The vulnerability of the Oracle CRM Technical Foundation component of the Oracle E-Business Suite system, which allows a perpetrator to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the Oracle CRM Technical Foundation component of the Oracle E-Business Suite exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information or to modify, add,...

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a malicious actor to gain read, modify, add, or delete access to data, or to cause a service failure.

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain read, modify, add, or delete access to data, or cause a service failure using the HTTP...

The vulnerability of the E-Business Suite component – XDO, a software tool for creating reports with Oracle BI Publisher – allows an intruder to gain unauthorized access to protected information. This enables the intruder to read, modify, add, or delete data, or to cause service interruptions.

The vulnerability of the E-Business Suite component – XDO, a software tool for creating reports in Oracle BI Publisher – is related to deficiencies in access control. Exploiting this vulnerability could allow an intruder to gain unauthorized access to protected information, read, modify, add, or...

The vulnerability of the Preferences component of the Oracle CRM Technical Foundation system, which allows a perpetrator to gain unauthorized access to protected information or to read, add, or delete data.

The vulnerability of the Preferences component of the Oracle CRM Technical Foundation system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information or to have read, add, or delet...

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.50 and prior 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of MySQL Client accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Client. CVSS 3.1 Base Score 4.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L).

...

IBM Security Guardium SQL Injection Vulnerability (CNVD-2021-05465)

IBM Security Guardium is a comprehensive data protection solution that offers a full range of data security features from compliance support to dynamic data shielding. An SQL injection vulnerability exists in IBM Security Guardium 10.6, 11.2. An attacker can exploit this vulnerability by sending...

QEMU 访问控制错误漏洞

QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. QEMU suffers from an Access Control Error vulnerability that can be exploited by an attacker to bypass access restrictions via virtiofsd in ord...

Oracle Primavera P6 Enterprise Project Portfolio Management (Jan 2021 CPU)

According to its self-reported version number, the Oracle Primavera P6 Enterprise Project Portfolio Management EPPM installation running on the remote web server is 16.2.x through 16.2.20.0, 17.12.x through 17.12.19, 18.8.x through 18.8.21, 19.12.1.x prior to 19.12.10. It is, therefore, affected ...

CVE-2021-1255

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory...

Authorization

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this...

Authorization

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory...

CVE-2021-1255 Cisco Data Center Network Manager REST API Vulnerabilities

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory...

CVE-2021-2131

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

CVE-2021-2129

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

CVE-2021-2117

Vulnerability in the Oracle Application Express Survey Builder component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromi...

CVE-2021-2118

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite component: Marketing Administration. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...

CVE-2021-2113

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications component: On Demand Billing. Supported versions that are affected are 2.9.0.0 and 2.9.0.1. Easily exploitable vulnerability allows low privileged attacker with network...

CVE-2021-2106

Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite component: Outcome-Result. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2021-2107

Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite component: Outcome-Result. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2021-2101

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite component: Print Server. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...