OpenStack Vitrage: Unauthorized Access to the Host can Lead to Eval Injection

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

Grafana Alerting DingDing Integration URL Exposed to Viewers

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01,...

Hitachi Energy RTU500 安全漏洞

RTU500 is a series of industrial control components from Hitachi, Japan, mainly used in industrial control systems. A security vulnerability exists in Hitachi Energy RTU500 series CMU Firmware versions 12.0.1 through 12.0.14, which is caused due to a problem in the handling of stb language files,...

Huawei EMUI 安全漏洞

Huawei EMUI is an Android-based mobile operating system developed by Chinese company Huawei Huawei. A security vulnerability exists in Huawei EMUI version 12.0.1, EMUI version 12.0.0, and EMUI version 11.0.1. An attacker exploited the vulnerability to add arbitrary widgets and shortcuts without...

Oracle FLEXCUBE Direct Banking Information Disclosure Vulnerability

Oracle FLEXCUBE Direct Banking enables banks to deliver a tailored, portal-based, rich online customer experience based on demographics and market segments. An information disclosure vulnerability exists in the Pre Login component in Oracle FLEXCUBE Direct Banking versions 12.0.1, 12.0.2, and...

CVE-2020-2685

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HT...

OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Utilities. Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

Oracle FLEXCUBE Private Banking Denial of Service Vulnerability

Oracle FLEXCUBE Private Banking is a banking and financial services solution. A security vulnerability exists in the implementation of Oracle FLEXCUBE Private Banking versions 2.0.0, 2.0.1, 2.2.0.1, 12.0.1, which can be exploited by remote attackers to affect availability...

CVE-2017-3535

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2 and 12.0.3. Easily "exploitable" vulnerability allows unauthenticated attacker with...

CVE-2017-3534

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily "exploitable" vulnerability allows low privileged attacker wi...

CVE-2017-3488

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications subcomponent: Unit Trust. Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0 and 12.3.0. Easily "exploitable" vulnerability allows low privileged attack...

CVE-2017-3480

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 11.3.0, 11.4.0 and 12.0.1. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via...

CVE-2016-8313

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications subcomponent: Product / Instrument Search. Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access...

CVE-2016-8301

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Core. Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with...

CVE-2016-8305

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Core. Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows physical access to compromise...

Oracle FLEXCUBE Private Banking Security Bypass Vulnerability (CNVD-2017-00786)

Oracle FLEXCUBE Private Banking is a product of Oracle Corporation USA. It plans, records, tracks and manages client wealth across a range of asset classes and tools to increase financial advisor productivity and improve client relationships. A remote security bypass vulnerability exists in Oracl...