CVE-2024-21045

CVE-2024-21045 affects Oracle E-Business Suite, specifically the LOV component in the Complex Maintenance, Repair, and Overhaul product. Affected: EBS versions 12.2.3–12.2.13. Root cause: insufficient input validation in LOV allows an unauthenticated attacker with network access via HTTP to compr...

CVE-2024-21040

CVE-2024-21040 affects Oracle E-Business Suite, specifically the LOV component in Oracle Complex Maintenance, Repair, and Overhaul (12.2.3–12.2.13). The issue allows an unauthenticated attacker with network access over HTTP to read and modify data, with human interaction required for exploitation...

CVE-2024-21031

The CVE-2024-21031 entry concerns Oracle E-Business Suite, Oracle Complex Maintenance, Repair, and Overhaul LOV component. Affected versions are 12.2.3–12.2.13. The issue allows an unauthenticated attacker with network access over HTTP to compromise data after user interaction, potentially enabli...

CVE-2024-21021

CVE-2024-21021 affects Oracle E-Business Suite, specifically the LOV component in the Complex Maintenance, Repair, and Overhaul module. Affected versions are 12.2.3–12.2.13. The vulnerability is exploitable over HTTP by an unauthenticated attacker and, though it requires user interaction, can lea...

CVE-2024-21018

CVE-2024-21018 affects Oracle E-Business Suite, specifically the Oracle Complex Maintenance, Repair, and Overhaul (LOV) component. Affected versions are 12.2.3–12.2.13. The issue allows an unauthenticated attacker with network access via HTTP, with required human interaction, to compromise LOV an...

CVE-2024-21019

The CVE-2024-21019 issue affects Oracle E-Business Suite, specifically the Complex Maintenance, Repair, and Overhaul (LOV) component, with affected versions 12.2.3–12.2.13. The vulnerability allows an unauthenticated attacker, with network access over HTTP, to compromise data confidentiality and ...

CVE-2024-21015

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.34 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2024-21011

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracl...

CVE-2024-20993

CVE-2024-20993 affects Oracle MySQL Server, specifically the Optimizer component. Affected versions are MySQL 8.0.35 and earlier and 8.2.0 and earlier. The vulnerability is exploitable by an attacker with network access via multiple protocols and is described as capable of causing a hang or a fre...

GHSA-W5W5-8VFH-XCJQ whoami stack buffer overflow on several Unix platforms

With versions of the whoami crate = 0.5.3 and = 0.5.3 and 1.0.1, calling any of the above functions also leads to a stack buffer overflow on these platforms: - Bitrig - DragonFlyBSD - FreeBSD - NetBSD - OpenBSD This occurs because of an incorrect definition of the passwd struct on those platforms...

CVE-2023-38709

CVE-2023-38709 describes HTTP response splitting in the core of Apache HTTP Server caused by faulty input validation. It affects Apache HTTP Server up to version 2.4.58; multiple advisories (e.g., Astra Linux, AlmaLinux, Alpine Linux) note that upgrading to 2.4.64 fixes the issue. Some sources in...

IOSIX IO-1020 Micro ELD

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION : Exploitable from adjacent network/Low attack complexity Vendor : IOSiX Equipment : IO-1020 Micro ELD Vulnerabilities : Use of Default Credentials, Download of Code Without Integrity Check 2. RISK EVALUATION Successful exploitation of these...

AutomationDirect C-MORE EA9 HMI

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : AutomationDirect Equipment : C-MORE EA9 HMI Vulnerabilities : Path Traversal, Stack-Based Buffer Overflow, Plaintext Storage of a Password 2. RISK EVALUATION Successful exploitation of these...

RHEL 9 : firefox (RHSA-2024:1483)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1483 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

CVE-2024-27933

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in opnodeipcpipe leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Node childproce...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-1296)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SWFTools Denial of Service Vulnerability (CNVD-2024-37468)

SWFTools is a set of utilities for working with Adobe Flash files SWF files. A denial of service vulnerability exists in SWFTools version v0.9.2, which stems from an overlapping strcpy parameter in component /home/swftools/src/swfc+0x448318a. An attacker can exploit this vulnerability to cause a...

K000138851: OpenJDK vulnerabilities CVE-2024-20921, CVE-2024-20926, and CVE-2024-20932

Security Advisory Description CVE-2024-20921 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle...

Jenkins iceScrum Plugin vulnerable to stored Cross-site Scripting

Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...

GHSA-5J5R-6MV9-M255 Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting

Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure Build Monitor Views...