Design/Logic Flaw

A local disclosure of sensitive information and a local unauthorized data modification vulnerability were discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could locally exploit this vulnerability to read and write to the iLO 5 firmware file...

CVE-2022-28633

A local disclosure of sensitive information and a local unauthorized data modification vulnerability were discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could locally exploit this vulnerability to read and write to the iLO 5 firmware file...

CVE-2022-28633

CVE-2022-28633 affects HPE Integrated Lights-Out 5 (iLO 5) firmware prior to 2.71. An unprivileged, local user can read and write to the iLO 5 firmware filesystem, resulting in complete loss of confidentiality and partial loss of integrity and availability. HPE provides a firmware update (2.71+) ...

Design/Logic Flaw

Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation, an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application...

The vulnerability of the Fluid Core component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a hacker to gain read, modify, add, or delete access to data.

The vulnerability of the Fluid Core component in the Oracle PeopleSoft Enterprise PeopleTools business application suite exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to gain access to read, modify, add, or delete data...

The vulnerability of the Enterprise Manager Install component of the Enterprise Manager Base Platform allows a malicious individual to gain read, modify, add, or delete access to data, or cause a partial service failure.

The vulnerability of the Enterprise Manager Install component of the Enterprise Manager Base Platform exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to read, modify, add, or delete data, or cause...

CVE-2022-35293

Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation, an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application...

The vulnerability of the Filesystem component in Oracle Solaris allows a perpetrator to gain access to read, modify, or delete data, or to cause a service failure.

The vulnerability of the Filesystem component in Oracle Solaris relates to insecure management of privileges. Exploiting this vulnerability can allow an attacker, operating remotely, to gain read, modify, or delete access to data, or cause service failures...

The vulnerability of the SAP Business Objects Business Intelligence Platform, related to improper authorization, allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the SAP Business Objects Business Intelligence Platform is related to improper authorization. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to modify, add, or delete data...

OpenJDK: URI parsing inconsistencies (JNDI, 8278972)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

The vulnerability of the TLS and SSL protocols used by Cisco Nexus Dashboard for analyzing and automating cloud network operations stems from errors in the certificate validation process. This allows attackers to access confidential information or alter data.

The vulnerability of the TLS and SSL protocols used in Cisco Nexus Dashboard, a platform for analytics and automation of cloud network operations, is related to errors in the certificate validation process. Exploiting this vulnerability can allow an attacker to gain access to confidential...

OpenJDK: random exponentials issue (Libraries, 8283875)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated...

OpenJDK: random exponentials issue (Libraries, 8283875)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated...

OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to...

PT-2022-19116 · Hewlett Packard · Hpe Integrated Lights-Out 5 +1

Name of the Vulnerable Software and Affected Versions: HPE Integrated Lights-Out 5 iLO 5 versions prior to 2.71 Description: A local arbitrary code execution issue was discovered, allowing an unprivileged user to execute arbitrary code, resulting in a complete loss of confidentiality, integrity,...

Shell component vulnerability: The GUI client for developers and database administrators, Oracle MySQL Shell for VS Code, allows an attacker to gain access to read, modify, or delete data.

Shell component vulnerability: The GUI client for developers and database administrators, Oracle MySQL Shell for VS Code, has a vulnerability related to insecure privilege management. Exploiting this vulnerability can allow an attacker to gain read, modify, or delete access to data...

OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to...

OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to...

CVE-2022-2138

The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition...

CVE-2022-2138

CV E-2022-2138 (Advantech iView) is documented with missing authentication allowing an attacker to read/modify sensitive data and potentially execute arbitrary code, leading to a denial-of-service condition. The core issue is an authentication bypass that affects the affected product (Advantech i...