PT-2025-26647 · 70Mai · 70Mai 1S

Name of the Vulnerable Software and Affected Versions: 70mai 1S up to 20250611 Description: A problematic issue has been found in the Video Services component, leading to improper authentication. This issue requires access to the local network to be exploited, has a high complexity, and is...

Bundled JRE Dependency in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.9.0, 8.19.0, and 9.2.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to expose assets in your environment susceptible...

CVE-2024-5907

CVE-2024-5907 concerns a local privilege-escalation in the Windows Cortex XDR Agent by Palo Alto Networks. The vulnerability arises in the agent’s handling of certain timing races, requiring a local user to exploit a race condition to execute programs with elevated privileges. Exploitation is des...

Amazon Linux 2023 : java-22-amazon-corretto, java-22-amazon-corretto-devel, java-22-amazon-corretto-headless (ALAS2023-2024-601)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-601 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java...

CVE-2024-20968

Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server...

CentOS 7 : java-11-openjdk (RHSA-2023:1875)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1875 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affecte...

CVE-2023-21938

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...

K26555255: Multiple Java vulnerabilities CVE-2020-2781, CVE-2020-2800, CVE-2020-2803, CVE-2020-2805, CVE-2020-2830

Security Advisory Description CVE-2020-2781 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated...

K16496491: Multiple Java vulnerabilities

Security Advisory Description CVE-2020-2754 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated...

Oracle OpenJDK Vulnerability (CVE-2023-21843)

Oracle OpenJDK is prone to a vulnerability in the sound component. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:openjdk...

Denial Of Service (Dos)

mysql is vulnerable to denial of service. A difficult to exploit vulnerability allows a high privileged attacker to crash the server...

Denial Of Service (Dos)

mysql is vulnerable to denial of service. A difficult to exploit vulnerability allows a high privileged attacker to crash the server...

Solaris 10 (sparc) : 119783-32

Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Bind/Postinstall script for Bind package. The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component o...

Solaris 10 (sparc) : 119783-40

Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Bind/Postinstall script for Bind package. The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component o...

Potential persistent xss in fixCaseInNotifications.jsp

There is a difficult to exploit XSS in fixCaseInNotifications.jsp. We could not get it to trigger, but there are some scenarios where unescaped data can be displayed through fix method correctName, userNameToFix. The relevant code is as follows: code NotificationCaseFixer caseFixer = new...