Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-4039 | 1 Zyxel | 2 Nwa1100-nh, Nwa1100-nh Firmware | 2022-04-28 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device. | |||||
| CVE-2022-21446 | 1 Oracle | 1 Solaris | 2022-04-28 | 6.4 MEDIUM | 8.2 HIGH |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N). | |||||
| CVE-2022-21464 | 1 Oracle | 1 Jd Edwards Enterpriseone Tools | 2022-04-28 | 6.4 MEDIUM | 8.2 HIGH |
| Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Business Logic Infra SEC). The supported version that is affected is Prior to 9.2.6.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools and unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H). | |||||
| CVE-2022-21442 | 1 Oracle | 1 Goldengate | 2022-04-28 | 4.6 MEDIUM | 8.8 HIGH |
| Vulnerability in Oracle GoldenGate (component: OGG Core Library). The supported version that is affected is Prior to 23.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle GoldenGate executes to compromise Oracle GoldenGate. While the vulnerability is in Oracle GoldenGate, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle GoldenGate. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2022-21445 | 1 Oracle | 1 Jdeveloper | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2022-28437 | 1 Baby Care System Project | 1 Baby Care System | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=type&userrole=Admin&userid=3. | |||||
| CVE-2022-28022 | 1 Purchase Order Management System Project | 1 Purchase Order Management System | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_item. | |||||
| CVE-2022-27862 | 1 Vikwp | 1 Vikbooking Hotel Booking Engine \& Property Management System Plugin | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form. | |||||
| CVE-2022-27863 | 1 Vikwp | 1 Vikbooking Hotel Booking Engine \& Property Management System Plugin | 2022-04-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests. | |||||
| CVE-2022-28222 | 1 Cleantalk | 1 Antispam | 2022-04-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in`/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php` | |||||
| CVE-2022-28221 | 1 Cleantalk | 1 Antispam | 2022-04-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in`/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Comments.php` | |||||
| CVE-2022-1385 | 1 Mattermost | 1 Mattermost Server | 2022-04-27 | 5.8 MEDIUM | 4.6 MEDIUM |
| Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels. | |||||
| CVE-2022-21458 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2022-04-27 | 5.8 MEDIUM | 6.1 MEDIUM |
| Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Navigation Pages, Portal, Query). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2022-21456 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2022-04-27 | 5.8 MEDIUM | 6.1 MEDIUM |
| Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Navigation Pages, Portal, Query). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2022-21441 | 1 Oracle | 1 Weblogic Server | 2022-04-27 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3/IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2022-1162 | 1 Gitlab | 1 Gitlab | 2022-04-27 | 7.5 HIGH | 9.8 CRITICAL |
| A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts | |||||
| CVE-2021-45868 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2022-04-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. | |||||
| CVE-2022-21461 | 1 Oracle | 1 Solaris | 2022-04-27 | 2.1 LOW | 5.5 MEDIUM |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Solaris accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2022-27836 | 1 Google | 1 Android | 2022-04-27 | 7.2 HIGH | 7.8 HIGH |
| Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary files access. | |||||
| CVE-2022-28108 | 1 Selenium | 1 Selenium Grid | 2022-04-27 | 9.3 HIGH | 8.8 HIGH |
| Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain. | |||||
| CVE-2022-21463 | 1 Oracle | 1 Solaris | 2022-04-27 | 2.1 LOW | 5.5 MEDIUM |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2020-26524 | 1 Filecloud | 1 Filecloud | 2022-04-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| CodeLathe FileCloud before 20.2.0.11915 allows username enumeration. | |||||
| CVE-2020-26870 | 4 Cure53, Debian, Microsoft and 1 more | 5 Dompurify, Debian Linux, Visual Studio 2017 and 2 more | 2022-04-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements. | |||||
| CVE-2022-27055 | 1 Ecjia | 1 Daojia | 2022-04-27 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content/apps/installer/classes/Helper.php. When the web program is installed, a new environment file is created, and the database information is recorded, including the database record password. NOTE: the vendor disputes this because the environment file is in the data directory, which is not intended for access by website visitors (only the statics directory can be accessed by website visitors). | |||||
| CVE-2020-26088 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2022-04-27 | 2.1 LOW | 5.5 MEDIUM |
| A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. | |||||
| CVE-2022-23347 | 1 Bigantsoft | 1 Bigant Server | 2022-04-27 | 5.0 MEDIUM | 7.5 HIGH |
| BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks. | |||||
| CVE-2022-23346 | 1 Bigantsoft | 1 Bigant Server | 2022-04-27 | 6.5 MEDIUM | 8.8 HIGH |
| BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. | |||||
| CVE-2022-24825 | 1 Stripe | 1 Smokescreen | 2022-04-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Smokescreen is a simple HTTP proxy that fogs over naughty URLs. The primary use case for Smokescreen is to prevent server-side request forgery (SSRF) attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional (e.g., external) URLs by way of a deny list. There was an issue in Smokescreen that made it possible to bypass the deny list feature by appending a dot to the end of user-supplied URLs, or by providing input in a different letter case. Recommended to upgrade Smokescreen to version 0.0.3 or later. | |||||
| CVE-2022-23352 | 1 Bigantsoft | 1 Bigant Server | 2022-04-27 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS). | |||||
| CVE-2022-23350 | 1 Bigantsoft | 1 Bigant Server | 2022-04-27 | 3.5 LOW | 5.4 MEDIUM |
| BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-23349 | 1 Bigantsoft | 1 Bigant Server | 2022-04-27 | 6.8 MEDIUM | 8.8 HIGH |
| BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF). | |||||
| CVE-2022-23348 | 1 Bigantsoft | 1 Bigant Server | 2022-04-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes. | |||||
| CVE-2021-23283 | 1 Eaton | 1 Intelligent Power Protector | 2022-04-27 | 3.5 LOW | 5.4 MEDIUM |
| Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software. | |||||
| CVE-2021-26625 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2022-04-27 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient Verification of input Data leading to arbitrary file download and execute was discovered in Nexacro platform. This vulnerability is caused by an automatic update function that does not verify input data except version information. Remote attackers can use this incomplete validation logic to download and execute arbitrary malicious file. | |||||
| CVE-2022-24231 | 1 Simple Student Information System Project | 1 Simple Student Information System | 2022-04-27 | 10.0 HIGH | 9.8 CRITICAL |
| Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student. | |||||
| CVE-2022-21431 | 1 Oracle | 1 Communications Billing And Revenue Management | 2022-04-27 | 7.5 HIGH | 10.0 CRITICAL |
| Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.4 and 12.0.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2021-26627 | 1 Qcp | 2 Qcp200w, Qcp200w Firmware | 2022-04-27 | 5.0 MEDIUM | 7.5 HIGH |
| Real-time image information exposure is caused by insufficient authentication for activated RTSP port. This vulnerability could allow to remote attackers to send the RTSP requests using ffplay command and lead to leakage a live image. | |||||
| CVE-2022-27435 | 1 Ecommerce-website Project | 1 Ecommerce-website | 2022-04-27 | 6.5 MEDIUM | 8.8 HIGH |
| An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component. | |||||
| CVE-2022-21430 | 1 Oracle | 1 Communications Billing And Revenue Management | 2022-04-27 | 6.0 MEDIUM | 8.5 HIGH |
| Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.4 and 12.0.0.5. Difficult to exploit vulnerability allows low privileged attacker with network access via TCP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2021-26626 | 2 Microsoft, Tobesoft | 2 Windows, Xplatform | 2022-04-27 | 5.1 MEDIUM | 8.8 HIGH |
| Improper input validation vulnerability in XPLATFORM's execBrowser method can cause execute arbitrary commands. IF the second parameter value of the execBrowser function is ‘default’, the first parameter value could be passed to the ShellExecuteW API. The passed parameter is an arbitrary code to be executed. Remote attackers can use this vulnerability to execute arbitrary remote code. | |||||
| CVE-2022-21424 | 1 Oracle | 1 Communications Billing And Revenue Management | 2022-04-27 | 6.5 MEDIUM | 8.3 HIGH |
| Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). The supported version that is affected is 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with network access via TCP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Billing and Revenue Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Billing and Revenue Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L). | |||||
| CVE-2022-21422 | 1 Oracle | 1 Communications Billing And Revenue Management | 2022-04-27 | 6.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.4 and 12.0.0.5. Difficult to exploit vulnerability allows low privileged attacker with network access via TCP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2022-29315 | 1 Invicti | 1 Acunetix | 2022-04-27 | 9.3 HIGH | 8.8 HIGH |
| Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used. | |||||
| CVE-2022-21421 | 1 Oracle | 1 Business Intelligence | 2022-04-27 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 5.9.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2022-21420 | 1 Oracle | 1 Coherence | 2022-04-27 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2022-21419 | 1 Oracle | 1 Business Intelligence | 2022-04-27 | 5.8 MEDIUM | 6.1 MEDIUM |
| Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). Supported versions that are affected are 5.5.0.0.0 and 5.9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2022-21416 | 1 Oracle | 1 Solaris | 2022-04-27 | 1.9 LOW | 5.0 MEDIUM |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data. CVSS 3.1 Base Score 5.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N). | |||||
| CVE-2022-27816 | 1 Swhkd Project | 1 Swhkd | 2022-04-27 | 3.3 LOW | 7.1 HIGH |
| SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service. | |||||
| CVE-2022-21411 | 1 Oracle | 1 Database | 2022-04-27 | 5.5 MEDIUM | 5.4 MEDIUM |
| Vulnerability in the RDBMS Gateway / Generic ODBC Connectivity component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise RDBMS Gateway / Generic ODBC Connectivity. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Gateway / Generic ODBC Connectivity accessible data as well as unauthorized read access to a subset of RDBMS Gateway / Generic ODBC Connectivity accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). | |||||
| CVE-2022-21410 | 1 Oracle | 1 Database | 2022-04-27 | 6.5 MEDIUM | 7.2 HIGH |
| Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Sharding. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Sharding. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | |||||