Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-35118: AARO-Bugs/AARO-CVE-List.md at master · Accenture/AARO-Bugs

PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.

CVE
#sql#xss#csrf#vulnerability#ios#android#mac#windows#apple#google#microsoft#linux#cisco#dos#git#java#oracle#php#rce#ssrf#vmware#buffer_overflow#samsung#auth#chrome#firefox#wifi

CVE-2001-0710 5.0 NetBSD, FreeBSD NetBSD, FreeBSD NetBSD 1.5 and earlier, FreeBSD 4.3 and earlier 37005 Denial of Service FusionX James Thomas ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-006.txt.asc CVE-2012-0160 10.0 Microsoft .Net Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 ms12-035 .NET Framework Serialization Vulnerability Context IS James Forshaw https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-035 CVE-2012-0161 10.0 Microsoft .Net Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 ms12-035 .NET Framework Serialization Vulnerability Context IS James Forshaw https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-035 CVE-2014-3524 10.0 LibreOffice Calc <4.3.1 and <4.2.6 4.3.1 and 4.2.6 Command injection when loading Calc spreadsheets under Windows Context IS James Kettle, Rohan Durve https://blog.documentfoundation.org/blog/2014/08/28/libreoffice-4-3-1-fresh-announced/ CVE-2016-1801 7.5 Apple iOS/MacOS iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 iOS 9.3.2, OS X 10.11.5, and tvOS 9.2.1 Information disclosure vulnerability in Proxy Auto-Config Context IS Paul Stone, Alex Chapman https://lists.apple.com/archives/security-announce/2016/May/msg00001.html CVE-2016-3535 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3 CPU July 2016 XSS Accenture Martin Petráň https://www.oracle.com/security-alerts/cpujul2016.html#AppendixEBS CVE-2016-3536 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3 CPU July 2016 XSS Accenture Martin Petráň https://www.oracle.com/security-alerts/cpujul2016.html#AppendixEBS CVE-2016-3763 3.3 Google Android Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 Android 4.4.4, 5.0.2, 5.1.1, and 6.x 2016-07-01 Information disclosure vulnerability in Proxy Auto-Config Context IS Paul Stone, Alex Chapman https://source.android.com/security/bulletin/2016-07-01 CVE-2016-5134 8.8 Google Chrome <52.0.2743.82 52.0.2743.82 URL leakage via PAC script Context IS Paul Stone, Alex Chapman https://chromereleases.googleblog.com/2016/07/stable-channel-update.html CVE-2016-7086 7.8 Vmware Vmware Workstation Pro + Player <12.5.0 12.5.0 Local privileges escalation in VMware installer Context IS Adam Bridge https://www.vmware.com/security/advisories/VMSA-2016-0014.html CVE-2016-7742 7.8 Apple MacOS <10.12.2 10.12.2 Opening a maliciously crafted archive may lead to arbitrary code execution Context IS Gareth Evans https://support.apple.com/HT207423 CVE-2016-7988 7.5 Samsung Android KK(4.4), L(5.0/5.1), and M(6.0) SMR-AUG-2016 No Permissions on SET_WIFI Broadcast receiver Context IS Tom Court https://security.samsungmobile.com/securityUpdate.smsb CVE-2016-7989 7.5 Samsung Android KK(4.4), L(5.0/5.1), and M(6.0) SMR-AUG-2016 Unhandled ArrayIndexOutOfBounds exception in Android Runtime Context IS Tom Court https://security.samsungmobile.com/securityUpdate.smsb CVE-2016-7990 9.8 Samsung Android KK(4.4), L(5.0/5.1), and M(6.0) SMR-DEC-2016 Integer overflow in libomacp.so Context IS Tom Court https://security.samsungmobile.com/securityUpdate.smsb CVE-2016-7991 7.5 Samsung Android KK(4.4), L(5.0/5.1), and M(6.0) SMR-DEC-2016 omacp app ignores security fields in OMA CP message Context IS Tom Court https://security.samsungmobile.com/securityUpdate.smsb CVE-2017-5384 5.9 Mozilla Firefox <51 51 Information disclosure via Proxy Auto-Config (PAC) Context IS Paul Stone, Alex Chapman https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/ CVE-2017-5669 7.8 Linux < v4.17-rc7 v4.17-rc7 Shmat syscall allows null-page protection bypass Context IS Gareth Evans https://bugzilla.kernel.org/show_bug.cgi?id=192931 CVE-2017-8419 7.8 LAME Lame 3.99.5 MP3 <v3.100 v3.100 Multiple stack and heap corruptions from malicious file Context IS Gareth Evans https://sourceforge.net/p/lame/bugs/458/ CVE-2017-9377 8.8 Barco ClickShare Base Units <v1.7.0.3 v1.7.0.3 Command Injection Vulnerability on ClickShare Base Units Context IS Claudio Moletta https://www.barco.com/en/Support/software/R33050037 CVE-2018-3242 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 CPU October 2018 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2018.html#AppendixEBS CVE-2018-3243 8.2 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 CPU October 2018 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2018.html#AppendixEBS CVE-2018-3253 8.5 Oracle Virtual Directory 11.1.1.7.0-11.1.1.9.0 CPU October 2018 Read Domain User Password Hashes Accenture Jason Lang https://www.oracle.com/security-alerts/cpuoct2018.html CVE-2018-3256 4.9 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 CPU October 2018 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2018.html#AppendixEBS CVE-2018-6492 6.1 MicroFocus HP Network Automation v10.0x, v10.1x, v10.2x, v10.3x, v10.4x, v10.5x MFSBGN03806 Cross-Site Scripting (XSS) Context IS Tilman Bender, Dennis Herrmann and Bastian Kanbach https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014 CVE-2018-6493 8.8 MicroFocus HP Network Automation v10.0x, v10.1x, v10.2x, v10.3x, v10.4x, v10.5x MFSBGN03806 SQL Injection Context IS Tilman Bender, Dennis Herrmann and Bastian Kanbach https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014 CVE-2018-8150 6.5 Microsoft Office Outlook Microsoft Office 2016 Click-to-Run (C2R) 8.5.2018 Security Feature Bypass Atanas Kirilov https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8150 CVE-2018-12939 6.5 steinm SeedDMS <5.1.8 5.1.8 Directory Traversal Context IS Dennis Herrmann and Malte Poll https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG CVE-2018-12940 8.8 steinm SeedDMS <5.1.8 5.1.8 Unrestricted File Upload Context IS Dennis Herrmann and Malte Poll https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG CVE-2018-12941 8.8 