UBUNTU-CVE-2023-22006

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle...

UBUNTU-CVE-2023-22038

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2023-22060

Oracle Hyperion Workspace (UI and Visualization) is affected by CVE-2023-22060 in version 11.2.13.0.000. The flaw is an insecure privilege management issue that allows a low-privileged attacker with network access via HTTP to compromise Workspace. Attacks require user interaction and can lead to ...

CVE-2023-3713

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profilemagicchecksmtpconnection' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permission...

Design/Logic Flaw

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pmuploadcsv' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to import...

Design/Logic Flaw

The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hfupdatecustomer' function called via an AJAX action in versions up to, and including, 2.4.1. This makes it possible for authenticated...

CVE-2023-3403

ProfileGrid – User Profiles, Memberships, Groups and Communities vulnerability CVE-2023-3403: missing capability check in pm_upload_csv allows authenticated attackers with subscriber+ privileges to import/update users in versions up to 5.5.1; no patch/version remediation details provided in the c...

CVE-2023-3714

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'editgroup' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, includin...

CVE-2023-3403 ProfileGrid <= 5.5.1 - Missing Authorization to User Import

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pmuploadcsv' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to import...

CVE-2023-3714 ProfileGrid <= 5.5.2 - Missing Authorization to Arbitrary Group Option Modification and Privilege Escalation

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'editgroup' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, includin...

CVE-2023-3459 Export and Import Users and Customers <= 2.4.1 - Missing Authorization to Authenticated (Shop Manager) Arbitrary User Password Change

The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hfupdatecustomer' function called via an AJAX action in versions up to, and including, 2.4.1. This makes it possible for authenticated...

CVE-2023-3459

CVE-2023-3459 affects the WordPress plugin “Export and Import Users and Customers.” Vulnerable through version 2.4.1 due to a missing capability check on the hf_update_customer function invoked via AJAX. This allows an authenticated attacker with shop-manager permissions to modify user data (e.g....

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management, and other functions. A security vulnerability in the Oracle Web...

Oracle Business Intelligence Enterprise Edition 安全漏洞

Oracle Business Intelligence Enterprise Edition is an intelligent business analytics software from Oracle. Visualize and analyze enterprise data to support decision making, reduce total cost of ownership, and increase ROI across the organization. A security vulnerability exists in Oracle Business...

PT-2023-3627 · Oracle · Application Express Customers Plugin

Name of the Vulnerable Software and Affected Versions: Application Express Customers Plugin versions 18.2 through 22.2 Description: The issue exists due to insufficient input validation in the Application Express Customers Plugin component of Oracle Application Express. This allows a remote...

ProfileGrid < 5.5.3 - Group Owner+ Unauthorized Data Modification

Description The plugin does not adequately check capabilities on the 'editgroup' handler, enabling authenticated users with group ownership to improperly update group options, including the 'associaterole' parameter, which sets the member's role...

Oracle Business Intelligence Enterprise Edition 安全漏洞

Oracle Business Intelligence Enterprise Edition is an intelligent business analytics software from Oracle. Visualize and analyze enterprise data to support decision making, reduce total cost of ownership, and increase ROI across the organization. A security vulnerability exists in Oracle Business...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management, and other functions. A security vulnerability exists in the Oracle...

ProfileGrid < 5.5.2 - Subscriber+ Unauthorized Data Modification

Description The plugin does not perform proper capability checks on the 'pmuploadcsv' function, enabling authenticated users with subscriber-level permissions or above to import new users and update existing ones...

Oracle Business Intelligence Enterprise Edition 安全漏洞

Oracle Business Intelligence Enterprise Edition is an intelligent business analytics software from Oracle. Visualize and analyze enterprise data to support decision making, reduce total cost of ownership, and increase ROI across the organization. A security vulnerability exists in Oracle Business...