CVE-2019-2942

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

CVE-2019-2901

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...

gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password

An incorrect permission check in the admin backend in gvfs was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users...

CVE-2019-2853

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware subcomponent: Outside In Filters. The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...

DEBIAN-CVE-2019-2816

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access v...

CVE-2019-2767

Vulnerability in the BI Publisher formerly XML Publisher component of Oracle Fusion Middleware subcomponent: BI Publisher Security. The supported version that is affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

IBM QRadar SIEM Unauthorized Access Vulnerability (CNVD-2019-26399)

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. An unauthorized...

CVE-2019-2655

Vulnerability in the Oracle Interaction Center Intelligence component of Oracle E-Business Suite subcomponent: Business Intelligence OLTP. Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

CVE-2019-2629

Vulnerability in the Oracle Health Sciences Data Management Workbench component of Oracle Health Sciences Applications subcomponent: User Interface. The supported version that is affected is 2.4.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2018-3312

Vulnerability in the Oracle Retail Customer Engagement component of Oracle Retail Applications subcomponent: Segment. Supported versions that are affected are 16.0 and 17.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail...

The vulnerability of the Samba networking communication software lies in the lack of requirements for signing and encrypting SMB traffic when using DFS redirection. This allows a attacker to execute a “man-in-the-middle” attack.

The vulnerability of the Samba networking communication package is related to the lack of requirements for signing and encrypting SMB traffic when using DFS redirection. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” attack and gain access to read and modi...

CVE-2019-2413

Vulnerability in the Oracle Reports Developer component of Oracle Fusion Middleware subcomponent: Valid Session. The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer...

CVE-2019-2423

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: PIA Search. Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

Unspecified Vulnerability in IBM Security Key Lifecycle Manager

IBM Security Key Lifecycle Manager formerly known as Tivoli Key Lifecycle Manager is a set of key lifecycle management software from IBM in the United States. The software provides key storage, key maintenance and key lifecycle management for storage devices. A security vulnerability exists in IB...

SIEMENS SIMATIC S7-1200 CPU Family Cross-Site Request Forgery Vulnerability

The SIEMENS SIMATIC S7-1200 CPU Family is designed for discrete and continuous control in industrial environments such as manufacturing, food and beverage and the global chemical industry. A cross-site request forgery vulnerability exists in the SIEMENS SIMATIC S7-1200 CPU Family. This allows an...

Oracle Fusion Middleware BI Publisher Component Access Control Error Vulnerability (CNVD-2019-39893)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of Oracle's Oracle business innovation platform for enterprise and cloud environments, which provides middleware, software collections, etc. BI Publisher formerly known as XML Publisher is one of the reporting components. An access contro...

ALPINE-CVE-2018-3066

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Options. Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocol...

CVE-2018-3032

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access...

EMC ECS S3 Authentication Bypass Vulnerability

Dell EMC Elastic Cloud Storage ECS is an object storage application designed for traditional and next-generation workloads. An authentication bypass vulnerability exists in Dell EMC ECS versions 3.2.0.0 and 3.2.0.1, which can be exploited by a remote, unauthenticated attacker to read and modify S...

IBM Security Guardium Big Data Intelligence Critical Resource Privilege Assignment Vulnerability

IBM Security Guardium Big Data Intelligence is a solution that delivers the capabilities of a big data platform while meeting data security requirements. IBM Security Guardium Big Data Intelligence SonarG suffers from an incorrect assignment of critical resource permissions vulnerability. An...