CVE-2020-14576

CVE-2020-14576 affects Oracle MySQL Server (component: Server: UDF). Affected versions are MySQL 5.7.30 and earlier, and 8.0.20 and earlier. The vulnerability enables a low-privilege, network-access attacker to cause a hang or frequent crashes (complete DoS) via multiple protocols. The CVSS3.1 ba...

CVE-2020-14586

CVE-2020-14586 affects Oracle MySQL Server (Server: Security: Privileges). Affected: MySQL 8.0.20 and earlier. Consequence: a high-privilege attacker with network access via multiple protocols can cause the server to hang or crash (complete DoS). Exploit details, affected subcomponents, versions ...

CVE-2020-14567

CVE-2020-14567 affects MySQL Server (Replication) and can be exploited over the network by a high-privilege attacker to cause a complete DoS via hangs/crashes. Public sources in connected docs confirm the issue across multiple distributions and indicate patches exist; applying vendor advisories/u...

CVE-2020-14561

CVE-2020-14561 affects Oracle Hospitality Reporting and Analytics (Installation component) in version 9.1.0. The advisory indicates a local, low-privilege attack requiring user interaction that could lead to takeover of Oracle Hospitality Reporting and Analytics (CVSS 3.1 base score 7.3). Connect...

CVE-2020-14555

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite component: Marketing Administration. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...

CVE-2020-14568

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

CVE-2020-14558

CVE-2020-14558 affects Oracle PeopleSoft Enterprise PeopleTools (Portal) with affected versions 8.56, 8.57 and 8.58. The vulnerability allows an unauthenticated attacker over HTTP to read a subset of PeopleTools data. Root cause and exact vulnerable component are described consistently across mul...

CVE-2020-14547

CVE-2020-14547 affects Oracle MySQL Server, component Server: Optimizer. Affected versions include MySQL 5.7.30 and earlier and 8.0.20 and earlier. The vulnerability permits network-accessed exploitation by a high-privileged attacker to cause a hang or frequent, repeatable crashes (DOS) of MySQL ...

CVE-2020-14543

Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications component: Installation. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle...

CVE-2020-14547

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

CVE-2020-14529

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering component: Investor Module. Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network...

CVE-2020-14593

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: 2D. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

CVE-2020-2978

CVE-2020-2978 affects Oracle Database - Enterprise Edition; vulnerable in versions 12.1.0.2, 12.2.0.1, 18c, 19c. The connected material indicates the issue relates to RMAN auditing: Oracle RMAN Missing Auditing for Point‑In‑Time Recovery, enabling limited visibility of certain RMAN operations. Th...

CVE-2020-2978

Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracl...

Oracle Primavera Unifier Multiple Vulnerabilities (Jul 2020 CPU)

According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.1.x or 16.2.x prior to 16.2.16.2, or 17.7.x through 17.12.x prior to 17.12.11.4, or 18.8.x prior to 18.8.17, or 19.12.x prior to 19.12.7. It is, therefore, affected by...

Mozilla: Use-after-free in nsGlobalWindowInner

The Mozilla Foundation Security Advisory describes this flaw as: When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash...

Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64

The Mozilla Foundation Security Advisory describes this flaw as: Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash...

Mozilla: Use-after-free in nsGlobalWindowInner

The Mozilla Foundation Security Advisory describes this flaw as: When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash...

Siemens Opcenter Execution Core (Update B)

1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Opcenter Execution Core --------- Begin Update B Part 1 of 5 --------- Vulnerabilities: Cross-site Scripting, SQL Injection, Improper Access Control, Insufficiently Protected...

Siemens SIMATIC HMI Panels

1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC HMI Panels Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...