steinm SeedDMS <5.1.8 5.1.8 Remote Code Execution Context IS Dennis Herrmann and Malte Poll https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG CVE-2018-12942 8.8 steinm SeedDMS <5.1.8 5.1.8 SQL Injection Context IS Dennis Herrmann and Malte Poll https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG CVE-2018-12943 6.1 steinm SeedDMS <5.1.8 5.1.8 Cross Site Scripting (XSS) Context IS Dennis Herrmann and Malte Poll https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG CVE-2018-12944 6.1 steinm SeedDMS <5.1.8 5.1.8 Persistent Cross-Site Scripting (XSS) Context IS Dennis Herrmann and Malte Poll https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG CVE-2018-15510 6.1 Totemo Totemomail 6.0.0 < 6.0 to build 578 6.0 to build 578 Cross-Site Scripting Context IS Michael Skiba, Andre Waldhoff, Carsten Sandker https://www.contextis.com/en/resources/advisories/cve-2018-15510 CVE-2018-15511 6.1 Totemo Totemomail 6.0.0 < 6.0 to build 578 6.0 to build 578 Cross-Site Scripting Context IS Michael Skiba, Andre Waldhoff, Carsten Sandker https://www.contextis.com/en/resources/advisories/cve-2018-15511 CVE-2018-15512 6.1 Totemo Totemomail 6.0.0 < 6.0 to build 578 6.0 to build 578 Cross-Site Scripting Context IS Michael Skiba, Andre Waldhoff, Carsten Sandker https://www.contextis.com/en/resources/advisories/cve-2018-15512 CVE-2018-15513 5.3 Totemo Totemomail 6.0.0 < 6.0 to build 578 6.0 to build 578 Privilege Escalation Context IS Michael Skiba, Andre Waldhoff, Carsten Sandker https://www.contextis.com/en/resources/advisories/cve-2018-15513 CVE-2018-18379 6.1 Elementor Elementor LTD < 2.0.10 2.0.10 Cross Site Scripting (XSS) Context IS Christopher Vella https://www.contextis.com/en/resources/advisories/cve-2018-18379 CVE-2018-18589 8.0 Microfocus Real User Monitoring (RUM) 9.26IP, 9.30, 9.40 and 9.50 Java Deserialization Input Validation iDefense, Accenture Deapesh Misra https://upport.microfocus.com/kb/kmdoc.php?id=KM03272900 CVE-2019-2400 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS CVE-2019-2445 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS CVE-2019-2447 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS CVE-2019-2470 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS CVE-2019-2485 4.7 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS CVE-2019-2491 4.7 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS CVE-2019-2492 4.7 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS CVE-2019-2496 4.7 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 Content Spoofing Accenture Andrej Šimko, Deapesh Misra https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS CVE-2019-2497 8.2 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS CVE-2019-2551 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2600 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2603 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2604 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2622 4.7 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 Open Redirect Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2639 8.2 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2640 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2641 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2642 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2643 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2651 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2652 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2653 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2654 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2660 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2661 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2662 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2663 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2664 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2665 8.2 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2666 8.2 Oracle E-Business Suite 12.1.1 - 12.1.3, 12.2.3 - 12.2.8 CPU July 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2019.html#AppendixEBS CVE-2019-2668 8.2 Oracle E-Business Suite 12.1.1 - 12.1.3, 12.2.3 - 12.2.8 CPU July 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2019.html#AppendixEBS CVE-2019-2669 4.7 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2670 4.7 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2671 8.2 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2672 8.2 Oracle E-Business Suite 12.1.1 - 12.1.3, 12.2.3 - 12.2.8 CPU July 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2019.html#AppendixEBS CVE-2019-2673 4.7 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2674 4.7 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2675 8.2 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2676 4.7 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2677 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS CVE-2019-2837 8.2 Oracle E-Business Suite 12.1.3, 12.2.3 - 12.2.8 CPU July 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2019.html#AppendixEBS CVE-2019-2930 4.7 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.8 CPU October 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS CVE-2019-2990 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU October 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS CVE-2019-2994 8.2 Oracle E-Business Suite 12.1.1-12.1.3 CPU October 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS CVE-2019-2995 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU October 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS CVE-2019-3000 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU October 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS CVE-2019-3022 5.8 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU October 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS CVE-2019-3024 4.7 Oracle E-Business Suite 12.2.3-12.2.9 CPU October 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS CVE-2019-6113 7.5 Onkyo Onkyo TX-NR686 1030-5000-1040-0010 N/A Directory Traversal