

Oracle Commerce is the United States Oracle Oracle company's set of e-business solutions. Commerce Platform is one of them to provide a multi-functional e-business platform components. An access control error vulnerability exists in the Oracle Commerce Platform component. An attacker could exploi...

6.1CVSS6.7AI score0.0098EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/02/21 12:0 a.m.5 views

The vulnerability of the Foundation UI & Servlets component of the Hyperion BI+ event service allows a perpetrator to gain read access to data, modify data, or cause a partial service failure.

The vulnerability of the Foundation UI & Servlets component of the Hyperion BI+ service is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain read, modify, add, or delete access to data, or cause a partial service outage through HTTP...

6.5CVSS5.8AI score0.00796EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder