Azure File Sync Agent v16.2 Release – February 2024 (KB5023052)

Security update for Azure File Sync agent version 16.2.0.0. For more details, see the associated Microsoft Knowledge Base article...

The vulnerability of the Setup sub-component, part of the Admin component in Oracle Knowledge Management, a system for automating business processes within the Oracle E-Business Suite, allows an attacker to gain access to read, modify, add, or delete data.

The vulnerability of the Setup sub-component and the Admin component of Oracle Knowledge Management, a system for automating business processes within the Oracle E-Business Suite, exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating...

Nemesis - An Offensive Data Enrichment Pipeline

Nemesis is an offensive data enrichment pipeline and operator support system. Built on Kubernetes with scale in mind, our goal with Nemesis was to create a centralized data processing platform that ingests data produced during offensive security assessments. Nemesis aims to automate a number of...

WordPress Knowledge Base for Documentation, FAQs with AI Assistance Plugin <= 11.30.2 is vulnerable to PHP Object Injection

Software Knowledge Base for Documentation, FAQs with AI Assistance Type Plugin Vulnerable versions = 11.30.2 Fixed in 11.31.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-24842 Patch priority High CVSS severity High 8.7 Developer Claim ownership PSID 6e74033eecde...

The vulnerability of the Setup sub-component, part of the Admin component in Oracle Knowledge Management, a system for automating business processes within the Oracle E-Business Suite, allows an attacker to gain access to read, modify, add, or delete data.

The vulnerability of the Setup sub-component and the Admin component of Oracle Knowledge Management, a system for automating business processes within the Oracle E-Business Suite, exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating...

The vulnerability of sub-components of the Create, Update, Authoring Flow component of the Oracle Knowledge Management component of the Oracle E-Business Suite allows a malicious actor to gain access to read, modify, add, or delete data.

The vulnerability of the Create, Update, Authoring, and Flow components of the Oracle Knowledge Management component within the Oracle E-Business Suite exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to...

Vulnerabilities fixed in Oracle E-Business Suite

Oracle has fixed vulnerabilities in E-Business suite and components. A malicious party could exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Access to sensitive data Oracle...

Oracle E-Business Suite Security Vulnerability

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle Knowledge...

CVE-2024-20948

Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite component: Setup, Admin. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge...

CVE-2024-20948

Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite component: Setup, Admin. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge...

CVE-2024-20940

Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite component: Create, Update, Authoring Flow. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...

CVE-2024-20940

Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite component: Create, Update, Authoring Flow. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...

Design/Logic Flaw

Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite component: Setup, Admin. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge...

Code injection

Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite component: Create, Update, Authoring Flow. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...

CVE-2024-20948

CVE-2024-20948 affects Oracle E-Business Suite, Oracle Knowledge Management (Setup, Admin) in versions 12.2.3–12.2.13. An unauthenticated, network-accessible attacker (HTTP) can exploit via Oracle Knowledge Management, with user interaction required, to perform unauthorized updates, inserts, dele...

CVE-2024-20940

The CVE-2024-20940 entry concerns Oracle E-Business Suite’s Knowledge Management component (Create/Update/Authoring Flow). Affected versions are 12.2.3–12.2.13; the issue is exploitable over HTTP with network access and unauthenticated access, requiring user interaction, and may lead to unauthori...

Breaking unlinkability in Identity Mixer using malicious keys

CL Signatures Issuer Key Correctness Proof lacks of prime strength checking A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key ...

Oracle E-Business Suite Security Vulnerability

Oracle E-Business Suite E-Business Suite is the United States Oracle Oracle company's set of fully integrated global business management software. The software provides customer relationship management, service management, financial management, etc. Knowledge Management is one of the knowledge...

PT-2024-1535 · Oracle · Oracle E-Business Suite

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue exists due to insufficient input validation in the Setup, Admin component of the Oracle Knowledge Management system. This can allow a remote attacker to gain read,...

Oracle E-Business Suite Security Vulnerability

Oracle E-Business Suite E-Business Suite is the United States Oracle Oracle company's set of fully integrated global business management software. The software provides customer relationship management, service management, financial management, etc. Knowledge Management is one of the knowledge...