| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-1600 | Hig | 0.54 | 8.3 | 0.00 | Jul 22, 2021 | Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are… | ||
| CVE-2021-29143 | Hig | 0.47 | 7.2 | 0.03 | Jul 22, 2021 | A remote execution of arbitrary commands vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): Aruba… | ||
| CVE-2021-22001 | Hig | 0.49 | 7.5 | 0.01 | Jul 22, 2021 | In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider( IdP) of type “oauth 1.0” was sent to UAA server. | ||
| CVE-2021-30110 | Hig | 0.49 | 7.5 | 0.02 | Jul 22, 2021 | dttray.exe in Greyware Automation Products Inc Domain Time II before 5.2.b.20210331 allows remote attackers to execute arbitrary code via a URL to a malicious update in a spoofed response to the UDP query used to check for updates. | ||
| CVE-2021-30486 | Hig | 0.57 | 8.8 | 0.01 | Jul 22, 2021 | SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp (GET computerID), AssetManagementChart.jsp (POST group1), AssetManagementList.jsp (GET computerID or group1), or AssetManagementSummary.jsp (GET group1). | ||
| CVE-2021-22523 | Hig | 0.49 | 7.6 | 0.01 | Jul 22, 2021 | XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user sessions. | ||
| CVE-2021-22522 | Hig | 0.46 | 7.1 | 0.01 | Jul 22, 2021 | Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream Host Integrator, affecting version version 7.8 Update 1 and earlier versions. The vulnerability could allow disclosure of confidential data. | ||
| CVE-2021-20596 | Hig | 0.49 | 7.5 | 0.02 | Jul 22, 2021 | NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a DoS condition in communication by sending… | ||
| CVE-2021-28131 | Hig | 0.49 | 7.5 | 0.03 | Jul 22, 2021 | Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed… | ||
| CVE-2021-36934 | Hig | 0.71 | 7.8 | 0.67 | KEV | Jul 22, 2021 | An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with… | |
| CVE-2021-1092 | Hig | 0.46 | 7.1 | 0.00 | Jul 22, 2021 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the NVIDIA Control Panel application where it is susceptible to a Windows file system symbolic link attack where an unprivileged attacker can cause the applications to overwrite privileged files, resulting in… | ||
| CVE-2021-1091 | Hig | 0.46 | 7.1 | 0.00 | Jul 22, 2021 | NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to modify, which could lead to data loss or denial of service. | ||
| CVE-2021-1090 | Hig | 0.46 | 7.1 | 0.00 | Jul 22, 2021 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for control calls where the software reads or writes to a buffer by using an index or pointer that references a memory location after the end of the buffer,… | ||
| CVE-2021-1089 | Hig | 0.51 | 7.8 | 0.00 | Jul 22, 2021 | NVIDIA GPU Display Driver for Windows contains a vulnerability in nvidia-smi where an uncontrolled DLL loading path may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. | ||
| CVE-2021-32775 | Hig | 0.50 | 7.7 | 0.01 | Jul 21, 2021 | Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.4, a non admin user can get access to many class/field values through GroupBy Dashlet error message. This issue is fixed in versions 2.7.4 and 3.0.0. | ||
| CVE-2021-32761 | Hig | 0.51 | 7.5 | 0.31 | Jul 21, 2021 | Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to… | ||
| CVE-2021-32756 | Hig | 0.57 | 8.8 | 0.02 | Jul 21, 2021 | ManageIQ is an open-source management platform. In versions prior to jansa-4, kasparov-2, and lasker-1, there is a flaw in the MiqExpression module of ManageIQ where a low privilege user could enter a crafted Ruby string which would be evaluated. Successful exploitation will… | ||
| CVE-2021-35482 | Hig | 0.51 | 7.8 | 0.00 | Jul 21, 2021 | An issue was discovered in Barco MirrorOp Windows Sender before 2.5.4.70. An attacker in the local network is able to achieve Remote Code Execution (with user privileges of the local user) on any device that tries to connect to a WePresent presentation system. | ||
| CVE-2021-34816 | Hig | 0.47 | 7.2 | 0.02 | Jul 21, 2021 | An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source. | ||
| CVE-2021-32745 | Hig | 0.47 | 7.3 | 0.01 | Jul 21, 2021 | Collabora Online is a collaborative online office suite. A reflected XSS vulnerability was found in Collabora Online prior to version 6.4.9-5. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the… | ||
| CVE-2020-19499 | Hig | 0.00 | 8.8 | 0.01 | Jul 21, 2021 | An issue was discovered in heif::Box_iref::get_references in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impact due to an invalid memory read. | ||
| CVE-2020-19498 | Hig | 0.00 | 8.8 | 0.01 | Jul 21, 2021 | Floating point exception in function Fraction in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impacts. | ||
| CVE-2020-19497 | Hig | 0.00 | 8.8 | 0.01 | Jul 21, 2021 | Integer overflow vulnerability in Mat_VarReadNextInfo5 in mat5.c in tbeu matio (aka MAT File I/O Library) 1.5.17, allows attackers to cause a Denial of Service or possibly other unspecified impacts. | ||
| CVE-2020-19492 | Hig | 0.00 | 7.8 | 0.01 | Jul 21, 2021 | There is a floating point exception in ReadImage that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact. | ||
| CVE-2020-19491 | Hig | 0.00 | 7.8 | 0.01 | Jul 21, 2021 | There is an invalid memory access bug in cgif.c that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact. | ||
| CVE-2021-21407 | Hig | 0.52 | 8.0 | 0.00 | Jul 21, 2021 | Combodo iTop is an open source, web based IT Service Management tool. Prior to version 2.7.4, the CSRF token validation can be bypassed through iTop portal via a tricky browser procedure. The vulnerability is patched in version 2.7.4 and 3.0.0. | ||
| CVE-2021-34619 | Hig | 0.57 | 8.8 | 0.01 | Jul 21, 2021 | The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file. | ||
| CVE-2021-2443 | Hig | 0.47 | 7.3 | 0.00 | Jul 21, 2021 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox… | ||
| CVE-2021-2436 | Hig | 0.53 | 8.2 | 0.01 | Jul 21, 2021 | Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network… | ||
| CVE-2021-2435 | Hig | 0.53 | 8.1 | 0.01 | Jul 21, 2021 | Vulnerability in the Essbase Analytic Provider Services product of Oracle Essbase (component: JAPI). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Analytic… | ||
| CVE-2021-2434 | Hig | 0.53 | 8.1 | 0.01 | Jul 21, 2021 | Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Application Service). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network… | ||
| CVE-2021-2433 | Hig | 0.49 | 7.5 | 0.02 | Jul 21, 2021 | Vulnerability in the Essbase Analytic Provider Services product of Oracle Essbase (component: Web Services). Supported versions that are affected are 11.1.2.4 and 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise… | ||
| CVE-2021-2431 | Hig | 0.49 | 7.5 | 0.01 | Jul 21, 2021 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise… | ||
| CVE-2021-2430 | Hig | 0.49 | 7.5 | 0.01 | Jul 21, 2021 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise… | ||
| CVE-2021-2428 | Hig | 0.53 | 8.1 | 0.02 | Jul 21, 2021 | Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3,… | ||
| CVE-2021-2423 | Hig | 0.49 | 7.5 | 0.01 | Jul 21, 2021 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise… | ||
| CVE-2021-2420 | Hig | 0.49 | 7.5 | 0.01 | Jul 21, 2021 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise… | ||
| CVE-2021-2419 | Hig | 0.49 | 7.5 | 0.01 | Jul 21, 2021 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise… | ||
| CVE-2021-2415 | Hig | 0.53 | 8.1 | 0.01 | Jul 21, 2021 | Vulnerability in the Oracle Time and Labor product of Oracle E-Business Suite (component: Timecard). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to… | ||
| CVE-2021-2409 | Hig | 0.53 | 8.2 | 0.01 | Jul 21, 2021 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox… | ||
| CVE-2021-2406 | Hig | 0.53 | 8.1 | 0.01 | Jul 21, 2021 | Vulnerability in the Oracle Collaborative Planning product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise… | ||
| CVE-2021-2405 | Hig | 0.53 | 8.1 | 0.01 | Jul 21, 2021 | Vulnerability in the Oracle Engineering product of Oracle E-Business Suite (component: Change Management). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle… | ||
| CVE-2021-2400 | Hig | 0.55 | 7.5 | 0.83 | Jul 21, 2021 | Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with… | ||
| CVE-2021-2398 | Hig | 0.53 | 8.1 | 0.01 | Jul 21, 2021 | Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Region Mapping). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access… | ||
| CVE-2021-2396 | Hig | 0.60 | 8.8 | 0.36 | Jul 21, 2021 | Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with… | ||
| CVE-2021-2395 | Hig | 0.53 | 8.1 | 0.01 | Jul 21, 2021 | Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: iCare, Configuration). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network… | ||
| CVE-2021-2393 | Hig | 0.53 | 8.1 | 0.01 | Jul 21, 2021 | Vulnerability in the Oracle E-Records product of Oracle E-Business Suite (component: E-signatures). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to… | ||
| CVE-2021-2392 | Hig | 0.57 | 8.8 | 0.03 | Jul 21, 2021 | Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with… | ||
| CVE-2021-2391 | Hig | 0.60 | 8.8 | 0.35 | Jul 21, 2021 | Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Scheduler). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via… | ||
| CVE-2021-2388 | Hig | 0.49 | 7.5 | 0.04 | Jul 21, 2021 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability… |
- risk 0.54cvss 8.3epss 0.00
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are…
- risk 0.47cvss 7.2epss 0.03
A remote execution of arbitrary commands vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): Aruba…
- risk 0.49cvss 7.5epss 0.01
In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider( IdP) of type “oauth 1.0” was sent to UAA server.
- risk 0.49cvss 7.5epss 0.02
dttray.exe in Greyware Automation Products Inc Domain Time II before 5.2.b.20210331 allows remote attackers to execute arbitrary code via a URL to a malicious update in a spoofed response to the UDP query used to check for updates.
- risk 0.57cvss 8.8epss 0.01
SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp (GET computerID), AssetManagementChart.jsp (POST group1), AssetManagementList.jsp (GET computerID or group1), or AssetManagementSummary.jsp (GET group1).
- risk 0.49cvss 7.6epss 0.01
XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user sessions.
- risk 0.46cvss 7.1epss 0.01
Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream Host Integrator, affecting version version 7.8 Update 1 and earlier versions. The vulnerability could allow disclosure of confidential data.
- risk 0.49cvss 7.5epss 0.02
NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a DoS condition in communication by sending…
- risk 0.49cvss 7.5epss 0.03
Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed…
- risk 0.71cvss 7.8epss 0.67
An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with…
- risk 0.46cvss 7.1epss 0.00
NVIDIA GPU Display Driver for Windows contains a vulnerability in the NVIDIA Control Panel application where it is susceptible to a Windows file system symbolic link attack where an unprivileged attacker can cause the applications to overwrite privileged files, resulting in…
- risk 0.46cvss 7.1epss 0.00
NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to modify, which could lead to data loss or denial of service.
- risk 0.46cvss 7.1epss 0.00
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for control calls where the software reads or writes to a buffer by using an index or pointer that references a memory location after the end of the buffer,…
- risk 0.51cvss 7.8epss 0.00
NVIDIA GPU Display Driver for Windows contains a vulnerability in nvidia-smi where an uncontrolled DLL loading path may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.
- risk 0.50cvss 7.7epss 0.01
Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.4, a non admin user can get access to many class/field values through GroupBy Dashlet error message. This issue is fixed in versions 2.7.4 and 3.0.0.
- risk 0.51cvss 7.5epss 0.31
Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to…
- risk 0.57cvss 8.8epss 0.02
ManageIQ is an open-source management platform. In versions prior to jansa-4, kasparov-2, and lasker-1, there is a flaw in the MiqExpression module of ManageIQ where a low privilege user could enter a crafted Ruby string which would be evaluated. Successful exploitation will…
- risk 0.51cvss 7.8epss 0.00
An issue was discovered in Barco MirrorOp Windows Sender before 2.5.4.70. An attacker in the local network is able to achieve Remote Code Execution (with user privileges of the local user) on any device that tries to connect to a WePresent presentation system.
- risk 0.47cvss 7.2epss 0.02
An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source.
- risk 0.47cvss 7.3epss 0.01
Collabora Online is a collaborative online office suite. A reflected XSS vulnerability was found in Collabora Online prior to version 6.4.9-5. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the…
- risk 0.00cvss 8.8epss 0.01
An issue was discovered in heif::Box_iref::get_references in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impact due to an invalid memory read.
- risk 0.00cvss 8.8epss 0.01
Floating point exception in function Fraction in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impacts.
- risk 0.00cvss 8.8epss 0.01
Integer overflow vulnerability in Mat_VarReadNextInfo5 in mat5.c in tbeu matio (aka MAT File I/O Library) 1.5.17, allows attackers to cause a Denial of Service or possibly other unspecified impacts.
- risk 0.00cvss 7.8epss 0.01
There is a floating point exception in ReadImage that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
- risk 0.00cvss 7.8epss 0.01
There is an invalid memory access bug in cgif.c that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
- risk 0.52cvss 8.0epss 0.00
Combodo iTop is an open source, web based IT Service Management tool. Prior to version 2.7.4, the CSRF token validation can be bypassed through iTop portal via a tricky browser procedure. The vulnerability is patched in version 2.7.4 and 3.0.0.
- risk 0.57cvss 8.8epss 0.01
The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file.
- risk 0.47cvss 7.3epss 0.00
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox…
- risk 0.53cvss 8.2epss 0.01
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network…
- risk 0.53cvss 8.1epss 0.01
Vulnerability in the Essbase Analytic Provider Services product of Oracle Essbase (component: JAPI). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Analytic…
- risk 0.53cvss 8.1epss 0.01
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Application Service). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network…
- risk 0.49cvss 7.5epss 0.02
Vulnerability in the Essbase Analytic Provider Services product of Oracle Essbase (component: Web Services). Supported versions that are affected are 11.1.2.4 and 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…
- risk 0.49cvss 7.5epss 0.01
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…
- risk 0.49cvss 7.5epss 0.01
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…
- risk 0.53cvss 8.1epss 0.02
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3,…
- risk 0.49cvss 7.5epss 0.01
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…
- risk 0.49cvss 7.5epss 0.01
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…
- risk 0.49cvss 7.5epss 0.01
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…
- risk 0.53cvss 8.1epss 0.01
Vulnerability in the Oracle Time and Labor product of Oracle E-Business Suite (component: Timecard). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to…
- risk 0.53cvss 8.2epss 0.01
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox…
- risk 0.53cvss 8.1epss 0.01
Vulnerability in the Oracle Collaborative Planning product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise…
- risk 0.53cvss 8.1epss 0.01
Vulnerability in the Oracle Engineering product of Oracle E-Business Suite (component: Change Management). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle…
- risk 0.55cvss 7.5epss 0.83
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with…
- risk 0.53cvss 8.1epss 0.01
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Region Mapping). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access…
- risk 0.60cvss 8.8epss 0.36
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with…
- risk 0.53cvss 8.1epss 0.01
Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: iCare, Configuration). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network…
- risk 0.53cvss 8.1epss 0.01
Vulnerability in the Oracle E-Records product of Oracle E-Business Suite (component: E-signatures). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to…
- risk 0.57cvss 8.8epss 0.03
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with…
- risk 0.60cvss 8.8epss 0.35
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Scheduler). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via…
- risk 0.49cvss 7.5epss 0.04
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability…