OpenJDK: memory corruption issue on x86_64 with AVX-512 (8317121)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition:...

SUSE: Security Advisory (SUSE-SU-2023:4099-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-22119

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 12.3, 12.4, 14.0-14.3 and 14.5-14.7. Difficult to exploit vulnerability allows low privileged attacker with network access v...

CVE-2023-22124

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2023-22118

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 12.3, 12.4, 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via...

CVE-2023-22091

Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Compiler. Supported versions that are affected are Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Difficult to exploit...

CVE-2023-22093

Vulnerability in the Oracle iRecruitment product of Oracle E-Business Suite component: Requisition and Vacancy. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iRecruitment...

CVE-2023-22096

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise...

CVE-2023-22094

Vulnerability in the MySQL Installer product of Oracle MySQL component: Installer: General. Supported versions that are affected are Prior to 1.6.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Installer executes to compromise MySQL...

CVE-2023-22080

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: PIA Core Technology. Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

CVE-2023-22067

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows...

CVE-2023-22029

Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce component: Workbench. The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successf...

CVE-2023-22094

Vulnerability in the MySQL Installer product of Oracle MySQL component: Installer: General. Supported versions that are affected are Prior to 1.6.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Installer executes to compromise MySQL...

UBUNTU-CVE-2023-22094

Vulnerability in the MySQL Installer product of Oracle MySQL component: Installer: General. Supported versions that are affected are Prior to 1.6.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Installer executes to compromise MySQL...

UBUNTU-CVE-2023-22025

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition:...

SUSE-SU-2023:4099-1 Security update for buildah

This update for buildah fixes the following issues: - CVE-2022-2990: Fixed a flaw which might allow sensitive information disclosure or possible data modification. bsc1202812 - buildah is also rebuilt against go1.21...

PT-2023-6269 · Oracle · Oracle Applications Framework +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.12 Description: The issue is related to insufficient input validation in the Personalization component of the Oracle Applications Framework product. This allows an unauthenticated attacker...

PT-2023-6202 · Mysql Server · Mysql Installer

Name of the Vulnerable Software and Affected Versions: MySQL Installer versions prior to 1.6.8 Description: The issue is related to insufficient input validation in the MySQL Installer product, specifically in the Installer: General component. This vulnerability can be easily exploited by a...

WordPress WP ERP 1.12.2 SQL Injection

Exploit Title: WP Plugins WP ERP = 1.12.2 - SQL Injection Date: 15-10-2023 Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/erp/ Vendor Homepage: https://wperp.com/ Version: 1.12.2 Tested on: Windows, Linux CVE: CVE-2023-2744 Product Description WP ERP is the first full-fledge...

GHSA-7286-PGFV-VXVH Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...