The vulnerability of the SQL component of the Oracle Database Server system allows attackers to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the SQL component of the Oracle Database Server database management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to modify, add, or delete data, or to gain unauthorized access to protected...

The vulnerability of the Mobile Expenses Admin Utilities component of the Oracle Internet Expenses application allows a malicious individual to gain access to modify, add, or delete data.

The vulnerability of the Mobile Expenses Admin Utilities component of the Oracle Internet Expenses application relates to insufficient validation of entered data. Exploiting this vulnerability could allow an attacker to gain access to the ability to modify, add, or delete data...

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to modify, add, or delete data...

openSUSE Security Update : perl-YAML-LibYAML (openSUSE-2020-1093)

This update for perl-YAML-LibYAML fixes the following issues : perl-YAML-LibYAML was updated to 0.69: bsc1173703 - Security fix: Add $LoadBlessed option to turn on/off loading objects: Default is set to true. Note that, the behavior is unchanged. - Clarify documentation about exported functions -...

Advantech iView SQL Injection Vulnerability

Advantech iView is a device management application from Advantech. A SQL injection vulnerability exists in Advantech iView 5.6 and prior versions. An attacker can exploit this vulnerability to obtain user credentials, read or modify information, and execute code...

CVE-2020-10606

In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion, or modification if the local computer also processes PI System data from other...

CVE-2020-10610

In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or...

CVE-2020-10606

CVE-2020-10606 affects OSIsoft PI System (multiple products/versions). The issue is incorrect default permissions that allow a local attacker to access and potentially disclose, delete, or modify data if the machine processes PI System data from multiple users (e.g., shared workstations/terminal ...

SUSE-SU-2020:2025-1 Security update for perl-YAML-LibYAML

This update for perl-YAML-LibYAML fixes the following issues: perl-YAML-LibYAML was updated to 0.69: bsc1173703 Security fix: Add $LoadBlessed option to turn on/off loading objects: Default is set to true. Note that, the behavior is unchanged. Clarify documentation about exported functions Dump w...

OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

OpenJDK: Incomplete interface type checks in Graal compiler (Hotspot, 8236867)

Vulnerability in the Java SE product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks o...

OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

Microsoft Windows ALPC Elevation of Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A security vulnerability exists in Microsoft Windows ALPC, which arises from a program tha...

OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

OpenJDK: Incomplete interface type checks in Graal compiler (Hotspot, 8236867)

Vulnerability in the Java SE product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks o...

OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: 2D. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

Unspecified Vulnerability in Oracle Fusion Middleware WebLogic Server (CNVD-2020-43738 )

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle. The platform provides middleware, software collection, etc. WebLogic Server is one of the application server components for cloud and traditional...

Unspecified Vulnerability in Oracle Supply Chain Configurator

Oracle Supply Chain Products Suite is a set of supply chain solutions from Oracle. The product provides value chain planning, value chain execution, product lifecycle management and other functions. configurator is one of the integrated order management, quoting and sales configuration components...