CVE-2024-20957

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Package Build SEC. Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows high privileged attacker with network access via JDENET to compromise JD Edwards...

CVE-2024-20957

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Package Build SEC. Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows high privileged attacker with network access via JDENET to compromise JD Edwards...

CVE-2024-20930

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK. The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with network...

CVE-2024-20916

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Event Management. The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows high privileged attacker with access to the physical communication segment...

CVE-2023-21901

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 8.0.7, 8.0.8, 8.0.9, 8.1.0, 8.1.1 and 8.1.2. Easily exploitable vulnerability allows low...

Buffer overflow

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK. The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with network...

Buffer overflow

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 8.0.7, 8.0.8, 8.0.9, 8.1.0, 8.1.1 and 8.1.2. Easily exploitable vulnerability allows low...

Design/Logic Flaw

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Event Management. The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows high privileged attacker with access to the physical communication segment...

CVE-2024-20930

Oracle Outside In Technology in Oracle Fusion Middleware (Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK) is affected in version 8.5.6. The vulnerability is remotely exploitable over HTTP by a low-privileged attacker, enabling unauthorized update, insert/delete, and read ac...

CVE-2023-21901

CVE-2023-21901 affects Oracle Financial Services Analytical Applications Infrastructure (OFSAI), Infrastructure component, for OFSAI versions 8.0.7–8.1.2. The issue, caused by insufficient input validation, enables a low-privilege attacker with network access over HTTP to perform unauthorized dat...

PT-2024-1170 · Oracle · Oracle Financial Services Analytical Applications Infrastructure

Name of the Vulnerable Software and Affected Versions: Oracle Financial Services Analytical Applications Infrastructure versions 8.0.7 through 8.1.2 Description: The issue is related to insufficient input validation in the Infrastructure component of Oracle Financial Services Analytical...

PT-2024-1208 · Oracle · Oracle Crm Technical Foundation +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the Admin Console component of Oracle CRM Technical Foundation, allowing a low-privileged attacker with network acce...

PT-2024-1534 · Oracle · Jd Edwards Enterpriseone Tools

Name of the Vulnerable Software and Affected Versions: JD Edwards EnterpriseOne Tools versions prior to 9.2.8.1 Description: The issue is related to insufficient input validation in the Package Build SEC component. It allows a high-privileged attacker with network access via JDENET to compromise ...

PT-2024-1336 · Oracle · Oracle Agile Product Lifecycle Management For Process

Name of the Vulnerable Software and Affected Versions: Oracle Agile Product Lifecycle Management for Process versions prior to 6.2.4.2 Description: The issue is related to insufficient input validation in the Installation component of the Oracle Agile Product Lifecycle Management for Process...

Juniper Networks Junos OS Security Vulnerability

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. Juniper Networks Junos OS has a security vulnerability that arises from the presence of unsupported features...

Medium: java-11-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 20.0.2; Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Easily exploitable vulnerability...

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2024-1904)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.392.b08-2.82. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1904 advisory. Vulnerability in Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Jav...

CentOS 7 : java-1.8.0-ibm (RHSA-2023:3136)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3136 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affecte...

MercadoLibre: Account Takeover / Arbitrary File read and deletion / Partial code execution (intent redirection)

The vulnerability allowed for account takeover, arbitrary file read and deletion, and partial code execution through intent redirection. MercadoLibre acknowledged the issue and worked on a fix internally...

CVE-2023-48393

Kaifa Technology WebITR is an online attendance system. A remote attacker with regular user privilege can obtain partial sensitive system information from error message...