Context IS Michael Skiba https://www.contextis.com/en/resources/advisories/cve-2019-6113 CVE-2019-9268 5.5 Google Android lmp-mr1, mnc, mnc-mr1, mnc-mr2, nyc, nyc-mr1, nyc-mr2, oc Android 10 Security Release Notes Improper Locking Deja vu Christopher Dombroski https://source.android.com/security/overview/release-acknowledgements CVE-2019-15746 9.8 BMLV Stammportal SITOS Six <= Build v6.2.1 N/A PHP Command Injection Context IS Dennis Herrmann and Andre Waldhoff https://www.contextis.com/en/resources/advisories/cve-2019-15746 CVE-2019-15747 8.8 BMLV Stammportal SITOS Six <= Build v6.2.1 N/A Privilege Escalation via Client-Side-Source Manipulation Context IS Dennis Herrmann and Andre Waldhoff https://www.contextis.com/en/resources/advisories/cve-2019-15747 CVE-2019-15748 9.8 BMLV Stammportal SITOS Six <= Build v6.2.1 N/A Authorisation Bypass Context IS Dennis Herrmann and Andre Waldhoff https://www.contextis.com/en/resources/advisories/cve-2019-15748 CVE-2019-15749 6.5 BMLV Stammportal SITOS Six <= Build v6.2.1 N/A Account Takeover Context IS Dennis Herrmann and Andre Waldhoff https://www.contextis.com/en/resources/advisories/cve-2019-15749 CVE-2019-15750 6.1 BMLV Stammportal SITOS Six <= Build v6.2.1 N/A Cross-Site-Scripting - Non-Persistent Context IS Dennis Herrmann and Andre Waldhoff https://www.contextis.com/en/resources/advisories/cve-2019-15750 CVE-2019-15751 9.8 BMLV Stammportal SITOS Six <= Build v6.2.1 N/A Unrestricted File Upload via SCORM File Context IS Dennis Herrmann and Andre Waldhoff https://www.contextis.com/en/resources/advisories/cve-2019-15751 CVE-2020-1030 7.8 Microsoft Windows 7/8.1/10, Server 2008/2012/2016/2019 KB(4570333, 4571756, 4574727, 4577015, 4577032, 4577038, 4577041, 4577048, 4577049, 4577051, 4577053, 4577064, 4577066, 4577070, 4577071) Elevation of Privilege Vulnerability FusionX Victor Mata https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1030#ID0EWIAC CVE-2020-1062 7.5 Microsoft Internet Explorer 9 through 11 11 Internet Explorer Memory Corruption Vulnerability iDefense Rohit Mothe https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1062 CVE-2020-2582 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS CVE-2020-2596 4.7 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU January 2020 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS CVE-2020-2597 4.7 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS CVE-2020-2657 4.7 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU January 2020 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS CVE-2020-2658 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS CVE-2020-2661 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS CVE-2020-2662 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS CVE-2020-2665 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS CVE-2020-2667 4.7 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS CVE-2020-2668 4.7 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS CVE-2020-2669 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS CVE-2020-2670 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS CVE-2020-2671 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS CVE-2020-2672 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS CVE-2020-2794 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU April 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixEBS CVE-2020-2796 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU April 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixEBS CVE-2020-2813 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU April 2020 XSS Accenture Esteban Morales Montes https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixEBS CVE-2020-2810 4.7 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU April 2020 Open Redirect Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixEBS CVE-2020-3369 8.6 CISCO SD-WAN vEdge router 19.2.0, 19.2.097, 19.2.098, 19.2.1 19.2.2, 20.1.1 DoS Maglan Gil Fidel https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fpdos-hORBfd9f CVE-2020-3385 7.4 CISCO SD-WAN vEdge router SD-WAN vEdge 5000 Series Routers, SD-WAN vEdge Cloud Routers 18.4.5, 19.2.3, 20.1.1 DoS Maglan Gil Fidel https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vedgfpdos-PkqQrnwV CVE-2020-5825 5.5 Symantec SEP Prior to 14.2 RU2 MP1 (14.2.5569.2100) Upgrade to 14.2 RU2 MP1 (14.2.5569.2100) arbitrary file write vulnerability FusionX Bryan Alexander https://support.broadcom.com/security-advisory/content/0/0/SYMSA1505
https://www.accenture.com/us-en/blogs/cyber-defense/exploiting-arbitrary-file-move-in-symantec-endpoint-protection CVE-2020-9767 7.8 Zoom Video Communications, Inc Zoom Client for Windows where the Zoom Sharing Service is installed < 5.0.4 5.0.4 Zoom Sharing Service Local Privilege Escalation Context IS Connor Scott https://support.zoom.us/hc/en-us/articles/360044350792-Security-CVE-2020-9767 CVE-2020-13133 6.1 Tufin SecureChange <R19.3 HF3 + <R20.1 HF1 R19.3 HF3 + R20.1 HF1 Stored XSS Accenture Andrej Šimko https://portal.tufin.com/aspx/SecurityAdvisories CVE-2020-13134 4.8 Tufin SecureChange <R19.3 HF3 + <R20.1 HF1 R19.3 HF3 + R20.1 HF1 Stored XSS Accenture Andrej Šimko https://portal.tufin.com/aspx/SecurityAdvisories CVE-2020-13407 6.8 Tufin SecureTrack <R20-2 GA R20-2 GA Stored XSS Accenture Andrej Šimko https://portal.tufin.com/aspx/SecurityAdvisories CVE-2020-13408 6.8 Tufin SecureTrack <R20-2 GA R20-2 GA Stored XSS Accenture Andrej Šimko https://portal.tufin.com/aspx/SecurityAdvisories CVE-2020-13409 6.8 Tufin SecureTrack <R20-2 GA R20-2 GA Stored XSS Accenture Andrej Šimko https://portal.tufin.com/aspx/SecurityAdvisories CVE-2020-13418 6.1 OpenIAM OpenIAM 4.1.8 (and possibly other versions in 4.1.x) 4.2.0.3 XSS Accenture Marek Klon http://docs.openiam.com/docs-4.2.0/changelog/1-Release-4.2.0 CVE-2020-13419 5.3 OpenIAM OpenIAM 4.1.8 (and possibly other versions in 4.1.x) 4.2.0.3 Path Traversal Accenture Marek Klon http://docs.openiam.com/docs-4.2.0/changelog/1-Release-4.2.0 CVE-2020-13420 9.8 OpenIAM OpenIAM 4.1.8 (and possibly other versions in 