112 matches found
CVE-2023-51699
Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications. An OS command injection vulnerability within the Fluid project's JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8...
Design/Logic Flaw
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite component: Engineering Change Order. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed...
Oracle Java SE and Oracle GraalVM Security Vulnerabilities
Oracle Java SE and Oracle GraalVM are both products of Oracle Corporation.Oracle Java SE is a product for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments.Oracle GraalVM is a set of on-the-fly compilers written in the Java language...
CVE-2024-20942
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain component: LOV. Supported versions that are affected are 11.5, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
CVE-2023-21901
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 8.0.7, 8.0.8, 8.0.9, 8.1.0, 8.1.1 and 8.1.2. Easily exploitable vulnerability allows low...
CVE-2023-6369 Export WP Page to Static HTML/CSS <= 2.1.9 - Missing Authorization via Multiple AJAX Actions
The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with...
PT-2023-7602 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 12.7.1 macOS versions prior to 13.6.1 macOS versions prior to 14.1 Description: The issue allows a website to access the microphone without the microphone use indicator being shown. This is related to a lack of...
CVE-2023-37491 Improper Authorization check vulnerability in SAP Message Server
The ACL Access Control List of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the...
When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id
Impact If you used the apiPrefilter option of the @Entity decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the id of an entity instance she is not authorized to access, can gain read, update and delete access to it...
The vulnerability of the OBVAM Internal Tfr Domain component of the Oracle Banking Virtual Account Management component in the banking analytics system’s simulation model of Oracle Financial Services Applications allows a perpetrator to cause service failures or gain access to read, modify, add, or delete data.
The vulnerability of the OBVAM Internal Tfr Domain component of the Oracle Banking Virtual Account Management component in the banking analytics system’s simulation model of Oracle Financial Services Applications is related to insufficient validation of input data. Exploiting this vulnerability...
CVE-2023-21978
Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: GUI. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Object...
CVE-2023-21973
Vulnerability in the Oracle iProcurement product of Oracle E-Business Suite component: E-Content Manager Catalog. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iProcurement...
Buffer overflow
Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications component: OBVAM Trn Journal Domain. Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network acces...
UBUNTU-CVE-2023-22000
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...
CVE-2023-0952
Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data without proper authorization...
TIBCO Security Advisory: February 22, 2023 - TIBCO EBXAdd-ons -CVE-2022-41566
TIBCO EBX Add-ons Cross Site Scripting XSS Vulnerability Original release date:February 22, 2023 Last revised: --- CVE-2022-41566 Source: TIBCO Software Inc. Products Affected TIBCO EBX Add-ons versions 5.6.0 and below The following component is affected: server Description The component listed...
SUSE CVE-2017-3332
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: VirtualBox SVGA Emulation. Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows low privileged attacker with logon to the...
SUSE CVE-2022-39423
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.38. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...
The vulnerability of the InnoDB component of the MySQL Database Server allows a perpetrator to gain unauthorized access for reading, modifying, or deleting data, or to cause service failures.
The vulnerability of the InnoDB component in the MySQL Database Management System is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to read, modify, or delete data, or to cause service failures...
PT-2023-8740 · Oracle · Oracle Business Intelligence Enterprise Edition
Name of the Vulnerable Software and Affected Versions: Oracle Business Intelligence Enterprise Edition versions 5.9.0.0.0 through 6.4.0.0.0 Description: The issue is related to insufficient input validation in the Visual Analyzer component. It allows a low-privileged attacker with network access...