Security Bulletin: IBM Guardium Data Protection is affected by a spring-security-config-5.8.14.jar vulnerability (CVE-2024-38827)

Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working...

CVE-2025-14511

CVE-2025-14511 concerns GitLab CE/EE where an unauthenticated user could trigger a DoS by sending specially crafted files to the container registry event endpoint under certain conditions. Affected versions include 12.2–before 18.7.5, 18.8–before 18.8.5, and 18.9–before 18.9.1. GitLab has remedia...

Linux Distros Unpatched Vulnerability : CVE-2023-2030

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attack...

CVE-2024-21042

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2023-21850

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain component: E-Business Collections. Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2025-30716

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite component: CRM User Management Framework. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2022-33756

CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data...

Oracle E-Business Suite和Oracle Trade Management 安全漏洞

Oracle E-Business Suite is an extension of the original Application ERP and includes a collection of ERP Enterprise Resource Planning Management, HR Human Resource Management, CRM Customer Relationship Management and other applications that are seamlessly integrated into one management suite. A...

CVE-2021-2380

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Attachments / File Upload. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromis...

CVE-2021-2181

Vulnerability in the Oracle Document Management and Collaboration product of Oracle E-Business Suite component: Attachments. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to...

PT-2021-2849

Name of the Vulnerable Software and Affected Versions Oracle iSetup versions 12.1.3 and 12.2.3 through 12.2.10 Description The issue is related to errors in the code of the General Ledger Update Transform and Reports components of Oracle iSetup in the Oracle E-Business Suite system. This can allo...

CVE-2021-2102

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain component: Dialog Box. Supported versions that are affected are 11.5.10, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2021-2079

Vulnerability in the Oracle Configurator product of Oracle Supply Chain component: UI Servlet. Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attack...

Oracle Configurator 安全漏洞

Oracle Configurator is a sales and configuration product that provides the next generation of the latest configuration technology. An unspecified vulnerability exists in the UI Servlet component in Oracle Configurator 12.1, 12.2. An attacker could exploit this vulnerability to compromise...

Oracle Dialog Box Security Vulnerability

Oracle Dialog Box is the United States Oracle Oracle company can generate a dialog box Windows API functions. This file exists in many Oracle products and provides dialog box support for the products. A security vulnerability exists in Oracle Dialog Box, which arises from unauthorized full access...

Oracle Supply Chain 和 Oracle Configurator 安全漏洞

Oracle Configurator is a sales and configuration product that provides the next generation of the latest configuration technology. An unspecified vulnerability exists in the UI Servlet component in Oracle Configurator 12.1, 12.2. An attacker could exploit this vulnerability to compromise...

PT-2021-1774 · Oracle · Oracle Complex Maintenance

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 11.5.10, 12.1, and 12.2 Description: The issue is related to insufficient access control in the Dialog Box component of the Oracle Complex Maintenance, Repair, and Overhaul product. It...

PT-2020-13416 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 12.2 through 13.0.1 Description: A user with an unverified email address could request access to domain-restricted groups. Recommendations: For GitLab EE versions 12.2 through 13.0.1, update to a version that contains a fix...

CVE-2017-3435

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network...

KLA10510 Multiple vulnerabilities in Cisco IOS

An unspecified vulnerabilities were found in multiple versions of Cisco IOS. By exploiting these vulnerabilities malicious users can cause denial of service or execute arbitrary code. This vulnerability can be exploited remotely via a specially designed packets or messages. Original advisories -...