UBUNTU-CVE-2020-2754

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

CVE-2020-2959

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via MLD to compromise Orac...

CVE-2020-2779

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2020-2754

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

CVE-2019-2697

Vulnerability in the Java SE component of Oracle Java SE subcomponent: 2D. Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of...

Code injection

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic...

CVE-2019-19613

An issue was discovered in Halvotec RaQuest 10.23.10801.0. The login page of the admin application is vulnerable to an Open Redirect attack allowing an attacker to redirect a user to a malicious site after authentication. The attacker needs to be on the same network to modify the victim's request...

CVE-2020-5532

ilbo App ilbo App for Android prior to version 1.1.8 and ilbo App for iOS prior to version 1.2.01 allows an attacker on the same network segment to bypass authentication and to view the images which were recorded by the other ilbo user's device via unspecified vectors...

OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols...

OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols...

CVE-2019-13321

This vulnerability allows network adjacent attackers to execute arbitrary code on affected installations of Xiaomi Browser Prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must connect to a malicious access point. The specific flaw exists within the...

CVE-2020-7217

CVE-2020-7217 affects openSUSE wicked up to version 0.6.55 and earlier, caused by a memory leak in ni_dhcp4_fsm_process_dhcp4_packet when processing DHCP4 packets with a different client-id. This can enable a network attacker to cause a denial of service. Public sources (SUSE advisories and relat...

kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver

A vulnerability was found in the Linux kernel's Marvell WiFi chip driver. Where, while parsing vendor-specific informational attributes, an attacker on the same WiFi physical network segment could cause a system crash, resulting in a denial of service, or potentially execute arbitrary code. This...

CVE-2018-2612

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

Oracle PeopleSoft Enterprise PeopleTools Unauthorized Access Vulnerability (CNVD-2020-05105)

Oracle PeopleSoft Enterprise PeopleTools provides a comprehensive set of development tools that support the development and runtime of PeopleSoft applications. A security vulnerability exists in the Elastic Search component in Oracle PeopleSoft Enterprise PeopleTools 8.56, 8.57. An attacker could...

CVE-2020-2660

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

UBUNTU-CVE-2020-2659

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols...

CVE-2020-2577

CVE-2020-2577 affects Oracle MySQL Server: InnoDB is the vulnerable component. Affected versions are 5.7.28 and earlier, and 8.0.18 and earlier. The vulnerability allows a high-privileged attacker with network access via multiple protocols to cause a hang or crash (DoS) of MySQL Server. Connected...