PT-2023-1247 · Oracle · Oracle E-Business Suite

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.12 Description: The issue is related to insufficient input validation in the Java utils component of Oracle Applications DBA, part of the Oracle E-Business Suite. This can allow a remote...

PT-2023-1198 · Oracle · Oracle Sales For Handhelds

Name of the Vulnerable Software and Affected Versions: Oracle Sales for Handhelds versions 12.2.3 through 12.2.12 Description: The issue is related to insufficient input validation in the Pocket Outlook Sync PocketPC component of Oracle Sales for Handhelds, part of the Oracle E-Business Suite...

PT-2023-1208 · Mysql Server +6 · Mysql Server +6

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.31 and prior Description: The issue is related to insufficient input validation in the InnoDB component of MySQL Server, allowing a high-privileged attacker with network access via multiple protocols to compromise th...

PT-2023-1217 · Mysql Server +6 · Mysql Server +6

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.31 and prior Description: The issue is related to insufficient input validation in the Server: Optimizer component of MySQL Server, allowing a high-privileged attacker with network access via multiple protocols to...

PT-2023-1209 · Oracle +7 · Mysql Server +6

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.31 and prior Description: The issue is related to insufficient input validation in the encryption component of MySQL Server, allowing a remote attacker to gain unauthorized access to read, modify, or delete data, or...

PT-2023-1220 · Mysql Server +6 · Mysql Server +6

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.31 and prior Description: The issue is related to insufficient input validation in the InnoDB component of MySQL Server, allowing a high-privileged attacker with network access via multiple protocols to compromise th...

PT-2023-6831 · Oracle · Oracle Business Intelligence Enterprise Edition

Name of the Vulnerable Software and Affected Versions: Oracle Business Intelligence Enterprise Edition versions 5.9.0.0.0 through 6.4.0.0.0 Description: The issue exists due to insufficient input validation in the Visual Analyzer component. This allows a remote attacker to gain read access to dat...

PT-2023-1224 · Oracle · Oracle Demantra Demand Management

Name of the Vulnerable Software and Affected Versions: Oracle Demantra Demand Management versions 12.1 through 12.2 Description: The issue is related to insufficient input validation in the E-Business Collections component of Oracle Demantra Demand Management, allowing an unauthenticated attacker...

PT-2023-1240 · Oracle · Oracle E-Business Suite +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.12 Description: The issue is related to insufficient input validation in the Synchronization component of Oracle Mobile Field Service. It allows an unauthenticated attacker with network...

PT-2023-1243 · Oracle · Oracle Hospitality Reporting/Analytics

Name of the Vulnerable Software and Affected Versions: Oracle Hospitality Reporting and Analytics version 9.1.0 Description: The issue is related to insufficient input validation in the Reporting component of Oracle Hospitality Reporting and Analytics. This easily exploitable vulnerability can be...

CVE-2023-0016

SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. The exploitation of this issue could lead to SQL injection vulnerability and could allow an attacker to access, modify, and/or delete data from the backend database...

CVE-2023-0016 SQL Injection vulnerability in SAP Business Planning and Consolidation MS

SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. The exploitation of this issue could lead to SQL injection vulnerability and could allow an attacker to access, modify, and/or delete data from the backend database...

Mozilla Firefox Trust Management Issue Vulnerability (CNVD-2023-05204)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to trust management issues, which can be exploited by attackers to read and modify data...

Aruba Networks EdgeConnect Enterprise Orchestrator SQL注入漏洞

Aruba Networks EdgeConnect Enterprise Orchestrator is a centralized SD-WAN management solution from Aruba Networks, Inc. It provides optimization, management, automation, and real-time visibility and monitoring features for enterprise users. A security vulnerability exists in Aruba Networks...

PHP 安全漏洞

PHP is a scripting language in which PHP is executed server-side. PHP has a security vulnerability. An attacker exploiting the vulnerability can read or change data...

PT-2023-14233 · Aruba · Aruba Edgeconnect Enterprise Orchestrator

Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect Enterprise Orchestrator versions 9.2.1.40179 and below Aruba EdgeConnect Enterprise Orchestrator versions 9.1.4.40436 and below Aruba EdgeConnect Enterprise Orchestrator versions 9.0.7.40110 and below Aruba EdgeConnect...

PT-2023-13674 · Unknown · Aenrich A+Hrd

Name of the Vulnerable Software and Affected Versions: aEnrich a+HRD affected versions not specified Description: The issue is related to insufficient user input validation for a specific API parameter, allowing an unauthenticated remote attacker to inject arbitrary SQL commands. This can lead to...

aEnrich a+HRD SQL注入漏洞

aEnrich a+HRD is a full-service human resources development solution from aEnrich, Inc. A security vulnerability exists in aEnrich a+HRD that stems from insufficient validation of user inputs to specific API parameters in its a+HRD allowing an unauthenticated, remote attacker to inject arbitrary...

CVE-2022-41271

An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration PI - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability...

SUSE SLES15 / openSUSE 15 Security Update : buildah (SUSE-SU-2022:4350-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4350-1 advisory. Version update to 1.28.2. - CVE-2022-2990: Fixed a possible information disclosure and modification vulnerability...