CVE-2023-22055

CVE-2023-22055 affects Oracle JD Edwards EnterpriseOne Tools, Web Runtime SEC. Vulnerable in versions prior to 9.2.7.4; attacker with network access over HTTP can compromise JD Edwards EnterpriseOne Tools, with attacks requiring user interaction. Consequences include unauthorized updates/inserts/...

CVE-2023-22040

CVE-2023-22040 (Oracle WebLogic Server Core) affects Oracle WebLogic Server within Oracle Fusion Middleware. The publicly documented impact: on affected versions 12.2.1.4.0 and 14.1.1.0.0, a high-privileged attacker with network access via multiple protocols can compromise the server, potentially...

CVE-2023-22008

CVE-2023-22008 affects Oracle MySQL Server (InnoDB) with vulnerable versions 8.0.33 and earlier. An attacker with network access through multiple protocols and high privileges can cause a hang or frequent crash (DoS) of MySQL Server (CVSS 4.9, AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Connected sourc...

CVE-2023-22007

CVE-2023-22007 affects Oracle MySQL Server (Server: Replication). Affected versions are 5.7.41 and earlier, and 8.0.32 and earlier. The vulnerability allows a high-privilege attacker with network access via multiple protocols to cause a hang or frequent crashes (DoS) of MySQL Server. The CVSS 3.1...

CVE-2023-21994

CVE-2023-21994 affects Oracle Fusion Middleware’s Oracle Mobile Security Suite (Android Mobile Authenticator App). Affected versions are prior to 11.1.2.3.1. The issue allows an unauthenticated attacker with access to the hardware’s physical communication segment to compromise the Mobile Security...

CVE-2023-21974

The CVE-2023-21974 entry maps to Oracle Application Express Team Calendar Plugin (versions 18.2–22.1). The vulnerability stems from insufficient input validation in the plugin’s User Account component, allowing a low-privileged attacker with network access via HTTP to compromise the plugin, with ...

virtualbox-ose -- multiple vulnerabilities

[email protected] reports: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructur...

CVE-2023-36836 Junos OS and Junos OS Evolved: In a MoFRR scenario an rpd core may be observed when a low privileged CLI command is executed

A Use of an Uninitialized Resource vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial of Service DoS. On all Junos OS and Junos OS Evolved platforms, in a Multicast only Fa...

Attacker can force users to delegate to SPONSORSHIP_ADDRESS

Lines of code Vulnerability details Impact An attacker can change the delegatee of a user who deposited into the vault to the SPONSORSHIPADDRESS address by calling one of the functions sponsor or sponsorWithPermit and giving the address of the user as receiver. The impact of this issue is that th...

CVE-2023-3600

The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash...

RSEC-2023-0 Out-of-bounds write and stack based buffer overflow vulnerabilities

The readxl R package, versions 0.1.0 to 1.0.0, is vulnerable to multiple attack vectors due to the underlying use of the libxls library. Several exploitable vulnerabilities have been identified in different functions of libxls versions 1.3.4 and 1.4. These include out-of-bounds write and stack...

Microsoft SharePoint Server Remote Code Execution Vulnerability (CNVD-2023-72198)

Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code...

CVE-2023-3600

During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This vulnerability affects Firefox 115.0.2, Firefox ESR 115.0.2, and Thunderbird 115.0.1...

CVE-2023-3600

During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This vulnerability affects Firefox 115.0.2, Firefox ESR 115.0.2, and Thunderbird 115.0.1...

Design/Logic Flaw

During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox 115.0.2, Firefox ESR 115.0.2, and Thunderbird 115.0.1...

CVE-2023-3600

During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox 115.0.2, Firefox ESR 115.0.2, and Thunderbird 115.0.1...

CVE-2023-3600 Use-after-free in workers

During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This vulnerability affects Firefox 115.0.2, Firefox ESR 115.0.2, and Thunderbird 115.0.1...

CVE-2023-3600

During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This vulnerability affects Firefox 115.0.2, Firefox ESR 115.0.2, and Thunderbird 115.0.1...

CVE-2023-3600

During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This vulnerability affects Firefox 115.0.2, Firefox ESR 115.0.2, and Thunderbird 115.0.1...

Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from...