35 matches found
EUVD-2017-2015
Malware in sbrugna...
CVE-2024-21024
CVE-2024-21024 affects Oracle E-Business Suite, specifically the LOV component in Oracle Complex Maintenance, Repair, and Overhaul. Affected versions are 12.2.3–12.2.13. The issue stems from insufficient input validation in LOV, allowing a remote, unauthenticated attacker with network access via ...
Unpatched Critical Flaws Disclosed in U-Boot Bootloader for Embedded Devices
Cybersecurity researchers have disclosed two unpatched security vulnerabilities in the open-source U-Boot boot loader. The issues, which were uncovered in the IP defragmentation algorithm implemented in U-Boot by NCC Group, could be abused to achieve arbitrary out-of-bounds write and...
CVE-2022-21296
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...
JTEKT TOYOPUC PLC
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: JTEKT Corporation Equipment: TOYOPUC PLC Vulnerability : Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this...
CVE-2021-2032
Vulnerability in the MySQL Server product of Oracle MySQL component: Information Schema. Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...
CVE-2020-14567
CVE-2020-14567 affects MySQL Server (Replication) and can be exploited over the network by a high-privilege attacker to cause a complete DoS via hangs/crashes. Public sources in connected docs confirm the issue across multiple distributions and indicate patches exist; applying vendor advisories/u...
CVE-2019-2791
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Audit Plug-in. Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromis...
MySQL -- Multiple vulerabilities
Oracle reports: This Critical Patch Update contains 45 new security fixes for Oracle MySQL. 4 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...
CVE-2019-2665
Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite subcomponent: CRM User Management Framework. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker wi...
Design/Logic Flaw
Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker...
CVE-2017-3399
Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with...
java -- multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 25 new security fixes for Oracle Java SE. 24 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password...
Re: [oss-security] CVE-2014-6271: remote code execution through bash
On Wed, Sep 24, 2014 at 04:05:51PM +0200, Florian Weimer wrote: Stephane Chazelas discovered a vulnerability in bash, related to how environment variables are processed: trailing code in function definitions was executed, independent of the variable name. In many common configurations, this...
GNU Bash shell executes commands in exported functions in environment variables
Overview GNU Bash 4.3 and earlier contains a command injection vulnerability that may allow remote code execution. Description UPDATE: New CVE-IDs added for incomplete patches. Additional resources added and vendor patch information updated.CWE-78: OS Command Injection Bash supports exporting of...
Debian DSA-3032-1 : bash - security update
Stephane Chazelas discovered a vulnerability in bash, the GNU Bourne-Again Shell, related to how environment variables are processed. In many common configurations, this vulnerability is exploitable over the network, especially if bash has been configured as the system shell. %NASLMINLEVEL 70300 ...
[CVE-2013-2612] Huawei E587 3G Mobile Hotspot Command Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-2612 Huawei E587 3G Mobile Hotspot Command Injection Summary: Huawei E587 3G Mobile Hotspot, version 11.203.27, is prone to a command injection vulnerability in the Web UI. Successful exploitation allows unauthenticated attackers to execute...
Huawei E587 3G Mobile Hotspot Web UI Cross Site Scripting vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Huawei E587 3G Mobile Hotspot Web UI Cross Site Scripting vulnerability Summary: Huawei E587 3G Mobile Hotspot, version 11.203.27, is prone to a XSS vulnerability in the Web UI. A specialy crafted SMS can bypass the function used to sanitize incoming...
Huawei E587 3G Mobile Hotspot Command Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-2612 Huawei E587 3G Mobile Hotspot Command Injection Summary: Huawei E587 3G Mobile Hotspot, version 11.203.27, is prone to a command injection vulnerability in the Web UI. Successful exploitation allows unauthenticated attackers to execute...
Foscam Firmware 11.37.2.48 Path Traversal
CVE-REQUEST Foscam = 11.37.2.48 path traversal vulnerability Summary: Foscam firmware = 11.37.2.48 is prone to a path traversal vulnerability in the embedded web interface. The unauthenticated attacker can access to the entire filesystem and steal web & wifi credentials. Details: GET...