CVE-2020-2543

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...

CVE-2020-2556

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering component: Core. Supported versions that are affected are 16.2.0.0-16.2.19.0, 17.12.0.0-17.12.16.0, 18.8.0.0-18.8.16.0, 19.12.0.0 and 20.1.0.0. Easily exploitable vulnerability...

CVE-2020-2541

Technical details about CVE-2020-2541 are not publicly provided in the supplied documents. Monitor for updates from Oracle advisories and affected vendors for concrete vulnerability information.

CVE-2020-2556

The CVE-2020-2556 issue affects Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Core. Affected versions include 16.2.0.0–16.2.19.0, 17.12.0.0–17.12.16.0, 18.8.0.0–18.8.16.0, 19.12.0.0 and 20.1.0.0. The vulnerability enables a low-privileged attacker with logon access to comprom...

CVE-2020-2557

Oracle Demantra Demand Management (versions 12.2.4–12.2.5.1) is vulnerable due to insufficient access control in the Security component, allowing an unauthenticated attacker with network access over HTTP to compromise data. Successful attacks can result in unauthorized update, insert, or delete o...

CVE-2020-2516

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Materialized View, Create Table privilege with network access via OracleNet...

CVE-2020-2530

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Web Listener. Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2020-2535

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Analytics Server. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP t...

CVE-2020-2540

CVE-2020-2540 concerns Oracle Outside In Technology (Outside In Filters). Connected IBM DOORS Next/Engineering Requirements Management bulletin documents confirm this CVE family is associated with IBM DOORS Next components and outline remediation by upgrading to fixed DOORS Next releases: 7.0 iFi...

CVE-2020-2516

CVE-2020-2516 references a vulnerability in Oracle Database Server’s Core RDBMS component affecting Oracle versions 12.1.0.2, 12.2.0.1, 18c, and 19c. An attacker with Create Materialized View or Create Table privileges and network access via OracleNet could compromise Core RDBMS; exploitation req...

CVE-2015-1850

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not an exploitable issue. Notes: none...

CVE-2015-1850

CVE-2015-1850 entry is rejected and not an active vulnerability; do not use this candidate number.

CVE-2020-2555

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Caching,CacheStore,Invocation. Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 ...

Oracle Ties Previous All-Time Patch High with January Updates

Oracle has patched 334 vulnerabilities across all of its product families in its January 2020 quarterly Critical Patch Update CPU. Out of these, 43 are critical/severe flaws carrying CVSS scores of 9.1 and above. The CPU ties for Oracle’s previous all-time high for number of patches issued, in Ju...

Important: thunderbird

Issue Overview: The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3...

OSIsoft PI Vision

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: OSIsoft LLC Equipment: PI Vision Vulnerabilities: Improper Access Control, Cross-site Request Forgery CSRF, Cross-site Scripting, Inclusion of Sensitive Information in Log Files 2. RISK EVALUATION...

Oracle MySQL Server CVE-2020-2580 Remote Security Vulnerability

Description Oracle MySQL Server is prone to a remote security vulnerability in 'Server: DDL' component. The vulnerability can be exploited over the 'MySQL' protocol. This vulnerability affects the following supported versions: 8.0.17 and prior Technologies Affected Oracle MySQL Server 8.0.11 Orac...

Siemens SINEMA Server

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SINEMA Server Vulnerability: Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with a valid session, with...

CVE-2019-5063

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file...

CVE-2019-17008

When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...