SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the sqlExpressions feature. An attacker can execute unauthorized commands on the system by chaining SQL Expressions with plugin functionality. Remediation Upgrade github.com/grafana/grafana/pkg/expr/sql to version...

CVE-2020-2821

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite component: Budget. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade...

CVE-2019-2675

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite subcomponent: Preferences. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network...

CVE-2019-2488

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite subcomponent: Session Management. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with...