PT-2023-3697 · Oracle · Application Express Administration

Name of the Vulnerable Software and Affected Versions: Application Express Administration versions 18.2 through 22.2 Description: The issue is related to insufficient input validation in the Application Express Administration product of Oracle Application Express. It allows an unauthenticated...

PT-2023-3944 · Oracle · Oracle Business Intelligence Enterprise Edition

Name of the Vulnerable Software and Affected Versions: Oracle Business Intelligence Enterprise Edition versions 6.4.0.0.0 and 7.0.0.0.0 Description: The issue is related to errors in processing input data in the Analytics Server component. It allows a low-privileged attacker with network access v...

PT-2023-4024 · Oracle · Oracle Hyperion Workspace

Name of the Vulnerable Software and Affected Versions: Oracle Hyperion Workspace version 11.2.13.0.000 Description: The issue is related to insecure privilege management in the UI and Visualization component of Oracle Hyperion Workspace. It allows a low-privileged attacker with network access via...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management, and other functions. A security vulnerability in the Oracle Web...

PT-2023-3700 · Oracle +1 · Oracle Web Applications Desktop Integrator +1

Name of the Vulnerable Software and Affected Versions: Oracle Web Applications Desktop Integrator versions 12.2.3 through 12.2.12 Description: The issue is related to insufficient input validation in the MS Excel Specific component of Oracle Web Applications Desktop Integrator, part of the Oracle...

PT-2023-4051

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 11.0.19, 17.0.7, 20.0.1 Oracle GraalVM Enterprise Edition versions 20.3.10, 21.3.6, 22.3.2 Oracle GraalVM for JDK versions 17.0.7, 20.0.1 Description The issue is related to errors in processing input data in the Utilit...

Hamba avro 资源管理错误漏洞

Avro is a fast Go Avro codec in the hamba open source. A resource management error vulnerability exists in Hamba avro that stems from using partial input from Unmarshal to determine the size when creating a new slice, allowing an arbitrary amount of memory to be consumed, causing the program to...

Wisconsin Governor Hacks the Veto Process

In my latest book, A Hackers Mind, I wrote about hacks as loophole exploiting. This is a great example: The Wisconsin governor used his line-item veto powers--supposedly unique in their specificity--to change a one-year funding increase into a 400-year funding increase. He took this wording:...

FreeBSD : mediawiki -- multiple vulnerabilities (95dad123-180e-11ee-86ba-080027eda32c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 95dad123-180e-11ee-86ba-080027eda32c advisory. - guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are...

Security Bulletin: NVIDIA CUDA Toolkit - June 2023

NVIDIA has released a software update for NVIDIA® CUDA® Toolkit software. This update addresses security issues that may lead to partial denial of service. To protect your system, download and install this software update from the CUDA Toolkit Downloads page. Go to NVIDIA Product Security. Detail...

GHSA-M54H-5X5F-5M6R SpiceDB's LookupResources may return partial results

Impact Any user making a negative authorization decision based on the results of a LookupResources request with 1.22.0 is affected. For example, using LookupResources to find a list of resources to allow access to be okay: some subjects that should have access to a resource may not. But if using...

CVE-2023-36675

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature...

CVE-2023-36675

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature...

CVE-2023-36675

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature...

DEBIAN-CVE-2023-36675

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature...

Design/Logic Flaw

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature...

UBUNTU-CVE-2023-36675

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature...

CVE-2023-36675

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature...

CVE-2023-36675

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature...

PT-2023-8923 · Mediawiki +2 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.11 MediaWiki versions 1.36.x through 1.38.x before 1.38.7 MediaWiki versions 1.39.x before 1.39.4 MediaWiki versions 1.40.x before 1.40.1 Description: The issue is related to a possibility of using XSS in the...