Lucene search
K

112 matches found

NVD
NVD
added 2024/03/15 7:15 p.m.28 views

CVE-2023-51699

Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications. An OS command injection vulnerability within the Fluid project's JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8...

6CVSS5.1AI score0.00611EPSS
Exploits0References2
Prion
Prion
added 2024/02/17 2:15 a.m.18 views

Design/Logic Flaw

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite component: Engineering Change Order. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed...

5.8CVSS6.5AI score0.00361EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/01/17 12:0 a.m.5 views

Oracle Java SE and Oracle GraalVM Security Vulnerabilities

Oracle Java SE and Oracle GraalVM are both products of Oracle Corporation.Oracle Java SE is a product for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments.Oracle GraalVM is a set of on-the-fly compilers written in the Java language...

3.1CVSS6.7AI score0.00553EPSS
Exploits0References3
OSV
OSV
added 2024/01/16 10:15 p.m.4 views

CVE-2024-20942

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain component: LOV. Supported versions that are affected are 11.5, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

6.1CVSS7.3AI score0.00168EPSS
Exploits0References1
NVD
NVD
added 2024/01/16 10:15 p.m.15 views

CVE-2023-21901

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 8.0.7, 8.0.8, 8.0.9, 8.1.0, 8.1.1 and 8.1.2. Easily exploitable vulnerability allows low...

7.4CVSS6.9AI score0.00321EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/01/11 8:32 a.m.6 views

CVE-2023-6369 Export WP Page to Static HTML/CSS <= 2.1.9 - Missing Authorization via Multiple AJAX Actions

The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with...

5.4CVSS6.5AI score0.00458EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.5 views

PT-2023-7602 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 12.7.1 macOS versions prior to 13.6.1 macOS versions prior to 14.1 Description: The issue allows a website to access the microphone without the microphone use indicator being shown. This is related to a lack of...

5CVSS5.6AI score0.00985EPSS
Exploits0References18
Vulnrichment
Vulnrichment
added 2023/08/08 12:46 a.m.10 views

CVE-2023-37491 Improper Authorization check vulnerability in SAP Message Server

The ACL Access Control List of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the...

7.5CVSS6.6AI score0.0044EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/06/20 6:50 p.m.20 views

When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id

Impact If you used the apiPrefilter option of the @Entity decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the id of an entity instance she is not authorized to access, can gain read, update and delete access to it...

6.3CVSS10AI score0.00546EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/12 12:0 a.m.6 views

The vulnerability of the OBVAM Internal Tfr Domain component of the Oracle Banking Virtual Account Management component in the banking analytics system’s simulation model of Oracle Financial Services Applications allows a perpetrator to cause service failures or gain access to read, modify, add, or delete data.

The vulnerability of the OBVAM Internal Tfr Domain component of the Oracle Banking Virtual Account Management component in the banking analytics system’s simulation model of Oracle Financial Services Applications is related to insufficient validation of input data. Exploiting this vulnerability...

6.1CVSS6.6AI score0.00399EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/04/18 8:15 p.m.6 views

CVE-2023-21978

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: GUI. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Object...

6.5CVSS6.9AI score0.00376EPSS
Exploits0References1
OSV
OSV
added 2023/04/18 8:15 p.m.4 views

CVE-2023-21973

Vulnerability in the Oracle iProcurement product of Oracle E-Business Suite component: E-Content Manager Catalog. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iProcurement...

5.4CVSS6.7AI score0.00377EPSS
Exploits0References1
Prion
Prion
added 2023/04/18 8:15 p.m.16 views

Buffer overflow

Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications component: OBVAM Trn Journal Domain. Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network acces...

4.3CVSS5.2AI score0.00399EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/04/18 8:15 p.m.7 views

UBUNTU-CVE-2023-22000

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

4.6CVSS6.7AI score0.00309EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/22 1:51 p.m.6 views

CVE-2023-0952

Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data without proper authorization...

6.4AI score0.00659EPSS
Exploits0References1
Tibco
Tibco
added 2023/02/17 8:6 p.m.18 views

TIBCO Security Advisory: February 22, 2023 - TIBCO EBXAdd-ons -CVE-2022-41566

TIBCO EBX Add-ons Cross Site Scripting XSS Vulnerability Original release date:February 22, 2023 Last revised: --- CVE-2022-41566 Source: TIBCO Software Inc. Products Affected TIBCO EBX Add-ons versions 5.6.0 and below The following component is affected: server Description The component listed...

4.9CVSS5.4AI score0.00394EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:51 a.m.4 views

SUSE CVE-2017-3332

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: VirtualBox SVGA Emulation. Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows low privileged attacker with logon to the...

8.4CVSS6.8AI score0.00384EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:23 a.m.5 views

SUSE CVE-2022-39423

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.38. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

6CVSS5.7AI score0.00503EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/01/30 12:0 a.m.16 views

The vulnerability of the InnoDB component of the MySQL Database Server allows a perpetrator to gain unauthorized access for reading, modifying, or deleting data, or to cause service failures.

The vulnerability of the InnoDB component in the MySQL Database Management System is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to read, modify, or delete data, or to cause service failures...

7.5CVSS6.4AI score0.00817EPSS
Exploits0References5Affected Software2
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.4 views

PT-2023-8740 · Oracle · Oracle Business Intelligence Enterprise Edition

Name of the Vulnerable Software and Affected Versions: Oracle Business Intelligence Enterprise Edition versions 5.9.0.0.0 through 6.4.0.0.0 Description: The issue is related to insufficient input validation in the Visual Analyzer component. It allows a low-privileged attacker with network access...

5.5CVSS5.4AI score0.00377EPSS
Exploits0References7
Rows per page
Query Builder