4.1.x) 4.2.0.3 Remote Code Execution Through Groovy Script Accenture Marek Klon http://docs.openiam.com/docs-4.2.0/changelog/1-Release-4.2.0 CVE-2020-13421 9.8 OpenIAM OpenIAM 4.1.8 (and possibly other versions in 4.1.x) 4.2.0.3 Missing role segregation Accenture Marek Klon http://docs.openiam.com/docs-4.2.0/changelog/1-Release-4.2.0 CVE-2020-13422 8.1 OpenIAM OpenIAM 4.1.8 (and possibly other versions in 4.1.x) 4.2.0.3 Privilege escalation Accenture Marek Klon http://docs.openiam.com/docs-4.2.0/changelog/1-Release-4.2.0 CVE-2020-13460 6.3 Tufin SecureTrack <R20-2 GA R20-2 GA CSRF Accenture Andrej Šimko https://portal.tufin.com/aspx/SecurityAdvisories CVE-2020-13461 4.3 Tufin SecureTrack Not planned to be resolved N/A Username enumeration Accenture Andrej Šimko https://portal.tufin.com/aspx/SecurityAdvisories CVE-2020-13462 4.3 Tufin SecureChange <R20-2 GA R20-2 GA IDOR Accenture Andrej Šimko https://portal.tufin.com/aspx/SecurityAdvisories CVE-2020-14534 8.2 Oracle E-Business Suite 12.2.9 CPU July 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS CVE-2020-14555 4.7 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU July 2020 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS CVE-2020-14590 2.7 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU July 2020 IP address disclosure Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS CVE-2020-14657 7.6 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU July 2020 Stored XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS CVE-2020-14658 9.1 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU July 2020 SQL Injection Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS CVE-2020-14659 4.7 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU July 2020 Open Redirect Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS CVE-2020-14660 8.2 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU July 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS CVE-2020-14661 4.7 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU July 2020 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS CVE-2020-14665 9.1 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU July 2020 SQL Injection Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS CVE-2020-14666 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU July 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS CVE-2020-14667 7.6 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU July 2020 Stored XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS CVE-2020-14679 7.5 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU July 2020 Unauthorized Role Removal Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS CVE-2020-14688 8.2 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU July 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS CVE-2020-14774 7.5 Oracle E-Business Suite 12.1.1 - 12.1.3, 12.2.3 - 12.2.10 CPU October 2020 Chained DoS + CSRF Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixEBS CVE-2020-14808 8.2 Oracle E-Business Suite 12.1.3, 12.2.3 - 12.2.10 CPU October 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixEBS CVE-2020-16240 7.5 General Electric APM (Meridium) 4.4.x and earlier 4.5.0 IDOR Accenture Guido Marilli https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-20-04
https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01 CVE-2020-16244 7.2 General Electric APM (Meridium) 4.4.x and earlier 4.5.0 Use of a one-way hash without a salt Accenture Guido Marilli https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-20-04
https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01 CVE-2020-16279 9.8 Rangee GmbH RangeeOS <= 8.0.4 N/A OS Command Injection Context IS Andre Waldhoff and Bastian Kanbach https://www.contextis.com/en/resources/advisories/cve-2020-16279 CVE-2020-16280 5.5 Rangee GmbH RangeeOS <= 8.0.4 N/A Unprotected Storage of Credentials Context IS Andre Waldhoff and Bastian Kanbach https://www.contextis.com/en/resources/advisories/cve-2020-16280 CVE-2020-16281 7.8 Rangee GmbH RangeeOS <= 8.0.4 N/A Restricted Environment Breakout Context IS Andre Waldhoff and Bastian Kanbach https://www.contextis.com/en/resources/advisories/cve-2020-16281 CVE-2020-16282 8.8 Rangee GmbH RangeeOS <= 8.0.4 N/A Execution with Unnecessary Privileges Context IS Andre Waldhoff and Bastian Kanbach https://www.contextis.com/en/resources/advisories/cve-2020-16282 CVE-2020-24662 5.4 SmartStream Technologies Transaction Lifecycle Management (TLM) Reconciliation Premium (RP) <TLM RP 3.1.0 TLM RP 3.1.0 Stored XSS Accenture Klára Szabó N/A CVE-2020-24663 5.4 Trace Financial Crest Bridge <6.3.0.02 6.3.0.03 Stored XSS Accenture Klára Szabó CREST Bridge Information Bulletin 39 (not public) CVE-2020-24664 5.4 Hitachi Vantara Pentaho User Console < 7.1.0.25 + < 8.2.0.6 + < 8.3.0.0 GA >= 7.1.0.25 + >= 8.2.0.6 + >= 8.3.0.0 GA Reflected XSS Accenture Andrej Šimko http://www.hitachi.com/hirt/hitachi-sec/2020/601.html CVE-2020-24665 6.5 Hitachi Vantara Pentaho User Console < 7.1.0.25 + < 8.2.0.6 + < 8.3.0.0 GA >= 7.1.0.25 + >= 8.2.0.6 + >= 8.3.0.0 GA XML Bomb Accenture Andrej Šimko http://www.hitachi.com/hirt/hitachi-sec/2020/601.html CVE-2020-24666 5.4 Hitachi Vantara Pentaho User Console <7.1.0.23.197 9.1.0.1 Reflected XSS Accenture Stanislav Dusek http://www.hitachi.com/hirt/hitachi-sec/2020/601.html CVE-2020-24667 8.8 Trace Financial Crest Bridge <6.3.0.02 6.3.0.03 SQL Injection Accenture Lukáš Bandura CREST Bridge Information Bulletin 39 (not public) CVE-2020-24668 5.4 Trace Financial Crest Bridge <6.3.0.02 6.3.0.03 Stored XSS Accenture Klára Szabó CREST Bridge Information Bulletin 39 (not public) CVE-2020-24669 4.4 Hitachi Vantara Pentaho User Console < 8.3.0.9 + < 9.0.0.1+ < 9.1.0.0 GA >= 8.3.0.9 + >= 9.0.0.1 + >= 9.1.0.0 GA DOM Based XSS Accenture Klára Szvitková http://www.hitachi.com/hirt/hitachi-sec/2020/601.html CVE-2020-24670 5.4 Hitachi Vantara Pentaho User Console < 7.1.0.25 + < 8.2.0.6 + < 8.3.0.0 GA >= 7.1.0.25 + >= 8.2.0.6 + >= 8.3.0.0 GA Reflected XSS Accenture Andrej Šimko http://www.hitachi.com/hirt/hitachi-sec/2020/601.html