CVE-2021-2423

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...

Kaseya VSA SQL注入漏洞

Kaseya VSA is the RMM Remote Monitoring and Management software commonly used by Kaseya's Managed Service Providers MSPs in the United States to manage their customers' networks. A SQL injection vulnerability exists in Kaseya VSA versions prior to 9.5.5, which can be exploited by an attacker to...

CVE-2021-27581

The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter...

CVE-2021-2068

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. Supported versions that are affected are 8.5.4 and 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside...

Wise Care 365 Security Vulnerability

Wise Care 365 is a software for Windows systems used to clean the registry and junk files from the Chinese company Wise Care. A security vulnerability exists in Wise Care 365 version 5.5.4, which originates from the presence of a local denial of service vulnerability that can be exploited by an...

PT-2020-4568 · Oracle · Oracle Business Intelligence Enterprise Edition

Name of the Vulnerable Software and Affected Versions: Oracle Business Intelligence Enterprise Edition versions 5.5.0.0.0, 12.2.1.3.0, 12.2.1.4.0 Description: The issue is related to insufficient input validation in the Installation component of Oracle Business Intelligence Enterprise Edition,...

PT-2020-5779 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.5.2 Description: The issue is related to the is blog installed function in wp-includes/functions.php, which improperly checks if WordPress is already installed. This could allow a remote attacker to perform a new...

CVE-2020-4447

IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 1812...

Atlassian JIRA Server and Data Center Code Issues Vulnerabilities

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is the server version of a defect tracking management system. Atlassian JIRA Server is the server version of a defect tracking management system that is used to track and manage all...

Atlassian JIRA Server and Data Center Cross-Site Scripting Vulnerability

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is the server version of a defect tracking management system. Atlassian JIRA Server is the server version of a defect tracking management system that is used to track and manage all...

Linux kernel buffer overflow vulnerability (CNVD-2020-27235)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the mt76addfragment file in drivers/net/wireless/mediatek/mt76/dma.c in versions of Linux kernel prior to 5.5.10. An attacker can...

vmware_escape

This is an exploit module for VMware Workstation prior to version 12.5.5. The exploit targets a vulnerability in the way VMware handles certain types of memory access, allowing an attacker to execute arbitrary code on the host system. The exploit is designed to be used by an attacker who has gain...

CVE-2016-11052

An issue was discovered on Samsung mobile devices with L5.0/5.1 software. jefree in libQjpeg.so in Qjpeg in Qt 5.5 allows memory corruption via a malformed JPEG file. The Samsung ID is SVE-2015-5110 January 2016...

DEBIAN-CVE-2020-8835

In the Linux kernel 5.5.0 and newer, the bpf verifier kernel/bpf/verifier.c did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the...

F5 Unspecified Vulnerability in BIG-IP and BIG-IQ

F5 BIG-IP and F5 BIG-IQ are both products of F5 Corporation, U.S.A. F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, etc. F5 BIG-IQ is a software-based cloud management solution. The solution supports the...

ALPINE-CVE-2020-0556

Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access...

WPJobBoard Cross-Site Scripting Vulnerability

WPJobBoard is a WordPress job board plugin. A persistent cross-site scripting vulnerability exists in WPJobBoard 5.5.3. The vulnerability can be exploited to execute malicious code via the "Add Job" form...

CVE-2020-2677

Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications component: Login. Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5...

CVE-2019-11497

In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the remote cluster. This...

CVE-2019-2599

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products subcomponent: Pagelet Wizard. Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...