CVE-2024-21120

CVE-2024-21120 affects Oracle Outside In Technology (Outside In Core) used in Oracle Fusion Middleware. Connected sources confirm affected versions 8.5.6–8.5.7 and a local, low-privilege attacker can log on to exploit and achieve unauthorized update/insert/delete, read access to data, and partial...

CVE-2024-21117

CVE-2024-21117 affects Oracle Outside In Technology (Outside In Core) in Oracle Fusion Middleware; affected 8.5.6–8.5.7. Local, low-privilege attacker with logon can achieve low-impact confidentiality, integrity, and availability results (partial DOS). Root cause cited is insufficient input valid...

CVE-2024-21098

Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Compiler. Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit...

CVE-2024-21096

Disclaimer: This data contains information about vulnerable...

CVE-2024-21096

Technical details about CVE-2024-21096 are not publicly provided in the supplied documents. Monitoring for updates is advised; the current sources do not specify affected products, versions, exploitability, or remediation within the given materials.

CVE-2024-21096

Vulnerability in the MySQL Server product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to...

CVE-2024-21085

CVE-2024-21085 is described across multiple sources as a low-severity issue affecting Oracle Java SE and GraalVM/OpenJDK components. Affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13, 21.3.9 (plus related OpenJDK/OpenJDK11 advisories). The vulnera...

CVE-2024-21011

CVE-2024-21011 affects Oracle Java SE platforms (Hotspot) and Oracle GraalVM for JDK/Enterprise Edition. Affected versions include Java SE: 8u401, 11.0.22, 17.0.10, 21.0.2, 22; GraalVM for JDK: 17.0.10, 21.0.2, 22; GraalVM EE: 20.3.13, 21.3.9. The vulnerability is exploitable over a network by un...

PT-2024-13985 · Accredible · Accredible Credential.Net

Name of the Vulnerable Software and Affected Versions: Accredible Credential.net affected versions not specified Description: The API in Accredible Credential.net allows an Insecure Direct Object Reference attack, which discloses partial information about certificates and their respective holders...

PT-2024-4911

Name of the Vulnerable Software and Affected Versions: Oracle Outside In Technology versions 8.5.6 through 8.5.7 Description: The issue is related to insufficient input validation in the Outside In Core component of Oracle Outside In Technology, allowing a low-privileged attacker with logon to th...

CVE-2024-2756

Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...

PT-2024-4349 · Oracle +1 · Oracle Graalvm For Jdk +2

Name of the Vulnerable Software and Affected Versions: Oracle GraalVM for JDK versions 17.0.10, 21.0.2, 22 Oracle GraalVM Enterprise Edition versions 20.3.13, 21.3.9 Description: The issue is related to a vulnerability in the Compiler component of Oracle GraalVM for JDK and Oracle GraalVM...

Oracle MySQL 安全漏洞

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause unauthorized update, insert, or delete access to MySQL Server-accessible data, as well as unauthorized read access to a subs...

Slackware: Security Advisory (SSA:2024-103-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OESA-2024-1442 libgsasl security update

The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms. Security Fixes: GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API...

SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used

Background Use of a relation of the form: relation folder: folder | folderparent with an arrow such as folder-view can cause LookupSubjects to only return the subjects found under subjects for either folder or folderparent. This bug only manifests if the same subject type is used multiple types i...

GHSA-J85Q-46HG-36P2 SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used

Background Use of a relation of the form: relation folder: folder | folderparent with an arrow such as folder-view can cause LookupSubjects to only return the subjects found under subjects for either folder or folderparent. This bug only manifests if the same subject type is used multiple types i...

CVE-2024-1412

The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘message’ and 'error' parameters in all versions up to, and including, 1.11.26 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-0080

NVIDIA nvTIFF Library for Windows and Linux contains a vulnerability where improper input validation might enable an attacker to use a specially crafted input file. A successful exploit of this vulnerability might lead to a partial denial of service...

SUSE CVE-2024-26665

In the Linux kernel, the following vulnerability has been resolved: tunnels: fix out of bounds access when building IPv6 PMTU error If the ICMPv6 error is built from a non-linear skb we get the following splat, BUG: KASAN: slab-out-of-bounds in docsum+0x220/0x240 Read of size 4 at addr...