PHP 安全漏洞

PHP is a scripting language that executes on the server side. PHP has a security vulnerability that allows an attacker to bypass PHP's access restrictions by using the Xml function null character in order to read or change files...

CVE-2021-40501

SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker...

nodejs 环境问题漏洞

nodejs is a JavaScript runtime environment based on the ChromeV8 engine by wrapping the Chromev8 engine as well as the use of event-driven and non-blocking IO applications to make the development of high-performance backend applications in Javascript possible. Nodejs An environment issue...

CVE-2021-2375

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime. Supported versions that are affected are 9.2.5.3 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne...

CVE-2021-2346

Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce component: Tools and Frameworks. The supported version that is affected is 11.3.1.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

PT-2021-8013 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the async xor function in the Linux kernel, which can cause data corruption problems due to incorrect calculation of xor values when sharing one page if PAGE SI...

CVE-2021-2220

Vulnerability in the PeopleSoft Enterprise SCM eProcurement product of Oracle PeopleSoft component: Manage Requisition Status. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft...

CVE-2021-2150

Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: Shopping Cart. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore...

PT-2021-7535 · Samsung +1 · Samsung Mobile Devices +1

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Devices affected versions not specified Description: The issue is related to the use of memory after it has been freed when handling file descriptors in the Display and Enhancement Controller DECON driver of the Display...

CVE-2021-2069

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. Supported versions that are affected are 8.5.4 and 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside...

IBM Security Guardium Data Encryption 访问控制错误漏洞

IBM Security Guardium Data Encryption GDE provides a modular set of encryption solutions that help security teams effectively implement data-at-rest security across the organization. An improper privilege control vulnerability exists in IBM Security Guardium Data Encryption 3.0.0.2. An attacker...

The vulnerability of the REST API interface of the Cisco IoT Field Network Director software, which allows a perpetrator to gain unauthorized access to protected information, enabling read, modify, or delete operations on data.

The vulnerability of the REST API interface of the Cisco IoT Field Network Director software lies in the absence of a authentication mechanism for accessing the database. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected informatio...

CVE-2020-3531

A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could...

PT-2020-6818 · Samsung · Samsung Mobile Devices

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Devices versions prior to SMR Mar-2021 Release 1 Description: The issue is related to improper access control in the clipboard service of Samsung mobile devices. This allows untrusted applications to read or write certain local...

CVE-2020-14801

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: PIA Core Technology. Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

CVE-2020-14810

Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospitality Applications component: WebConnect. Supported versions that are affected are 8.10.2 and 8.11-8.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2020-14768

Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion component: Smart View Provider. The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to t...

CVE-2020-14763

Vulnerability in the Oracle Application Express Quick Poll component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise...

UBUNTU-CVE-2020-24613

wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAITCERTCR state, within SanityCheckTls13MsgReceived in tls13.c. This is an incorrect implementation of the TLS 1.3 client state machine. This allows attackers in a privileged network position to completely impersonate any TLS 1.3 servers...

CVE-2020-16225

Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application...