CVE-2020-24671 8.8 Trace Financial Crest Bridge <6.3.0.02 6.3.0.03 SQL Injection Accenture Klára Szabó CREST Bridge Information Bulletin 39 (not public) CVE-2020-26255 9.1 Kirby Kirby CMS <=2.5.13, 3.0.0-3.4.4 2.5.14, 3.4.5 Remote Code Execution Context IS Thore Imhof https://github.com/getkirby/kirby/security/advisories/GHSA-g3h8-cg9x-47qw CVE-2021-2077 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 Open Redirect Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2078 8.2 Oracle E-Business Suite 12.1, 12.2 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2079 8.2 Oracle E-Business Suite 12.1, 12.2 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2080 8.2 Oracle E-Business Suite 12.1, 12.2 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2082 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2083 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2084 8.2 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2085 8.2 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2089 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 Unsafe Event Names Blacklist Bypass Accenture Esteban Morales Montes https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2090 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2091 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2092 8.2 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2093 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2094 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2096 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2097 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2098 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2099 8.2 Oracle E-Business Suite 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2100 9.1 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 SQL Injection Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2101 9.1 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 SQL Injection Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2102 8.2 Oracle E-Business Suite 11.5.10, 12.1, 12.2 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2103 8.2 Oracle E-Business Suite 11.5.10, 12.1, 12.2 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2104 8.2 Oracle E-Business Suite 11.5.10, 12.1, 12.2 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2105 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2106 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2107 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2114 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2115 7.6 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 stored XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2118 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS CVE-2021-2155 4.3 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 Stored XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS CVE-2021-2182 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS CVE-2021-2183 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS CVE-2021-2184 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS CVE-2021-2185 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS CVE-2021-2186 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS CVE-2021-2187 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS CVE-2021-2188 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS CVE-2021-2189 7.5 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 DoS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS CVE-2021-2190 7.5 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 DoS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS CVE-2021-2195 8.2 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS CVE-2021-2198 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS CVE-2021-2150 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS CVE-2021-2199 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS CVE-2021-2200 9.1 Oracle E-Business Suite 12.2.10 CPU April 2021 SQL Injection Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS CVE-2021-2181 7.6 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.10 CPU April 2021 Stored XSS Accenture Esteban Montes Morales https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS CVE-2021-2197 8.1 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Torben Capiau https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS CVE-2021-2205 9.1 Oracle E-Business Suite 12.2.7-12.2.10 CPU April 2021 SQL Injection Accenture Martin Neumann https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS CVE-2021-2206 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Martin Neumann https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS CVE-2021-2209 8.5 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 Stored XSS Accenture Martin Neumann https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS CVE-2021-2210 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Martin Neumann https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS CVE-2021-2359 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU July 2021 XSS Accenture Martin Neumann https://www.oracle.com/security-alerts/cpujul2021.html#AppendixEBS CVE-2021-2436 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU July 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2021.html#AppendixEBS CVE-2021-25649 4.9 Avaya Avaya Aura Utility Services 7.x No fix, End of Manufacturer Support Information disclosure FusionX Shelby Spencer and Gerardo Iglesias-Galvan N/A CVE-2021-25650 7.7 Avaya Avaya Aura Utility Services 7.x No fix, End of Manufacturer Support Privilege escalation FusionX Shelby Spencer and Gerardo Iglesias-Galvan N/A CVE-2021-25651 8.0 Avaya Avaya Aura Utility Services 7.x No fix, End of Manufacturer Support Privilege escalation FusionX Shelby Spencer and Gerardo Iglesias-Galvan N/A CVE-2021-25652 4.9 Avaya Avaya Aura Appliance Virtualization Platform Utilities (AVPU) 8.0.0.0 through 8.1.3.1 8.1.3.2 Information disclosure FusionX Shelby Spencer and Gerardo Iglesias-Galvan https://downloads.avaya.com/css/P8/documents/101076479 