mysql: Server: Replication unspecified vulnerability (CPU Apr 2021)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

CVE-2021-33704

The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited via Network stack...

CVE-2021-35218

Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server...

CVE-2021-2341

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows...

CVE-2021-2339

CVE-2021-2339 affects Oracle MySQL Server (component: Server: DDL). Affected are MySQL 8.0.25 and earlier. The vulnerability can be exploited remotely by a high-privilege attacker with network access via multiple protocols to cause a hang or a frequent, repeatable crash (DoS). Some connected advi...

VMware vRealize Operations Arbitrary File Write Vulnerability

VMware vRealize Operations is an application from vmware, Inc. A unified, AI-based platform for private, hybrid and multi-cloud environments that delivers IT operations management on autopilot. An arbitrary file write vulnerability exists in the vRealize Operations Manager API prior to version 8....

CVE-2021-2029

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite component: Miscellaneous. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting...

CVE-2020-14793

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

tigervnc: Heap buffer overflow in DecodeManager::decodeRect

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This...

tigervnc: Stack buffer overflow in CMsgReader::readSetCursor

TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values...

CVE-2020-16147

The login page in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via Unauthenticated code injection over the network...

eos buffer error vulnerability

eos is an open source smart contract platform. A stack overflow vulnerability exists in the 'abiserializer' function in versions after eos commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168. An attacker can exploit this vulnerability by sending a network request to attack an eos network node...

CVE-2020-14577

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to...

FreeRDP Buffer Overflow Vulnerability (CNVD-2020-28987)

FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team. FreeRDP suffers from a buffer overflow vulnerability. The vulnerability stems from a networked system or product performing operations in memory without properly validating data boundaries, resultin...

FFmpeg Buffer Overflow Vulnerability (CNVD-2020-32372)

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A buffer overflow vulnerability exists in the cbsjpegsplitfragment file in libavcodec/cbsjpeg.c in FFmpeg version 4.2.2. The vulnerability stems from a networked system or product performin...

OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

CVE-2020-2815

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite component: Profile. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks requi...

CVE-2020-2778

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

UBUNTU-CVE-2020-2757

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

MariaDB 10.2.0 < 10.2.31

The version of MariaDB installed on the remote host is prior to 10.2.31. It is, therefore, affected by a vulnerability as referenced in the 10.2.31 advisory. - Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.46 and prior,...