CVE-2021-2116

Vulnerability in the Oracle Application Express Opportunity Tracker component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to...

CVE-2021-2107

Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite component: Outcome-Result. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2021-35541

Vulnerability in the PeopleSoft Enterprise SCM product of Oracle PeopleSoft component: Supplier Portal. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM. Successful...

CVE-2025-30694

Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Easily exploitable vulnerability allows low privileged attacker having User Account privilege with network access via HTTP to compromise XML...

CVE-2025-21539

Vulnerability in the PeopleSoft Enterprise FIN eSettlements product of Oracle PeopleSoft component: eSettlements. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN...

The vulnerability of the Chatbot component of Oracle Financial Services’ Revenue Management and Billing system allows a hacker to gain unauthorized access to read, add, modify, or delete data.

The vulnerability of the Chatbot component of Oracle Financial Services’ Revenue Management and Billing system is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to read, add, modify, or delete...

The vulnerability of the Gogs software interface allows a hacker to gain access to read, modify, or delete data.

The vulnerability of the Gogs Git repository creation software interface is related to errors in handling symbolic links. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to read, modify, or delete data...

The vulnerability of the tracefs file system in the Linux operating system allows a perpetrator to gain access to read, modify, or delete data.

The vulnerability of the tracefs file system in the Linux operating system is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain access to read, modify, or delete data...

The vulnerability of the Personalization component of the Oracle Applications Framework, a web application development platform, within the Oracle E-Business Suite, allows an intruder to gain unauthorized access to read, modify, or delete data.

The vulnerability of the Personalization component of the Oracle Applications Framework, a platform for developing web applications in enterprise automation systems within the Oracle E-Business Suite, is related to improper authentication. Exploiting this vulnerability allows an attacker to gain...

The vulnerability of the typeedit.php file in the Tailoring Management System allows a hacker to execute arbitrary SQL code, gain unauthorized access to read or modify data, gain control over the system, or cause a service failure.

The vulnerability of the typeedit.php file in the Tailoring Management System relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary SQL code, gain unauthorized access to read or modify...

UBUNTU-CVE-2024-21170

Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/Python. Supported versions that are affected are 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successfu...

CVE-2024-21117

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Core. Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In...

CVE-2024-21031

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2024-21001

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: BI Platform Security. The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2023-51947

Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication...

The vulnerability of the ide_dma_cb() function in the QEMU hardware emulation software allows a attacker to gain access to read, modify, or delete data, or to cause a service failure.

The vulnerability of the idedmacb function in the QEMU hardware emulation software is related to synchronization errors when processing the DRQSTAT parameter. Exploiting this vulnerability can allow an attacker to gain access to read, modify, or delete data, or cause a service failure...

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to gain read, modify, add, or delete access to data.

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data...

PT-2023-6418 · Oracle · Oracle Banking Trade Finance

Name of the Vulnerable Software and Affected Versions: Oracle Banking Trade Finance versions 14.5 through 14.7 Description: The issue exists due to insufficient input validation in the Infrastructure component of Oracle Banking Trade Finance, allowing a remote attacker to gain read, modify, add, ...

The vulnerability of the CreateOrConfigureAsync function on the Docker Desktop for Windows development and delivery platform allows a malicious actor to gain read, modify, or delete access to data.

The vulnerability of the CreateOrConfigureAsync function on the Docker Desktop for Windows development and delivery platform is related to errors in handling symbolic links with the DataFolder parameter. Exploiting this vulnerability may allow an attacker to gain read, modify, or delete access to...

CVE-2023-21960

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server...