The vulnerability of the Java VM component of the Oracle Database Server management system allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the Java VM component of the Oracle Database Server management system is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to remotely gain access to modify, add, or delete data through various network protocols...

The vulnerability of the RDBMS Gateway/Generic ODBC Connectivity component of the Oracle Database Server allows a hacker to gain access to read data or to modify, add, or delete data.

The vulnerability of the RDBMS Gateway/Generic ODBC Connectivity component of the Oracle Database Server exists due to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to gain read access to data, or to modify, add, or delete data using network packe...

The vulnerability of the Libraries component of the Oracle GraalVM Enterprise Edition virtual machine allows a hacker to modify data.

The vulnerability of the Libraries component in the Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to modify, add, or delete data using network packet...

The vulnerability of the InnoDB component of the MySQL Database Server allows a hacker to gain access to modify, add, or delete data, or to cause the system to crash.

The vulnerability of the InnoDB component of the MySQL Database Server exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to gain access to modify, add, or delete data, or to cause the system to terminate abnormally via network packets...

Vulnerability of the MySQL Server component: The Optimizer component of the MySQL database management system allows a hacker to gain unauthorized access to modify, add, or delete data, or to cause service failures.

The vulnerability of the MySQL Server component involves insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to modify, add, or delete data, or to cause a service failure using the MySQL network protocol...

Vulnerability of the MySQL Server component: The Optimizer component of the MySQL database management system allows a hacker to gain unauthorized access to modify, add, or delete data, or to cause service failures.

The vulnerability of the MySQL Server component involves insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to modify, add, or delete data, or to cause a service failure using the MySQL network protocol...

Vulnerability of the MySQL Server component: The Optimizer component of the MySQL database management system allows a hacker to gain unauthorized access to modify, add, or delete data, or to cause service failures.

The vulnerability of the MySQL Server component involves insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to modify, add, or delete data, or to cause a service failure using the MySQL network protocol...

CVE-2022-1434

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

CVE-2022-20742

A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel. This vulnerability is due to an improper implementatio...

CVE-2022-20742

Cisco ASA Software and Firepower Threat Defense (FTD) Software contain an IPsec IKEv2 VPN information disclosure vulnerability (CVE-2022-20742) due to improper GCM cipher implementation. An unauthenticated, remote attacker in a man-in-the-middle position can intercept encrypted messages across an...

UBUNTU-CVE-2022-1434

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

OpenSSL 加密问题漏洞

OpenSSL is an open source general-purpose cryptographic library from the Openssl team capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. The product supports multiple encryption algorithms, including symmetric ciphers, hashing algorithms, secure...

CVE-2022-1371

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in ReadRegf. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

GHSA-R5CJ-WV24-92P5 Django cross-site request forgery (CSRF) vulnerability

The administration application in Django 0.91.x, 0.95.x, and 0.96.x stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery CSRF attacks and delete or modify data via unspecified...

Django cross-site request forgery (CSRF) vulnerability

The administration application in Django 0.91.x, 0.95.x, and 0.96.x stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery CSRF attacks and delete or modify data via unspecified...

Oracle Solaris Input Validation Error Vulnerability (CNVD-2022-36946)

Oracle Solaris is a UNIX operating system from Oracle. A security vulnerability in Oracle Systems' Oracle Solaris product could allow an unauthenticated attacker to compromise Oracle Solaris by accessing the network via multiple protocols, which could be exploited by an attacker to potentially...

Oracle Solaris Input Validation Error Vulnerability (CNVD-2022-36947)

Oracle Solaris is a UNIX operating system from Oracle. A security vulnerability exists in Oracle Systems' Oracle Solaris product that could allow a low-privileged attacker to compromise Oracle Solaris by logging on to the infrastructure that executes Oracle Solaris.The vulnerability could be...

Cisco Unified Communications Manager IM & Presence Service SQLI (cisco-sa-imp-sqlinj-GrpUuQEJ)

A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM Presence Service Unified CM IMP could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted...

OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

OpenJDK: URI parsing inconsistencies (JNDI, 8278972)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...