102 matches found
Oracle BI Publisher安全漏洞
Oracle BI Publisher is a reporting solution from Oracle Corporation USA that makes it easier and faster to create, manage and deliver all reports and documents than traditional reporting tools. Oracle BI Publisher has a security vulnerability that can be exploited by an attacker to cause a takeov...
Oracle BI Publisher 安全漏洞
Oracle BI Publisher is a reporting solution from Oracle Corporation USA that makes it easier and faster to create, manage and deliver all reports and documents than traditional reporting tools. A security vulnerability exists in Oracle BI Publisher 5.9.0.0.0, 6.4.0.0.0, and 12.2.1.4.0, which can ...
PUB-A-227203684
In sdpufindmostspecificserviceuuid of sdputils.cc, there is a possible way to crash Bluetooth due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation...
It's possible to steal a part of the funds in any pair contract and/or DOS a new pair
Lines of code Vulnerability details The function collectFeesaddress account, uint256 memory ids in LBPair.sol is supposed to calculate and transfer the fees owed to account. Since the protocol assumes that the pair contract itself cannot accumulate fees, this function is exploitable by passing th...
Add members to the not yet created community
Lines of code Vulnerability details Impact There is a addMember function in the Community. The function accepts data that should be signed by the community.owner and newMemberAddr. // Compute hash from bytes bytes32 hash = keccak256data; // Decode params from data uint256 communityID, address...
Vulnerability fixed in rsyslog
The developers of rsyslog have fixed a vulnerability in rsyslog. A malicious party could exploit the vulnerability to cause a denial-of-service, or to potentially manipulate data manipulate and thus potentially inject false information into the central syslog environment. The developers do not ru...
CVE-2022-1753 WoWonder Group requests.php access control
A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is responsible to handle group messages. The manipulation of the argument groupid allows posting messages in other groups. It is possible to launch the attack remotely but it might...
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
...
PUB-A-194697257
In TBD of TBD, there is a possible downgrade attack due to under utilized anti-rollback protections. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
UBUNTU-CVE-2021-2402
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Locking. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...
CVE-2021-20424
IBM Cloud Pak for Applications 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. X-Force ID: 196309...
SUSE: Security Advisory (SUSE-SU-2019:1239-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:1268-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:1238-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ALPINE-CVE-2020-36323
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed or the program to crash if the borrowed string changes after its length is checked...
The vulnerability of the software package that implements the Squid caching proxy server’s function relates to incorrect elimination of certain elements in the output data. This allows a hacker to compromise the integrity of the data.
The vulnerability of the software package that implements the Squid caching proxy server lies in the improper elimination of certain elements in the output data. Exploiting this vulnerability allows a remote attacker to compromise the integrity of the data...
CVE-2020-26941
A local authenticated low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite deletion of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation...
DEBIAN-CVE-2020-14776
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
PT-2019-3913
Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description The issue is related to errors in handling objects in memory in the Win32k component of Windows operating systems. It allows an attacker to potentially elevate their privileges using a...