The vulnerability of the Security component of the Oracle AutoVue data visualization application allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Security component of the Oracle AutoVue data visualization application is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to modify, add, or delete data using the HTTP protocol...

The vulnerability of the Popups component of the Oracle Applications Framework software platform allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Popups component in the Oracle Applications Framework exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, or to gain unauthorized access to protected information...

The vulnerabilities of Adobe Acrobat and Adobe Reader PDF viewer/editor programs, related to data conversion errors, allow attackers to execute arbitrary code.

The vulnerability of Adobe Acrobat and Adobe Reader PDF viewer/editor programs is related to data conversion errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created HTML file...

The vulnerability of the Investor Module component of the Primavera Portfolio Management software, a software solution for automating management processes in production operations, allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Investor Module component of Primavera Portfolio Management software exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, or gain unauthorized access to protected...

The vulnerability of the Oracle Security Service software, which arises due to insufficient validation of input data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Oracle Security Service software exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information using the HTTPS protocol...

The vulnerabilities of Adobe Acrobat and Adobe Reader PDF viewer/editor programs, related to data conversion errors, allow attackers to execute arbitrary code.

The vulnerability of Adobe Acrobat and Adobe Reader PDF viewer/editor programs is related to data conversion errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created HTML file...

The vulnerability of the Web Access component of the Primavera Portfolio Management software allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Web Access component of Primavera Portfolio Management software exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to modify, add, or delete data, or to gain unauthorized access to protected...

The vulnerability of the sub-component of the Dynamo Application Framework within the component of the Oracle Commerce Platform of the e-commerce platform Oracle Commerce allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the sub-component of the Dynamo Application Framework within the Oracle Commerce Platform of the e-commerce platform Oracle Commerce exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to remotely access and modify,...

The vulnerability of the SWSE Server component of the Siebel UI Framework allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the SWSE Server component of the Siebel UI Framework is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, or to gain unauthorized access to protected information using the HTTP...

CVE-2020-9743

AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An...

chromium-browser: Insufficient policy enforcement in intent handling

Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests

A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from...

The vulnerability of the Squid proxy server, related to the failure to handle CRLF sequences in HTTP headers, allows attackers to inject arbitrary HTTP headers.

The vulnerability of the Squid proxy server is related to the failure to handle CRLF sequences in HTTP headers. Exploiting this vulnerability allows a remote attacker to inject arbitrary HTTP headers...

chromium-browser: Use after free in ANGLE

Use after free in ANGLE in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2020-8189

A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html including local links when responding with invalid data on the login attempt...

UBUNTU-CVE-2020-14201

Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code...

The vulnerability of the WordPress website content management system lies in the lack of measures to eliminate script-related HTML tags on web pages, allowing attackers to compromise data integrity.

The vulnerability of the WordPress website content management system is related to the failure to remove script-related HTML tags from web pages. Exploiting this vulnerability allows a malicious actor to compromise data integrity...

Ubiquiti Networks EdgeSwitch Operating System Command Injection Vulnerability

The Ubiquiti Networks EdgeSwitch is a Gigabit network switch device from Ubiquiti Networks, Inc. A command injection vulnerability exists in the Ubiquiti Networks EdgeSwitch using firmware version v1.9.0. The vulnerability can be exploited to execute arbitrary shell commands with elevated...

DeepService Endpoint Monitoring Response Platform (EDR) Remote Command Execution Vulnerability

DeepTrust terminal detection and response platform EDR can help users quickly dispose of terminal security problems through cloud-network-terminal linkage and collaboration, threat intelligence sharing, and multi-level response mechanism, and build a next-generation terminal security system that ...

The vulnerability of the Infrastructure component of the Oracle FLEXCUBE Investor Servicing financial management software lies in insufficient validation of input data. This allows an attacker to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the Infrastructure component of the Oracle FLEXCUBE Investor Servicing financial management software lies in insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information ...