CVE-2021-25653 8.0 Avaya Avaya Aura Appliance Virtualization Platform Utilities (AVPU) 8.0.0.0 through 8.1.3.1 8.1.3.2 Privilege escalation FusionX Shelby Spencer and Gerardo Iglesias-Galvan https://downloads.avaya.com/css/P8/documents/101076479 CVE-2021-25654 6.2 Avaya Avaya Aura Device Services 7.0 through 8.1.4.0 8.1.4.1 Arbitrary code execution FusionX Shelby Spencer and Gerardo Iglesias-Galvan https://downloads.avaya.com/css/P8/documents/101076523 CVE-2021-31927 4.3 Annex Cloud Loyalty Experience Platform <2021.1.0.1 2021.1.0.2 IDOR Accenture Guillermo Alvarez https://www.annexcloud.com/responsible-disclosure CVE-2021-31928 8.8 Annex Cloud Loyalty Experience Platform <2021.1.0.1 2021.1.0.2 Privilege Escalation Accenture Guillermo Alvarez https://www.annexcloud.com/responsible-disclosure CVE-2021-31929 4.3 Annex Cloud Loyalty Experience Platform <2021.1.0.1 2021.1.0.2 Improper Access Control Accenture Guillermo Alvarez https://www.annexcloud.com/responsible-disclosure CVE-2021-33031 3.1 LABCUP LTD. Labcup <v2_next_18022 v2_next_18032 Improper Access Control Accenture Alberto Chica Nunez N/A CVE-2021-34483 7.8 Microsoft Windows 7/8.1/10, Server 2008/2012/2016/2019 Windows Print Spooler Elevation of Privilege Vulnerability FusionX Victor Mata https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34483 CVE-2021-35580 6.1 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.10 CPU October 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2021.html#AppendixEBS CVE-2021-35581 4.7 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.10 CPU October 2021 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2021.html#AppendixEBS CVE-2021-35582 6.5 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.10 CPU October 2021 CSV Injection Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2021.html#AppendixEBS CVE-2021-36958 7.3 Microsoft Windows 7/8.1/10, Server 2008/2012/2016/2019 Windows Print Spooler Remote Code Execution Vulnerability FusionX Victor Mata https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958 CVE-2022-21251 7.5 Oracle E-Business Suite 12.2.3-12.2.11 CPU January 2022 Denial of Service Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2022.html#AppendixEBS CVE-2022-23706 6.1 Hewlett Packard Enterprise HPE OneView < 7 44697 Stored XSS Maglan Michael Musheev https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04278en_us CVE-2022-24450 8.8 Synadia Nats.io 2.x to 2.7.1 2.7.2 Unconstrained account assumption by authenticated clients Accenture Victor Mata, Gerardo Iglesias-Galvan https://advisories.nats.io/CVE/CVE-2022-24450.txt CVE-2022-26146 5.4 Tricentis qTest <10.4 10.4 Stored XSS Accenture Klara Szabo https://support-hub.tricentis.com/open?id=manual&lang=en&path=%2Fqtest%2F10400%2Fen%2Fcontent%2Fqtest_manager%2Frelease_notes%2Fonpremise_release_notes%2Fmanager_10.4.0_onpremise_release_notes.htm&product=qtest&sessionRotationTrigger=true&type=product_manual&version=10.4.2%20On%20Premise CVE-2022-26413 8.0 Zyxel VMG3312-T20A Firmware + others V530ABFX5C0 44663 OS Command Injection Accenture Martin Petráň https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml CVE-2022-26414 6.0 Zyxel VMG3312-T20A Firmware + others V530ABFX5C0 44663 Buffer Overflow Accenture Martin Petráň https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml CVE-2022-26971 5.3 Barco Barco Control Room Management Suite all versions before 3.14.1 44705 Unauthenticated license key update Accenture Murat Aydemir https://www.barco.com/en/support/knowledge-base/KB12681 CVE-2022-26972 6.1 Barco Barco Control Room Management Suite all versions before 3.14.1 44705 Reflected Cross Site Scripting (XSS) Accenture Murat Aydemir https://www.barco.com/en/support/knowledge-base/KB12677 CVE-2022-26973 5.3 Barco Barco Control Room Management Suite all versions before 3.14.1 44705 information disclosure of sensitive information Accenture Murat Aydemir https://www.barco.com/en/support/knowledge-base/KB12678 CVE-2022-26974 6.1 Barco Barco Control Room Management Suite all versions before 3.14.1 44705 Reflected Cross Site Scripting (XSS) Accenture Murat Aydemir https://www.barco.com/en/support/knowledge-base/KB12677 CVE-2022-26975 7.5 Barco Barco Control Room Management Suite all versions before 3.14.1 44705 Unauthenticated access to log files Accenture Murat Aydemir https://www.barco.com/en/support/knowledge-base/KB12677 CVE-2022-26976 5.4 Barco Barco Control Room Management Suite all versions before 3.14.1 44705 Stored Cross Site Scripting (XSS) Accenture Murat Aydemir https://www.barco.com/en/support/knowledge-base/KB12682 CVE-2022-26977 6.1 Barco Barco Control Room Management Suite all versions before 3.14.1 44705 Reflected Cross Site Scripting (XSS) Accenture Murat Aydemir https://www.barco.com/en/support/knowledge-base/KB12683 CVE-2022-26978 6.1 Barco Barco Control Room Management Suite all versions before 3.14.1 44705 Reflected Cross Site Scripting (XSS) Accenture Murat Aydemir https://www.barco.com/en/support/knowledge-base/KB12677 CVE-2022-28357 TBA Synadia Nats.io Nats Server: 2.2.0 up to and including 2.7.4 Nats Streaming Server: 0.15.0 up to and including 0.24.3 44669 Arbitrary file write from the privileged system account FusionX Victor Mata, Gerardo Iglesias-Galvan https://advisories.nats.io/CVE/CVE-2022-28357.txt CVE-2022-28616 9.8 Hewlett Packard Enterprise HPE OneView < 7 44697 Server-Side Request Forgery Maglan Michael Musheev https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04278en_us CVE-2022-28617 9.8 Hewlett Packard Enterprise HPE OneView < 7 44697 Security Restrictions Bypass Maglan Michael Musheev https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04278en_us CVE-2022-31321 TBA BoltCMS BoltCMS v5.7 and earlier Fix in development Arbitrary Directory Creation and Enumeration Accenture Pratheepan Karthikeyan CVE-2022-34530 TBA Backdrop CMS Backdrop CMS <=1.22.0 N/A Username enumeration Accenture Pratheepan Karthikeyan CVE-2022-35118 TBA PyroCMS PyroCMS 3.9 and earlier N/A Multiple Stored Cross Site Scripting (XSS) Accenture Pratheepan Karthikeyan

