CVE-2021-1365

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted...

CVE-2021-1363 Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted...

The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing online stores, allows a hacker to gain access to modify, add, or delete data, or to gain full control over the application.

The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing online stores, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data, o...

The vulnerability of the Oracle Database - Enterprise Edition Unified Audit component of the Oracle Database Server system allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Oracle Database - Enterprise Edition Unified Audit component of the Oracle Database Server system is related to access boundary deficiencies. Exploiting this vulnerability can allow an attacker to gain access to modify, add, or delete data using the Oracle Net network...

The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing online stores, allows a hacker to gain access to modify, add, or delete data, or to gain full control over the application.

The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing online stores, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data, o...

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to modify, add, or delete data...

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to modify, add, or delete data...

The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing online stores, allows a hacker to gain access to modify, add, or delete data, or to gain full control over the application.

The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing online stores, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data, o...

The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing online stores, allows a hacker to gain access to modify, add, or delete data, or to gain full control over the application.

The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing online stores, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data, o...

OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (Libraries, 8249906)

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2...

PT-2021-2826 · Cisco · Cisco Firepower Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: The issue is related to insufficient validation of user-supplied input by the web-based management interface, which could allow an unauthenticated,...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).

...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

...

Authorization Bypass

virtualbox is vulnerable to authorization bypass. A local non-authenticated attacker is able to perform unauthorized data modification due to improper input validation within the Core component...

CVE-2021-2314

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: Profiles. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2021-2316

Vulnerability in the Oracle HRMS France product of Oracle E-Business Suite component: French HR. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle HRMS France. Successful attack...

CVE-2021-2315

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Web Listener. Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2021-2294

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIO...