Skip to content

Latest commit

 

History

History
344 lines (331 loc) · 67.4 KB

AARO-CVE-List.md

File metadata and controls

344 lines (331 loc) · 67.4 KB
Raw

Note: Older vulnerabilities don't have CVSS3.1 score generated, so CVSS2 was used instead.

CVE ID CVSS3.1 score Vendor Software Affected version(s) Fixed in Vulnerability Company Reporter Attribution link
CVE-2001-0710 5.0 NetBSD, FreeBSD NetBSD, FreeBSD NetBSD 1.5 and earlier, FreeBSD 4.3 and earlier 37005 Denial of Service FusionX James Thomas ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-006.txt.asc
CVE-2012-0160 10.0 Microsoft .Net Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 ms12-035 .NET Framework Serialization Vulnerability Context IS James Forshaw https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-035
CVE-2012-0161 10.0 Microsoft .Net Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 ms12-035 .NET Framework Serialization Vulnerability Context IS James Forshaw https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-035
CVE-2014-3524 10.0 LibreOffice Calc <4.3.1 and <4.2.6 4.3.1 and 4.2.6 Command injection when loading Calc spreadsheets under Windows Context IS James Kettle, Rohan Durve https://blog.documentfoundation.org/blog/2014/08/28/libreoffice-4-3-1-fresh-announced/
CVE-2016-1801 7.5 Apple iOS/MacOS iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 iOS 9.3.2, OS X 10.11.5, and tvOS 9.2.1 Information disclosure vulnerability in Proxy Auto-Config Context IS Paul Stone, Alex Chapman https://lists.apple.com/archives/security-announce/2016/May/msg00001.html
CVE-2016-3535 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3 CPU July 2016 XSS Accenture Martin Petráň https://www.oracle.com/security-alerts/cpujul2016.html#AppendixEBS
CVE-2016-3536 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3 CPU July 2016 XSS Accenture Martin Petráň https://www.oracle.com/security-alerts/cpujul2016.html#AppendixEBS
CVE-2016-3763 3.3 Google Android Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 Android 4.4.4, 5.0.2, 5.1.1, and 6.x 2016-07-01 Information disclosure vulnerability in Proxy Auto-Config Context IS Paul Stone, Alex Chapman https://source.android.com/security/bulletin/2016-07-01
CVE-2016-5134 8.8 Google Chrome <52.0.2743.82 52.0.2743.82 URL leakage via PAC script Context IS Paul Stone, Alex Chapman https://chromereleases.googleblog.com/2016/07/stable-channel-update.html
CVE-2016-7086 7.8 Vmware Vmware Workstation Pro + Player <12.5.0 12.5.0 Local privileges escalation in VMware installer Context IS Adam Bridge https://www.vmware.com/security/advisories/VMSA-2016-0014.html
CVE-2016-7742 7.8 Apple MacOS <10.12.2 10.12.2 Opening a maliciously crafted archive may lead to arbitrary code execution Context IS Gareth Evans https://support.apple.com/HT207423
CVE-2016-7988 7.5 Samsung Android KK(4.4), L(5.0/5.1), and M(6.0) SMR-AUG-2016 No Permissions on SET_WIFI Broadcast receiver Context IS Tom Court https://security.samsungmobile.com/securityUpdate.smsb
CVE-2016-7989 7.5 Samsung Android KK(4.4), L(5.0/5.1), and M(6.0) SMR-AUG-2016 Unhandled ArrayIndexOutOfBounds exception in Android Runtime Context IS Tom Court https://security.samsungmobile.com/securityUpdate.smsb
CVE-2016-7990 9.8 Samsung Android KK(4.4), L(5.0/5.1), and M(6.0) SMR-DEC-2016 Integer overflow in libomacp.so Context IS Tom Court https://security.samsungmobile.com/securityUpdate.smsb
CVE-2016-7991 7.5 Samsung Android KK(4.4), L(5.0/5.1), and M(6.0) SMR-DEC-2016 omacp app ignores security fields in OMA CP message Context IS Tom Court https://security.samsungmobile.com/securityUpdate.smsb
CVE-2017-5384 5.9 Mozilla Firefox <51 51 Information disclosure via Proxy Auto-Config (PAC) Context IS Paul Stone, Alex Chapman https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/
CVE-2017-5669 7.8 Linux < v4.17-rc7 v4.17-rc7 Shmat syscall allows null-page protection bypass Context IS Gareth Evans https://bugzilla.kernel.org/show_bug.cgi?id=192931
CVE-2017-8419 7.8 LAME Lame 3.99.5 MP3 <v3.100 v3.100 Multiple stack and heap corruptions from malicious file Context IS Gareth Evans https://sourceforge.net/p/lame/bugs/458/
CVE-2017-9377 8.8 Barco ClickShare Base Units <v1.7.0.3 v1.7.0.3 Command Injection Vulnerability on ClickShare Base Units Context IS Claudio Moletta https://www.barco.com/en/Support/software/R33050037
CVE-2018-3242 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 CPU October 2018 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2018.html#AppendixEBS
CVE-2018-3243 8.2 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 CPU October 2018 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2018.html#AppendixEBS
CVE-2018-3253 8.5 Oracle Virtual Directory 11.1.1.7.0-11.1.1.9.0 CPU October 2018 Read Domain User Password Hashes Accenture Jason Lang https://www.oracle.com/security-alerts/cpuoct2018.html
CVE-2018-3256 4.9 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 CPU October 2018 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2018.html#AppendixEBS
CVE-2018-6492 6.1 MicroFocus HP Network Automation v10.0x, v10.1x, v10.2x, v10.3x, v10.4x, v10.5x MFSBGN03806 Cross-Site Scripting (XSS) Context IS Tilman Bender, Dennis Herrmann and Bastian Kanbach https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014
CVE-2018-6493 8.8 MicroFocus HP Network Automation v10.0x, v10.1x, v10.2x, v10.3x, v10.4x, v10.5x MFSBGN03806 SQL Injection Context IS Tilman Bender, Dennis Herrmann and Bastian Kanbach https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014
CVE-2018-8150 6.5 Microsoft Office Outlook Microsoft Office 2016 Click-to-Run (C2R) 8.5.2018 Security Feature Bypass Atanas Kirilov https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8150
CVE-2018-12939 6.5 steinm SeedDMS <5.1.8 5.1.8 Directory Traversal Context IS Dennis Herrmann and Malte Poll https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG
CVE-2018-12940 8.8 steinm SeedDMS <5.1.8 5.1.8 Unrestricted File Upload Context IS Dennis Herrmann and Malte Poll https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG
CVE-2018-12941 8.8 steinm SeedDMS <5.1.8 5.1.8 Remote Code Execution Context IS Dennis Herrmann and Malte Poll https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG
CVE-2018-12942 8.8 steinm SeedDMS <5.1.8 5.1.8 SQL Injection Context IS Dennis Herrmann and Malte Poll https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG
CVE-2018-12943 6.1 steinm SeedDMS <5.1.8 5.1.8 Cross Site Scripting (XSS) Context IS Dennis Herrmann and Malte Poll https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG
CVE-2018-12944 6.1 steinm SeedDMS <5.1.8 5.1.8 Persistent Cross-Site Scripting (XSS) Context IS Dennis Herrmann and Malte Poll https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG
CVE-2018-15510 6.1 Totemo Totemomail 6.0.0 < 6.0 to build 578 6.0 to build 578 Cross-Site Scripting Context IS Michael Skiba, Andre Waldhoff, Carsten Sandker https://www.contextis.com/en/resources/advisories/cve-2018-15510
CVE-2018-15511 6.1 Totemo Totemomail 6.0.0 < 6.0 to build 578 6.0 to build 578 Cross-Site Scripting Context IS Michael Skiba, Andre Waldhoff, Carsten Sandker https://www.contextis.com/en/resources/advisories/cve-2018-15511
CVE-2018-15512 6.1 Totemo Totemomail 6.0.0 < 6.0 to build 578 6.0 to build 578 Cross-Site Scripting Context IS Michael Skiba, Andre Waldhoff, Carsten Sandker https://www.contextis.com/en/resources/advisories/cve-2018-15512
CVE-2018-15513 5.3 Totemo Totemomail 6.0.0 < 6.0 to build 578 6.0 to build 578 Privilege Escalation Context IS Michael Skiba, Andre Waldhoff, Carsten Sandker https://www.contextis.com/en/resources/advisories/cve-2018-15513
CVE-2018-18379 6.1 Elementor Elementor LTD < 2.0.10 2.0.10 Cross Site Scripting (XSS) Context IS Christopher Vella https://www.contextis.com/en/resources/advisories/cve-2018-18379
CVE-2018-18589 8.0 Microfocus Real User Monitoring (RUM) 9.26IP, 9.30, 9.40 and 9.50 Java Deserialization Input Validation iDefense, Accenture Deapesh Misra https://upport.microfocus.com/kb/kmdoc.php?id=KM03272900
CVE-2019-2400 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS
CVE-2019-2445 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS
CVE-2019-2447 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS
CVE-2019-2470 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS
CVE-2019-2485 4.7 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS
CVE-2019-2491 4.7 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS
CVE-2019-2492 4.7 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS
CVE-2019-2496 4.7 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 Content Spoofing Accenture Andrej Šimko, Deapesh Misra https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS
CVE-2019-2497 8.2 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS
CVE-2019-2551 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2600 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2603 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2604 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2622 4.7 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 Open Redirect Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2639 8.2 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2640 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2641 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2642 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2643 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2651 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2652 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2653 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2654 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2660 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2661 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2662 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2663 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2664 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2665 8.2 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2666 8.2 Oracle E-Business Suite 12.1.1 - 12.1.3, 12.2.3 - 12.2.8 CPU July 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2019.html#AppendixEBS
CVE-2019-2668 8.2 Oracle E-Business Suite 12.1.1 - 12.1.3, 12.2.3 - 12.2.8 CPU July 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2019.html#AppendixEBS
CVE-2019-2669 4.7 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2670 4.7 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2671 8.2 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2672 8.2 Oracle E-Business Suite 12.1.1 - 12.1.3, 12.2.3 - 12.2.8 CPU July 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2019.html#AppendixEBS
CVE-2019-2673 4.7 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2674 4.7 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2675 8.2 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2676 4.7 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2677 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2837 8.2 Oracle E-Business Suite 12.1.3, 12.2.3 - 12.2.8 CPU July 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2019.html#AppendixEBS
CVE-2019-2930 4.7 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.8 CPU October 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS
CVE-2019-2990 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU October 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS
CVE-2019-2994 8.2 Oracle E-Business Suite 12.1.1-12.1.3 CPU October 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS
CVE-2019-2995 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU October 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS
CVE-2019-3000 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU October 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS
CVE-2019-3022 5.8 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU October 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS
CVE-2019-3024 4.7 Oracle E-Business Suite 12.2.3-12.2.9 CPU October 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS
CVE-2019-6113 7.5 Onkyo Onkyo TX-NR686 1030-5000-1040-0010 N/A Directory Traversal Context IS Michael Skiba https://www.contextis.com/en/resources/advisories/cve-2019-6113
CVE-2019-9268 5.5 Google Android lmp-mr1, mnc, mnc-mr1, mnc-mr2, nyc, nyc-mr1, nyc-mr2, oc Android 10 Security Release Notes Improper Locking Deja vu Christopher Dombroski https://source.android.com/security/overview/release-acknowledgements
CVE-2019-15746 9.8 BMLV Stammportal SITOS Six <= Build v6.2.1 N/A PHP Command Injection Context IS Dennis Herrmann and Andre Waldhoff https://www.contextis.com/en/resources/advisories/cve-2019-15746
CVE-2019-15747 8.8 BMLV Stammportal SITOS Six <= Build v6.2.1 N/A Privilege Escalation via Client-Side-Source Manipulation Context IS Dennis Herrmann and Andre Waldhoff https://www.contextis.com/en/resources/advisories/cve-2019-15747
CVE-2019-15748 9.8 BMLV Stammportal SITOS Six <= Build v6.2.1 N/A Authorisation Bypass Context IS Dennis Herrmann and Andre Waldhoff https://www.contextis.com/en/resources/advisories/cve-2019-15748
CVE-2019-15749 6.5 BMLV Stammportal SITOS Six <= Build v6.2.1 N/A Account Takeover Context IS Dennis Herrmann and Andre Waldhoff https://www.contextis.com/en/resources/advisories/cve-2019-15749
CVE-2019-15750 6.1 BMLV Stammportal SITOS Six <= Build v6.2.1 N/A Cross-Site-Scripting - Non-Persistent Context IS Dennis Herrmann and Andre Waldhoff https://www.contextis.com/en/resources/advisories/cve-2019-15750
CVE-2019-15751 9.8 BMLV Stammportal SITOS Six <= Build v6.2.1 N/A Unrestricted File Upload via SCORM File Context IS Dennis Herrmann and Andre Waldhoff https://www.contextis.com/en/resources/advisories/cve-2019-15751
CVE-2020-1030 7.8 Microsoft Windows 7/8.1/10, Server 2008/2012/2016/2019 KB(4570333, 4571756, 4574727, 4577015, 4577032, 4577038, 4577041, 4577048, 4577049, 4577051, 4577053, 4577064, 4577066, 4577070, 4577071) Elevation of Privilege Vulnerability FusionX Victor Mata https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1030#ID0EWIAC
CVE-2020-1062 7.5 Microsoft Internet Explorer 9 through 11 11 Internet Explorer Memory Corruption Vulnerability iDefense Rohit Mothe https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1062
CVE-2020-2582 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2596 4.7 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU January 2020 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2597 4.7 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2657 4.7 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU January 2020 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2658 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2661 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2662 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2665 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2667 4.7 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2668 4.7 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2669 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2670 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2671 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2672 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2794 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU April 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixEBS
CVE-2020-2796 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU April 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixEBS
CVE-2020-2813 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU April 2020 XSS Accenture Esteban Morales Montes https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixEBS
CVE-2020-2810 4.7 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU April 2020 Open Redirect Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixEBS
CVE-2020-3369 8.6 CISCO SD-WAN vEdge router 19.2.0, 19.2.097, 19.2.098, 19.2.1 19.2.2, 20.1.1 DoS Maglan Gil Fidel https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fpdos-hORBfd9f
CVE-2020-3385 7.4 CISCO SD-WAN vEdge router SD-WAN vEdge 5000 Series Routers, SD-WAN vEdge Cloud Routers 18.4.5, 19.2.3, 20.1.1 DoS Maglan Gil Fidel https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vedgfpdos-PkqQrnwV
CVE-2020-5825 5.5 Symantec SEP Prior to 14.2 RU2 MP1 (14.2.5569.2100) Upgrade to 14.2 RU2 MP1 (14.2.5569.2100) arbitrary file write vulnerability FusionX Bryan Alexander https://support.broadcom.com/security-advisory/content/0/0/SYMSA1505
https://www.accenture.com/us-en/blogs/cyber-defense/exploiting-arbitrary-file-move-in-symantec-endpoint-protection
CVE-2020-9767 7.8 Zoom Video Communications, Inc Zoom Client for Windows where the Zoom Sharing Service is installed < 5.0.4 5.0.4 Zoom Sharing Service Local Privilege Escalation Context IS Connor Scott https://support.zoom.us/hc/en-us/articles/360044350792-Security-CVE-2020-9767
CVE-2020-13133 6.1 Tufin SecureChange <R19.3 HF3 + <R20.1 HF1 R19.3 HF3 + R20.1 HF1 Stored XSS Accenture Andrej Šimko https://portal.tufin.com/aspx/SecurityAdvisories
CVE-2020-13134 4.8 Tufin SecureChange <R19.3 HF3 + <R20.1 HF1 R19.3 HF3 + R20.1 HF1 Stored XSS Accenture Andrej Šimko https://portal.tufin.com/aspx/SecurityAdvisories
CVE-2020-13407 6.8 Tufin SecureTrack <R20-2 GA R20-2 GA Stored XSS Accenture Andrej Šimko https://portal.tufin.com/aspx/SecurityAdvisories
CVE-2020-13408 6.8 Tufin SecureTrack <R20-2 GA R20-2 GA Stored XSS Accenture Andrej Šimko https://portal.tufin.com/aspx/SecurityAdvisories
CVE-2020-13409 6.8 Tufin SecureTrack <R20-2 GA R20-2 GA Stored XSS Accenture Andrej Šimko https://portal.tufin.com/aspx/SecurityAdvisories
CVE-2020-13418 6.1 OpenIAM OpenIAM 4.1.8 (and possibly other versions in 4.1.x) 4.2.0.3 XSS Accenture Marek Klon http://docs.openiam.com/docs-4.2.0/changelog/1-Release-4.2.0
CVE-2020-13419 5.3 OpenIAM OpenIAM 4.1.8 (and possibly other versions in 4.1.x) 4.2.0.3 Path Traversal Accenture Marek Klon http://docs.openiam.com/docs-4.2.0/changelog/1-Release-4.2.0
CVE-2020-13420 9.8 OpenIAM OpenIAM 4.1.8 (and possibly other versions in 4.1.x) 4.2.0.3 Remote Code Execution Through Groovy Script Accenture Marek Klon http://docs.openiam.com/docs-4.2.0/changelog/1-Release-4.2.0
CVE-2020-13421 9.8 OpenIAM OpenIAM 4.1.8 (and possibly other versions in 4.1.x) 4.2.0.3 Missing role segregation Accenture Marek Klon http://docs.openiam.com/docs-4.2.0/changelog/1-Release-4.2.0
CVE-2020-13422 8.1 OpenIAM OpenIAM 4.1.8 (and possibly other versions in 4.1.x) 4.2.0.3 Privilege escalation Accenture Marek Klon http://docs.openiam.com/docs-4.2.0/changelog/1-Release-4.2.0
CVE-2020-13460 6.3 Tufin SecureTrack <R20-2 GA R20-2 GA CSRF Accenture Andrej Šimko https://portal.tufin.com/aspx/SecurityAdvisories
CVE-2020-13461 4.3 Tufin SecureTrack Not planned to be resolved N/A Username enumeration Accenture Andrej Šimko https://portal.tufin.com/aspx/SecurityAdvisories
CVE-2020-13462 4.3 Tufin SecureChange <R20-2 GA R20-2 GA IDOR Accenture Andrej Šimko https://portal.tufin.com/aspx/SecurityAdvisories
CVE-2020-14534 8.2 Oracle E-Business Suite 12.2.9 CPU July 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS
CVE-2020-14555 4.7 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU July 2020 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS
CVE-2020-14590 2.7 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU July 2020 IP address disclosure Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS
CVE-2020-14657 7.6 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU July 2020 Stored XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS
CVE-2020-14658 9.1 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU July 2020 SQL Injection Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS
CVE-2020-14659 4.7 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU July 2020 Open Redirect Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS
CVE-2020-14660 8.2 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU July 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS
CVE-2020-14661 4.7 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU July 2020 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS
CVE-2020-14665 9.1 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU July 2020 SQL Injection Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS
CVE-2020-14666 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU July 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS
CVE-2020-14667 7.6 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU July 2020 Stored XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS
CVE-2020-14679 7.5 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU July 2020 Unauthorized Role Removal Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS
CVE-2020-14688 8.2 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU July 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS
CVE-2020-14774 7.5 Oracle E-Business Suite 12.1.1 - 12.1.3, 12.2.3 - 12.2.10 CPU October 2020 Chained DoS + CSRF Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixEBS
CVE-2020-14808 8.2 Oracle E-Business Suite 12.1.3, 12.2.3 - 12.2.10 CPU October 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixEBS
CVE-2020-16240 7.5 General Electric APM (Meridium) 4.4.x and earlier 4.5.0 IDOR Accenture Guido Marilli https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-20-04
https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01
CVE-2020-16244 7.2 General Electric APM (Meridium) 4.4.x and earlier 4.5.0 Use of a one-way hash without a salt Accenture Guido Marilli https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-20-04
https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01
CVE-2020-16279 9.8 Rangee GmbH RangeeOS <= 8.0.4 N/A OS Command Injection Context IS Andre Waldhoff and Bastian Kanbach https://www.contextis.com/en/resources/advisories/cve-2020-16279
CVE-2020-16280 5.5 Rangee GmbH RangeeOS <= 8.0.4 N/A Unprotected Storage of Credentials Context IS Andre Waldhoff and Bastian Kanbach https://www.contextis.com/en/resources/advisories/cve-2020-16280
CVE-2020-16281 7.8 Rangee GmbH RangeeOS <= 8.0.4 N/A Restricted Environment Breakout Context IS Andre Waldhoff and Bastian Kanbach https://www.contextis.com/en/resources/advisories/cve-2020-16281
CVE-2020-16282 8.8 Rangee GmbH RangeeOS <= 8.0.4 N/A Execution with Unnecessary Privileges Context IS Andre Waldhoff and Bastian Kanbach https://www.contextis.com/en/resources/advisories/cve-2020-16282
CVE-2020-24662 5.4 SmartStream Technologies Transaction Lifecycle Management (TLM) Reconciliation Premium (RP) <TLM RP 3.1.0 TLM RP 3.1.0 Stored XSS Accenture Klára Szabó N/A
CVE-2020-24663 5.4 Trace Financial Crest Bridge <6.3.0.02 6.3.0.03 Stored XSS Accenture Klára Szabó CREST Bridge Information Bulletin 39 (not public)
CVE-2020-24664 5.4 Hitachi Vantara Pentaho User Console < 7.1.0.25 + < 8.2.0.6 + < 8.3.0.0 GA >= 7.1.0.25 + >= 8.2.0.6 + >= 8.3.0.0 GA Reflected XSS Accenture Andrej Šimko http://www.hitachi.com/hirt/hitachi-sec/2020/601.html
CVE-2020-24665 6.5 Hitachi Vantara Pentaho User Console < 7.1.0.25 + < 8.2.0.6 + < 8.3.0.0 GA >= 7.1.0.25 + >= 8.2.0.6 + >= 8.3.0.0 GA XML Bomb Accenture Andrej Šimko http://www.hitachi.com/hirt/hitachi-sec/2020/601.html
CVE-2020-24666 5.4 Hitachi Vantara Pentaho User Console <7.1.0.23.197 9.1.0.1 Reflected XSS Accenture Stanislav Dusek http://www.hitachi.com/hirt/hitachi-sec/2020/601.html
CVE-2020-24667 8.8 Trace Financial Crest Bridge <6.3.0.02 6.3.0.03 SQL Injection Accenture Lukáš Bandura CREST Bridge Information Bulletin 39 (not public)
CVE-2020-24668 5.4 Trace Financial Crest Bridge <6.3.0.02 6.3.0.03 Stored XSS Accenture Klára Szabó CREST Bridge Information Bulletin 39 (not public)
CVE-2020-24669 4.4 Hitachi Vantara Pentaho User Console < 8.3.0.9 + < 9.0.0.1+ < 9.1.0.0 GA >= 8.3.0.9 + >= 9.0.0.1 + >= 9.1.0.0 GA DOM Based XSS Accenture Klára Szvitková http://www.hitachi.com/hirt/hitachi-sec/2020/601.html
CVE-2020-24670 5.4 Hitachi Vantara Pentaho User Console < 7.1.0.25 + < 8.2.0.6 + < 8.3.0.0 GA >= 7.1.0.25 + >= 8.2.0.6 + >= 8.3.0.0 GA Reflected XSS Accenture Andrej Šimko http://www.hitachi.com/hirt/hitachi-sec/2020/601.html
CVE-2020-24671 8.8 Trace Financial Crest Bridge <6.3.0.02 6.3.0.03 SQL Injection Accenture Klára Szabó CREST Bridge Information Bulletin 39 (not public)
CVE-2020-26255 9.1 Kirby Kirby CMS <=2.5.13, 3.0.0-3.4.4 2.5.14, 3.4.5 Remote Code Execution Context IS Thore Imhof https://github.com/getkirby/kirby/security/advisories/GHSA-g3h8-cg9x-47qw
CVE-2021-2077 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 Open Redirect Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2078 8.2 Oracle E-Business Suite 12.1, 12.2 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2079 8.2 Oracle E-Business Suite 12.1, 12.2 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2080 8.2 Oracle E-Business Suite 12.1, 12.2 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2082 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2083 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2084 8.2 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2085 8.2 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2089 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 Unsafe Event Names Blacklist Bypass Accenture Esteban Morales Montes https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2090 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2091 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2092 8.2 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2093 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2094 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2096 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2097 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2098 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2099 8.2 Oracle E-Business Suite 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2100 9.1 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 SQL Injection Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2101 9.1 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 SQL Injection Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2102 8.2 Oracle E-Business Suite 11.5.10, 12.1, 12.2 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2103 8.2 Oracle E-Business Suite 11.5.10, 12.1, 12.2 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2104 8.2 Oracle E-Business Suite 11.5.10, 12.1, 12.2 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2105 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2106 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2107 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2114 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2115 7.6 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 stored XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2118 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2155 4.3 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 Stored XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2182 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2183 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2184 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2185 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2186 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2187 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2188 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2189 7.5 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 DoS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2190 7.5 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 DoS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2195 8.2 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2198 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2150 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2199 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2200 9.1 Oracle E-Business Suite 12.2.10 CPU April 2021 SQL Injection Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2181 7.6 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.10 CPU April 2021 Stored XSS Accenture Esteban Montes Morales https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2197 8.1 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Torben Capiau https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2205 9.1 Oracle E-Business Suite 12.2.7-12.2.10 CPU April 2021 SQL Injection Accenture Martin Neumann https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2206 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Martin Neumann https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2209 8.5 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 Stored XSS Accenture Martin Neumann https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2210 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Martin Neumann https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2359 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU July 2021 XSS Accenture Martin Neumann https://www.oracle.com/security-alerts/cpujul2021.html#AppendixEBS
CVE-2021-2436 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU July 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2021.html#AppendixEBS
CVE-2021-25649 4.9 Avaya Avaya Aura Utility Services 7.x No fix, End of Manufacturer Support Information disclosure FusionX Shelby Spencer and Gerardo Iglesias-Galvan N/A
CVE-2021-25650 7.7 Avaya Avaya Aura Utility Services 7.x No fix, End of Manufacturer Support Privilege escalation FusionX Shelby Spencer and Gerardo Iglesias-Galvan N/A
CVE-2021-25651 8.0 Avaya Avaya Aura Utility Services 7.x No fix, End of Manufacturer Support Privilege escalation FusionX Shelby Spencer and Gerardo Iglesias-Galvan N/A
CVE-2021-25652 4.9 Avaya Avaya Aura Appliance Virtualization Platform Utilities (AVPU) 8.0.0.0 through 8.1.3.1 8.1.3.2 Information disclosure FusionX Shelby Spencer and Gerardo Iglesias-Galvan https://downloads.avaya.com/css/P8/documents/101076479
CVE-2021-25653 8.0 Avaya Avaya Aura Appliance Virtualization Platform Utilities (AVPU) 8.0.0.0 through 8.1.3.1 8.1.3.2 Privilege escalation FusionX Shelby Spencer and Gerardo Iglesias-Galvan https://downloads.avaya.com/css/P8/documents/101076479
CVE-2021-25654 6.2 Avaya Avaya Aura Device Services 7.0 through 8.1.4.0 8.1.4.1 Arbitrary code execution FusionX Shelby Spencer and Gerardo Iglesias-Galvan https://downloads.avaya.com/css/P8/documents/101076523
CVE-2021-31927 4.3 Annex Cloud Loyalty Experience Platform <2021.1.0.1 2021.1.0.2 IDOR Accenture Guillermo Alvarez https://www.annexcloud.com/responsible-disclosure
CVE-2021-31928 8.8 Annex Cloud Loyalty Experience Platform <2021.1.0.1 2021.1.0.2 Privilege Escalation Accenture Guillermo Alvarez https://www.annexcloud.com/responsible-disclosure
CVE-2021-31929 4.3 Annex Cloud Loyalty Experience Platform <2021.1.0.1 2021.1.0.2 Improper Access Control Accenture Guillermo Alvarez https://www.annexcloud.com/responsible-disclosure
CVE-2021-33031 3.1 LABCUP LTD. Labcup <v2_next_18022 v2_next_18032 Improper Access Control Accenture Alberto Chica Nunez N/A
CVE-2021-34483 7.8 Microsoft Windows 7/8.1/10, Server 2008/2012/2016/2019 Windows Print Spooler Elevation of Privilege Vulnerability FusionX Victor Mata https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34483
CVE-2021-35580 6.1 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.10 CPU October 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2021.html#AppendixEBS
CVE-2021-35581 4.7 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.10 CPU October 2021 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2021.html#AppendixEBS
CVE-2021-35582 6.5 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.10 CPU October 2021 CSV Injection Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2021.html#AppendixEBS
CVE-2021-36958 7.3 Microsoft Windows 7/8.1/10, Server 2008/2012/2016/2019 Windows Print Spooler Remote Code Execution Vulnerability FusionX Victor Mata https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958
CVE-2022-21251 7.5 Oracle E-Business Suite 12.2.3-12.2.11 CPU January 2022 Denial of Service Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2022.html#AppendixEBS
CVE-2022-23706 6.1 Hewlett Packard Enterprise HPE OneView < 7 44697 Stored XSS Maglan Michael Musheev https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04278en_us
CVE-2022-24450 8.8 Synadia Nats.io 2.x to 2.7.1 2.7.2 Unconstrained account assumption by authenticated clients Accenture Victor Mata, Gerardo Iglesias-Galvan https://advisories.nats.io/CVE/CVE-2022-24450.txt
CVE-2022-26146 5.4 Tricentis qTest <10.4 10.4 Stored XSS Accenture Klara Szabo https://support-hub.tricentis.com/open?id=manual&lang=en&path=%2Fqtest%2F10400%2Fen%2Fcontent%2Fqtest_manager%2Frelease_notes%2Fonpremise_release_notes%2Fmanager_10.4.0_onpremise_release_notes.htm&product=qtest&sessionRotationTrigger=true&type=product_manual&version=10.4.2%20On%20Premise
CVE-2022-26413 8.0 Zyxel VMG3312-T20A Firmware + others V530ABFX5C0 44663 OS Command Injection Accenture Martin Petráň https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml
CVE-2022-26414 6.0 Zyxel VMG3312-T20A Firmware + others V530ABFX5C0 44663 Buffer Overflow Accenture Martin Petráň https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml
CVE-2022-26971 5.3 Barco Barco Control Room Management Suite all versions before 3.14.1 44705 Unauthenticated license key update Accenture Murat Aydemir https://www.barco.com/en/support/knowledge-base/KB12681
CVE-2022-26972 6.1 Barco Barco Control Room Management Suite all versions before 3.14.1 44705 Reflected Cross Site Scripting (XSS) Accenture Murat Aydemir https://www.barco.com/en/support/knowledge-base/KB12677
CVE-2022-26973 5.3 Barco Barco Control Room Management Suite all versions before 3.14.1 44705 information disclosure of sensitive information Accenture Murat Aydemir https://www.barco.com/en/support/knowledge-base/KB12678
CVE-2022-26974 6.1 Barco Barco Control Room Management Suite all versions before 3.14.1 44705 Reflected Cross Site Scripting (XSS) Accenture Murat Aydemir https://www.barco.com/en/support/knowledge-base/KB12677
CVE-2022-26975 7.5 Barco Barco Control Room Management Suite all versions before 3.14.1 44705 Unauthenticated access to log files Accenture Murat Aydemir https://www.barco.com/en/support/knowledge-base/KB12677
CVE-2022-26976 5.4 Barco Barco Control Room Management Suite all versions before 3.14.1 44705 Stored Cross Site Scripting (XSS) Accenture Murat Aydemir https://www.barco.com/en/support/knowledge-base/KB12682
CVE-2022-26977 6.1 Barco Barco Control Room Management Suite all versions before 3.14.1 44705 Reflected Cross Site Scripting (XSS) Accenture Murat Aydemir https://www.barco.com/en/support/knowledge-base/KB12683
CVE-2022-26978 6.1 Barco Barco Control Room Management Suite all versions before 3.14.1 44705 Reflected Cross Site Scripting (XSS) Accenture Murat Aydemir https://www.barco.com/en/support/knowledge-base/KB12677
CVE-2022-28357 9.8 Synadia Nats.io Nats Server: 2.2.0 up to and including 2.7.4 Nats Streaming Server: 0.15.0 up to and including 0.24.3 44669 Arbitrary file write from the privileged system account FusionX Victor Mata, Gerardo Iglesias-Galvan https://advisories.nats.io/CVE/CVE-2022-28357.txt
CVE-2022-28616 9.8 Hewlett Packard Enterprise HPE OneView < 7 44697 Server-Side Request Forgery Maglan Michael Musheev https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04278en_us
CVE-2022-28617 9.8 Hewlett Packard Enterprise HPE OneView < 7 44697 Security Restrictions Bypass Maglan Michael Musheev https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04278en_us
CVE-2022-31321 9.1 BoltCMS BoltCMS v5.7 and earlier Fix in development Arbitrary Directory Creation and Enumeration Accenture Pratheepan Karthikeyan
CVE-2022-34530 5.3 Backdrop CMS Backdrop CMS <=1.22.0 N/A Username enumeration Accenture Pratheepan Karthikeyan
CVE-2022-35118 6.1 PyroCMS PyroCMS 3.9 and earlier N/A Multiple Stored Cross Site Scripting (XSS) Accenture Pratheepan Karthikeyan
CVE-2023-20899 5.3 VMware VMware SD-WAN (Edge) <= 4.5.1 4.5.2 Authentication bypass Accenture Marco Bruinenberg https://www.vmware.com/security/advisories/VMSA-2023-0015.html
CVE-2023-21806 8.2 Microsoft Power BI Report Server < 15.0.1111.115 KB5023884 (January 2023 update) - v15.0.1111.115 Stored XSS Accenture Andrej Šimko https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21806
CVE-2023-24488 6.1 Citrix ADC and Gateway <13.1-45.61; <13.0-90.11; <12.1-65.35 13.1-45.61 ; 13.0-90.11; 12.1-65.35 XSS Accenture Petr Juhaňák https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488
CVE-2023-36293 8.8 WManager WManager WManager version 1.0.7 and earlier Not fixed SQL Injection Accenture Daniele Montanaro https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md?ref_type=heads
CVE-2024-4017 8.8 BeyondTrust BeyondTrust U-Series Appliance >= 3.4, < 4.0.3 >=4.0.3 Local Privilege Escalation Accenture Daniele Montanaro, Paolo Caminati https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md?ref_type=heads
CVE-2024-4018 8.8 BeyondTrust BeyondTrust U-Series Appliance >= 3.4, < 4.0.3 >=4.0.3 Local Privilege Escalation Accenture Daniele Montanaro, Paolo Caminati https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md?ref_type=heads
CVE-2024-4019 9.1 BeyondTrust BeyondTrust BeyondInsight <23.2 >=23.2 SSRF Accenture Daniele Montanaro https://www.beyondtrust.com/trust-center/security-advisories/BT24-05
CVE-2024-4020 5.3 BeyondTrust BeyondTrust BeyondInsight <23.1 >=23.1 Username Enumeration Accenture Daniele Montanaro https://www.beyondtrust.com/trust-center/security-advisories/BT24-06
CVE-2024-20938 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU January 2024 Open Redirection Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2024.html#AppendixEBS
CVE-2024-20939 4.3 Oracle E-Business Suite 12.2.3-12.2.13 CPU January 2024 DOS & CSRF Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2024.html#AppendixEBS
CVE-2024-20940 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU January 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2024.html#AppendixEBS
CVE-2024-20941 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU January 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2024.html#AppendixEBS
CVE-2024-20942 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU January 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2024.html#AppendixEBS
CVE-2024-20943 5.4 Oracle E-Business Suite 12.2.3-12.2.13 CPU January 2024 Stored XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2024.html#AppendixEBS
CVE-2024-20944 5.4 Oracle E-Business Suite 12.2.3-12.2.13 CPU January 2024 Stored XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2024.html#AppendixEBS
CVE-2024-20947 5.4 Oracle E-Business Suite 12.2.3-12.2.13 CPU January 2024 Stored XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2024.html#AppendixEBS
CVE-2024-20948 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU January 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2024.html#AppendixEBS
CVE-2024-20949 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU January 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2024.html#AppendixEBS
CVE-2024-20950 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU January 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2024.html#AppendixEBS
CVE-2024-20951 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU January 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2024.html#AppendixEBS
CVE-2024-21016 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21017 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21018 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21019 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21020 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21021 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21022 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21023 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21024 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21025 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21026 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21027 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21028 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21029 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21030 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21031 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21032 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21033 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21034 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21035 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21036 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21037 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21038 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21039 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21040 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21041 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21042 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21043 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21044 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21045 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21046 6.1 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS
CVE-2024-21086 4.3 Oracle E-Business Suite 12.2.3-12.2.13 CPU April 2024 CSRF Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS

Vulnerabilities without CVE assigned:

Vuln ID Vendor Software Affected version(s) Fixed in Vulnerability Company Reporter Attribution link Note
Mitel 17-0002 Mitel MiVoice Conference/Video Phone (UC360) <2.1.3.12 2.1.3.12 Privilege Escalation / Remote Code Execution Vulnerability in MiVoice Conference/Video Phone (UC360) Context IS Tom Moreton https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-17-0002 N/A
Mitel 17-0003 Mitel MiVoice Conference/Video Phone (UC360) <2.1 SP5 (build 2.1.5.4) 2.1 SP5 (build 2.1.5.4) Multiple Vulnerabilities in MiVoice Conference/Video Phone (UC360) Context IS Tom Moreton https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-17-0003 N/A
N/A Hyperoptic ZTE H298N and ZTE H298A All Hyperoptic ZTE home routers before fixes relased: H298N: V1.1.3_HOP15T2 and H298A: V1.0.25_HOP.1T3 Patched on 30th April 2018. Updated firmware versions:
H298N: V1.1.3_HOP15T2
H298A: V1.0.25_HOP.1T3		 Hardcoded account allows compromise of all Hyperoptic ZTE home routers Context IS Dan Cater https://www.contextis.com/en/resources/advisories/hyperoptic-zte-home-routers N/A
N/A SAP API Business Hub Enterprise < 1.153.x 1.153.x SQL Injection Accenture Andrej Šimko https://www.sap.com/documents/2022/02/089613a0-167e-0010-bca6-c68f7e60039b.html (May 2023) CVE not assigned due to vulnerability being in Cloud and not on-premise solution. As per MITRE rules 7.4.4
N/A Okta Auth0 N/A N/A Session fixation Sentor Laban Sköllermark https://sentorsecurity.com/blog/vulnerability-disclosure-session-fixation-in-auth0/ No CVE since cloud product.
N/A Okta Auth0 N/A N/A Authentication bypass Sentor Laban Sköllermark https://sentorsecurity.com/blog/vulnerability-disclosure-authentication-bypass-in-auth0/ No CVE since cloud product. Coordinated disclosure in progress.

Fully populated public CVE statistics:

Rating CVSS3.1 score CVE count
Low 0.1 - 3.9 3
Medium 4.0 - 6.9 126
High 7.0 - 8.9 155
Critical 9.0 - 10.0 22
Any 0.1-10.0 306

CVEs in RESERVED state:

CVE ID Vulnerability Credits

Other statistics:

Description Vulnerability count
CVE not assigned 0
CVE reserved 2
CVSS score to be added 0