Related news

GHSA-vpjc-4jcv-jc29: NATS nats-server allows directory traversal via unintended path to a management action

NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account.

CVE-2022-28357: Releases · nats-io/nats-server

NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account.

CVE-2022-31321: Bolt | CheckoutOS & One-Click Checkout | Homepage | bolt.com

The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input.

Red Hat Security Advisory 2022-5531-01

Red Hat Security Advisory 2022-5531-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.1 General Availability release images, which fix security issues and bugs.

RHSA-2022:5531: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5.1 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.5.1 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24450: nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account

Red Hat Security Advisory 2022-5201-01

Red Hat Security Advisory 2022-5201-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.5 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which apply security fixes and fix several bugs. Issues addressed include a traversal vulnerability.

RHSA-2022:5201: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.5 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.5 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43565: golang.org/x/crypto: empty plaintext packet causes panic * CVE-2022-21803: nconf: Prototype pollution in memory store * CVE-2022-23806: golang: crypto/elliptic IsOnCurve returns true for invalid field elements * CVE-2022-24450: nats-server: misusing the "dynamically provisioned sand...

CVE-2022-28749: Security Bulletin

Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee. As a result, a threat actor in the Zooms waiting room can join the meeting without the consent of the host.

Red Hat Security Advisory 2022-4956-01

Red Hat Security Advisory 2022-4956-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include privilege escalation and traversal vulnerabilities.

RHSA-2022:4956: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5 security updates, images, and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.5.0 is now generally available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2021-43565: golang.org/x/crypto: empty plaintext packet causes panic * CVE-2021-43816: containerd: Unprivileged pod may bind mount any privileged regular file on disk * CVE-2021-43858: minio: user priv...

CVE-2022-26975: Knowledge base

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication.

CVE-2022-26973: Knowledge base

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details.

CVE-2022-26971: TransForm N Management Server - Product support

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication.

CVE-2022-22784: Security Bulletin

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of the current XMPP message context and create a new message context to have the receiving users client perform a variety of actions.This issue could be used in a more sophisticated attack to forge XMPP messages from the server.

CVE-2022-28617

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

Zyxel Releases Patch for Critical Firewall OS Command Injection Vulnerability

Zyxel has moved to address a critical security vulnerability affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution. "A command injection vulnerability in the CGI program of some firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device," the company said in an advisory

Zyxel Releases Patch for Critical Firewall OS Command Injection Vulnerability

Zyxel has moved to address a critical security vulnerability affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution. "A command injection vulnerability in the CGI program of some firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device," the company said in an advisory

CVE-2021-36338: DSA-2021-226: Dell EMC Unisphere for PowerMax, Dell EMC Unisphere for PowerMax vApp, Dell EMC Solutions Enabler vApp, Dell EMC Unisphere 360, Dell EMC VASA, and Dell EMC PowerMax EMB Mgmt Security Upd

Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338.

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2021-35576: Oracle Critical Patch Update Advisory - October 2021

Vulnerability in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Oracle Net to compromise Oracle Database Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Enterprise Edition Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).

CVE-2021-35576: Oracle Critical Patch Update Advisory - October 2021

Vulnerability in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Oracle Net to compromise Oracle Database Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Enterprise Edition Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).

CVE-2021-35576: Oracle Critical Patch Update Advisory - October 2021

Vulnerability in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Oracle Net to compromise Oracle Database Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Enterprise Edition Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).

CVE-2021-2369: Oracle Critical Patch Update Advisory - July 2021

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically i...

CVE-2021-2369: Oracle Critical Patch Update Advisory - July 2021

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically i...

CVE-2021-25654: ASA-2021-088

An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services.

CVE-2021-25652: ASA-2021-087

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU.

CVE-2021-2163: Oracle Critical Patch Update Advisory - April 2021

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV...

CVE-2021-2163: Oracle Critical Patch Update Advisory - April 2021

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV...

CVE-2021-2163: Oracle Critical Patch Update Advisory - April 2021

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV...

CVE-2021-2163: Oracle Critical Patch Update Advisory - April 2021

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV...

CVE-2021-2163: Oracle Critical Patch Update Advisory - April 2021

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV...

CVE-2021-2163: Oracle Critical Patch Update Advisory - April 2021

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV...

CVE-2021-2163: Oracle Critical Patch Update Advisory - April 2021

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV...

CVE-2021-2163: Oracle Critical Patch Update Advisory - April 2021

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV...

CVE-2021-2163: Oracle Critical Patch Update Advisory - April 2021

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV...

CVE-2021-2163: Oracle Critical Patch Update Advisory - April 2021

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV...

CVE-2021-2163: Oracle Critical Patch Update Advisory - April 2021

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV...

CVE-2021-2163: Oracle Critical Patch Update Advisory - April 2021

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV...

CVE-2021-2154: Oracle Critical Patch Update Advisory - April 2021

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2021-2163: Oracle Critical Patch Update Advisory - April 2021

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV...

CVE-2021-2163: Oracle Critical Patch Update Advisory - April 2021

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV...

CVE-2021-2163: Oracle Critical Patch Update Advisory - April 2021

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV...

CVE-2021-2163: Oracle Critical Patch Update Advisory - April 2021

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV...

CVE-2021-2163: Oracle Critical Patch Update Advisory - April 2021

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV...

CVE-2021-2163: Oracle Critical Patch Update Advisory - April 2021

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV...

CVE-2021-2163: Oracle Critical Patch Update Advisory - April 2021

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV...

CVE-2021-2163: Oracle Critical Patch Update Advisory - April 2021

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV...

CVE-2021-2163: Oracle Critical Patch Update Advisory - April 2021

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV...

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2020-14829: Oracle Critical Patch Update Advisory - October 2020

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2020-14829: Oracle Critical Patch Update Advisory - October 2020

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2020-2978: Oracle Critical Patch Update Advisory - July 2020

Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N).

CVE-2020-2978: Oracle Critical Patch Update Advisory - July 2020

Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N).

CVE-2020-2978: Oracle Critical Patch Update Advisory - July 2020

Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N).

CVE-2020-2978: Oracle Critical Patch Update Advisory - July 2020

Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N).

CVE-2020-2978: Oracle Critical Patch Update Advisory - July 2020

Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N).

CVE-2020-2978: Oracle Critical Patch Update Advisory - July 2020

Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N).

CVE-2020-2978: Oracle Critical Patch Update Advisory - July 2020

Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N).

CVE-2020-2978: Oracle Critical Patch Update Advisory - July 2020

Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N).

CVE-2020-2978: Oracle Critical Patch Update Advisory - July 2020

Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N).

CVE-2020-2978: Oracle Critical Patch Update Advisory - July 2020

Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N).

CVE-2020-2978: Oracle Critical Patch Update Advisory - July 2020

Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N).

CVE-2020-2978: Oracle Critical Patch Update Advisory - July 2020

Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N).

CVE-2020-2978: Oracle Critical Patch Update Advisory - July 2020

Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N).

CVE-2020-2956: Oracle Critical Patch Update Advisory - April 2020

Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).

CVE-2020-2956: Oracle Critical Patch Update Advisory - April 2020

Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).

CVE-2020-2956: Oracle Critical Patch Update Advisory - April 2020

Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).

CVE-2020-2956: Oracle Critical Patch Update Advisory - April 2020

Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).

CVE-2020-2548: Oracle Critical Patch Update Advisory - January 2020

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).

CVE-2020-2548: Oracle Critical Patch Update Advisory - January 2020

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).

CVE-2020-2548: Oracle Critical Patch Update Advisory - January 2020

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).

CVE-2020-2548: Oracle Critical Patch Update Advisory - January 2020

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).

CVE-2020-2548: Oracle Critical Patch Update Advisory - January 2020

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).

CVE-2020-2548: Oracle Critical Patch Update Advisory - January 2020

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).

CVE-2020-2548: Oracle Critical Patch Update Advisory - January 2020

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).

CVE-2020-2548: Oracle Critical Patch Update Advisory - January 2020

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).

CVE-2020-2548: Oracle Critical Patch Update Advisory - January 2020

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).

CVE-2020-2548: Oracle Critical Patch Update Advisory - January 2020

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).

CVE-2020-2548: Oracle Critical Patch Update Advisory - January 2020

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).

CVE-2020-2548: Oracle Critical Patch Update Advisory - January 2020

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).

CVE-2020-2548: Oracle Critical Patch Update Advisory - January 2020

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).

CVE-2020-2548: Oracle Critical Patch Update Advisory - January 2020

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).

CVE-2019-2999: Oracle Critical Patch Update Advisory - October 2019

Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Ja...

CVE-2019-9325: Android 10 Security Release Notes  |  Android Open Source Project

In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112001302

CVE-2019-2808: Oracle Critical Patch Update Advisory - July 2019

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2019-2628: Oracle Critical Patch Update Advisory - April 2019

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2019-2455: Oracle Critical Patch Update Advisory - January 2019

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVE-2018-3133: Oracle Critical Patch Update - October 2018

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVE-2018-3133: Oracle Critical Patch Update - October 2018

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVE-2018-3133: Oracle Critical Patch Update - October 2018

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVE-2018-3133: Oracle Critical Patch Update - October 2018

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVE-2018-6493: MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities

SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection.

CVE-2016-3471: Oracle Critical Patch Update - July 2016

Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.

CVE-2016-3471: Oracle Critical Patch Update - July 2016

Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907