CVE-2020-2742

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ...

CVE-2020-2748

CVE-2020-2748 concerns Oracle VM VirtualBox (Core). Affected are Oracle VirtualBox versions prior to 5.2.40, 6.0.20, and 6.1.6. The vulnerability enables a high-privileged attacker with local logon to the host to compromise VirtualBox, with possible unauthorized read access to a subset of data ex...

CVE-2020-2743

CVE-2020-2743 affects Oracle VM VirtualBox (Core). Affected: VirtualBox versions prior to 5.2.36, 6.0.16, and 6.1.2. Impact per sources: an attacker with local logon can compromise VirtualBox and potentially access high‑confidentiality data; exploitation is described as easily exploitable. Remedi...

CVE-2020-2758

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ...

CVE-2020-2706

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering component: Project Manager. Supported versions that are affected are 16.2.0.0 - 16.2.19.3, 17.12.0.0 - 17.12.17.0, 18.8.0.0 - 18.8.18.0, 19.12.1.0 - 19.12.3.0 and 20.1.0.0 -...

CVE-2020-2514

Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 19.2. Easily exploitable vulnerability allows low privileged attacker having End User Role privilege with network access via HTTPS to compromise Oracle Applicati...

deusto.es Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1142859 Security Researcher Teamhash Helped patch 326 vulnerabilities Received 3 Coordinated Disclosure badges Received 2 recommendations , a holder of 3 badges for responsible and coordinated disclosure, found a security vulnerability affecting deusto.es website and its...

Siemens SIMOTICS, Desigo, APOGEE, and TALON

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: Siemens Equipment: SIMOTICS, Desigo, APOGEE, and TALON Vulnerability: Business Logic Errors 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...

Siemens KTK, SIDOOR, SIMATIC, and SINAMICS (Update D)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens RUGGEDCOM, SCALANCE, SIMATIC, SINEMA (Update B)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment : RUGGEDCOM, SCALANCE, SIMATIC, SINEMA Vulnerabilities: Uncontrolled Resource Consumption, Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to...

MySQL Server -- Multiple vulerabilities

Oracle reports: This Critical Patch Update contains 45 new security patches for Oracle MySQL. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. MariaDB reports 4 of these vulnerabilities exist i...

Oracle Tackles a Massive 405 Bugs for Its April Quarterly Patch Update

Oracle admins are staring down the barrel of a massive quarterly Critical Patch Update that includes 405 patches. Business software giant Oracle Corp. revealed 286 of those vulnerabilities are remotely exploitable across nearly two dozen product lines. Impacted with multiple critical flaws, rated...

rotfiat.com.ar Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1141428 Security Researcher g0bl1nsec Helped patch 3754 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting rotfiat.com.ar website an...

Cross-site Scripting (XSS)

Mozilla Thunderbird is vulnerable to Cross-site Scripting XSS. A malicious web page could cause the execution of Javascript code in such a way that could cause Thunderbird to crash or execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird;...

Remote Code Execution (RCE)

Mozilla Thunderbird is vulnerable to Remote Code Execution RCE. A malicious web page could cause the execution of Javascript code in such a way that could cause Thunderbird to crash or execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird...

CVE-2019-2796

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

CVE-2020-1617

CVE-2020-1617 affects Junos OS on non-AFI/AFT platforms. An improper memory initialization in the packet forwarding architecture can be triggered when a genuine packet is inspected by sFlow through a specific firewall policer, causing a reboot and, after reboot, a core file and another reboot on ...

CVE-2019-9820

A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

CVE-2019-9791

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...

CVE-2019-2529

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols...