Note: Older vulnerabilities don't have CVSS3.1 score generated, so CVSS2 was used instead.
CVE ID | CVSS3.1 score | Vendor | Software | Affected version(s) | Fixed in | Vulnerability | Company | Reporter | Attribution link |
---|---|---|---|---|---|---|---|---|---|
CVE-2001-0710 | 5.0 | NetBSD, FreeBSD | NetBSD, FreeBSD | NetBSD 1.5 and earlier, FreeBSD 4.3 and earlier | 37005 | Denial of Service | FusionX | James Thomas | ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-006.txt.asc |
CVE-2012-0160 | 10.0 | Microsoft | .Net Framework | 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 | ms12-035 | .NET Framework Serialization Vulnerability | Context IS | James Forshaw | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-035 |
CVE-2012-0161 | 10.0 | Microsoft | .Net Framework | 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 | ms12-035 | .NET Framework Serialization Vulnerability | Context IS | James Forshaw | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-035 |
CVE-2014-3524 | 10.0 | LibreOffice | Calc | <4.3.1 and <4.2.6 | 4.3.1 and 4.2.6 | Command injection when loading Calc spreadsheets under Windows | Context IS | James Kettle, Rohan Durve | https://blog.documentfoundation.org/blog/2014/08/28/libreoffice-4-3-1-fresh-announced/ |
CVE-2016-1801 | 7.5 | Apple | iOS/MacOS | iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 | iOS 9.3.2, OS X 10.11.5, and tvOS 9.2.1 | Information disclosure vulnerability in Proxy Auto-Config | Context IS | Paul Stone, Alex Chapman | https://lists.apple.com/archives/security-announce/2016/May/msg00001.html |
CVE-2016-3535 | 8.2 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3 | CPU July 2016 | XSS | Accenture | Martin Petráň | https://www.oracle.com/security-alerts/cpujul2016.html#AppendixEBS |
CVE-2016-3536 | 8.2 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3 | CPU July 2016 | XSS | Accenture | Martin Petráň | https://www.oracle.com/security-alerts/cpujul2016.html#AppendixEBS |
CVE-2016-3763 | 3.3 | Android | Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 | Android 4.4.4, 5.0.2, 5.1.1, and 6.x 2016-07-01 | Information disclosure vulnerability in Proxy Auto-Config | Context IS | Paul Stone, Alex Chapman | https://source.android.com/security/bulletin/2016-07-01 | |
CVE-2016-5134 | 8.8 | Chrome | <52.0.2743.82 | 52.0.2743.82 | URL leakage via PAC script | Context IS | Paul Stone, Alex Chapman | https://chromereleases.googleblog.com/2016/07/stable-channel-update.html | |
CVE-2016-7086 | 7.8 | Vmware | Vmware Workstation Pro + Player | <12.5.0 | 12.5.0 | Local privileges escalation in VMware installer | Context IS | Adam Bridge | https://www.vmware.com/security/advisories/VMSA-2016-0014.html |
CVE-2016-7742 | 7.8 | Apple | MacOS | <10.12.2 | 10.12.2 | Opening a maliciously crafted archive may lead to arbitrary code execution | Context IS | Gareth Evans | https://support.apple.com/HT207423 |
CVE-2016-7988 | 7.5 | Samsung | Android | KK(4.4), L(5.0/5.1), and M(6.0) | SMR-AUG-2016 | No Permissions on SET_WIFI Broadcast receiver | Context IS | Tom Court | https://security.samsungmobile.com/securityUpdate.smsb |
CVE-2016-7989 | 7.5 | Samsung | Android | KK(4.4), L(5.0/5.1), and M(6.0) | SMR-AUG-2016 | Unhandled ArrayIndexOutOfBounds exception in Android Runtime | Context IS | Tom Court | https://security.samsungmobile.com/securityUpdate.smsb |
CVE-2016-7990 | 9.8 | Samsung | Android | KK(4.4), L(5.0/5.1), and M(6.0) | SMR-DEC-2016 | Integer overflow in libomacp.so | Context IS | Tom Court | https://security.samsungmobile.com/securityUpdate.smsb |
CVE-2016-7991 | 7.5 | Samsung | Android | KK(4.4), L(5.0/5.1), and M(6.0) | SMR-DEC-2016 | omacp app ignores security fields in OMA CP message | Context IS | Tom Court | https://security.samsungmobile.com/securityUpdate.smsb |
CVE-2017-5384 | 5.9 | Mozilla | Firefox | <51 | 51 | Information disclosure via Proxy Auto-Config (PAC) | Context IS | Paul Stone, Alex Chapman | https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/ |
CVE-2017-5669 | 7.8 | Linux | < v4.17-rc7 | v4.17-rc7 | Shmat syscall allows null-page protection bypass | Context IS | Gareth Evans | https://bugzilla.kernel.org/show_bug.cgi?id=192931 | |
CVE-2017-8419 | 7.8 | LAME | Lame 3.99.5 MP3 | <v3.100 | v3.100 | Multiple stack and heap corruptions from malicious file | Context IS | Gareth Evans | https://sourceforge.net/p/lame/bugs/458/ |
CVE-2017-9377 | 8.8 | Barco | ClickShare Base Units | <v1.7.0.3 | v1.7.0.3 | Command Injection Vulnerability on ClickShare Base Units | Context IS | Claudio Moletta | https://www.barco.com/en/Support/software/R33050037 |
CVE-2018-3242 | 8.2 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 | CPU October 2018 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuoct2018.html#AppendixEBS |
CVE-2018-3243 | 8.2 | Oracle | E-Business Suite | 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 | CPU October 2018 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuoct2018.html#AppendixEBS |
CVE-2018-3253 | 8.5 | Oracle | Virtual Directory | 11.1.1.7.0-11.1.1.9.0 | CPU October 2018 | Read Domain User Password Hashes | Accenture | Jason Lang | https://www.oracle.com/security-alerts/cpuoct2018.html |
CVE-2018-3256 | 4.9 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 | CPU October 2018 | Content Spoofing | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuoct2018.html#AppendixEBS |
CVE-2018-6492 | 6.1 | MicroFocus | HP Network Automation | v10.0x, v10.1x, v10.2x, v10.3x, v10.4x, v10.5x | MFSBGN03806 | Cross-Site Scripting (XSS) | Context IS | Tilman Bender, Dennis Herrmann and Bastian Kanbach | https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014 |
CVE-2018-6493 | 8.8 | MicroFocus | HP Network Automation | v10.0x, v10.1x, v10.2x, v10.3x, v10.4x, v10.5x | MFSBGN03806 | SQL Injection | Context IS | Tilman Bender, Dennis Herrmann and Bastian Kanbach | https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014 |
CVE-2018-8150 | 6.5 | Microsoft | Office Outlook | Microsoft Office 2016 Click-to-Run (C2R) | 8.5.2018 | Security Feature Bypass | Atanas Kirilov | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8150 | |
CVE-2018-12939 | 6.5 | steinm | SeedDMS | <5.1.8 | 5.1.8 | Directory Traversal | Context IS | Dennis Herrmann and Malte Poll | https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG |
CVE-2018-12940 | 8.8 | steinm | SeedDMS | <5.1.8 | 5.1.8 | Unrestricted File Upload | Context IS | Dennis Herrmann and Malte Poll | https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG |
CVE-2018-12941 | 8.8 | steinm | SeedDMS | <5.1.8 | 5.1.8 | Remote Code Execution | Context IS | Dennis Herrmann and Malte Poll | https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG |
CVE-2018-12942 | 8.8 | steinm | SeedDMS | <5.1.8 | 5.1.8 | SQL Injection | Context IS | Dennis Herrmann and Malte Poll | https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG |
CVE-2018-12943 | 6.1 | steinm | SeedDMS | <5.1.8 | 5.1.8 | Cross Site Scripting (XSS) | Context IS | Dennis Herrmann and Malte Poll | https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG |
CVE-2018-12944 | 6.1 | steinm | SeedDMS | <5.1.8 | 5.1.8 | Persistent Cross-Site Scripting (XSS) | Context IS | Dennis Herrmann and Malte Poll | https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG |
CVE-2018-15510 | 6.1 | Totemo | Totemomail 6.0.0 | < 6.0 to build 578 | 6.0 to build 578 | Cross-Site Scripting | Context IS | Michael Skiba, Andre Waldhoff, Carsten Sandker | https://www.contextis.com/en/resources/advisories/cve-2018-15510 |
CVE-2018-15511 | 6.1 | Totemo | Totemomail 6.0.0 | < 6.0 to build 578 | 6.0 to build 578 | Cross-Site Scripting | Context IS | Michael Skiba, Andre Waldhoff, Carsten Sandker | https://www.contextis.com/en/resources/advisories/cve-2018-15511 |
CVE-2018-15512 | 6.1 | Totemo | Totemomail 6.0.0 | < 6.0 to build 578 | 6.0 to build 578 | Cross-Site Scripting | Context IS | Michael Skiba, Andre Waldhoff, Carsten Sandker | https://www.contextis.com/en/resources/advisories/cve-2018-15512 |
CVE-2018-15513 | 5.3 | Totemo | Totemomail 6.0.0 | < 6.0 to build 578 | 6.0 to build 578 | Privilege Escalation | Context IS | Michael Skiba, Andre Waldhoff, Carsten Sandker | https://www.contextis.com/en/resources/advisories/cve-2018-15513 |
CVE-2018-18379 | 6.1 | Elementor | Elementor LTD | < 2.0.10 | 2.0.10 | Cross Site Scripting (XSS) | Context IS | Christopher Vella | https://www.contextis.com/en/resources/advisories/cve-2018-18379 |
CVE-2018-18589 | 8.0 | Microfocus | Real User Monitoring (RUM) | 9.26IP, 9.30, 9.40 and 9.50 | Java Deserialization Input Validation | iDefense, Accenture | Deapesh Misra | https://upport.microfocus.com/kb/kmdoc.php?id=KM03272900 | |
CVE-2019-2400 | 8.2 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU January 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS |
CVE-2019-2445 | 8.2 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU January 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS |
CVE-2019-2447 | 8.2 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU January 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS |
CVE-2019-2470 | 8.2 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU January 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS |
CVE-2019-2485 | 4.7 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU January 2019 | Content Spoofing | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS |
CVE-2019-2491 | 4.7 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU January 2019 | Content Spoofing | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS |
CVE-2019-2492 | 4.7 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU January 2019 | Content Spoofing | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS |
CVE-2019-2496 | 4.7 | Oracle | E-Business Suite | 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU January 2019 | Content Spoofing | Accenture | Andrej Šimko, Deapesh Misra | https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS |
CVE-2019-2497 | 8.2 | Oracle | E-Business Suite | 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU January 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS |
CVE-2019-2551 | 8.2 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2600 | 8.2 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2603 | 8.2 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2604 | 8.2 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2622 | 4.7 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | Open Redirect | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2639 | 8.2 | Oracle | E-Business Suite | 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2640 | 8.2 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2641 | 8.2 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2642 | 8.2 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2643 | 8.2 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2651 | 8.2 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2652 | 8.2 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2653 | 8.2 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2654 | 8.2 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2660 | 8.2 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2661 | 8.2 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2662 | 8.2 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2663 | 8.2 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2664 | 8.2 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2665 | 8.2 | Oracle | E-Business Suite | 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2666 | 8.2 | Oracle | E-Business Suite | 12.1.1 - 12.1.3, 12.2.3 - 12.2.8 | CPU July 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujul2019.html#AppendixEBS |
CVE-2019-2668 | 8.2 | Oracle | E-Business Suite | 12.1.1 - 12.1.3, 12.2.3 - 12.2.8 | CPU July 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujul2019.html#AppendixEBS |
CVE-2019-2669 | 4.7 | Oracle | E-Business Suite | 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | Content Spoofing | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2670 | 4.7 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | Content Spoofing | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2671 | 8.2 | Oracle | E-Business Suite | 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2672 | 8.2 | Oracle | E-Business Suite | 12.1.1 - 12.1.3, 12.2.3 - 12.2.8 | CPU July 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujul2019.html#AppendixEBS |
CVE-2019-2673 | 4.7 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | Content Spoofing | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2674 | 4.7 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | Content Spoofing | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2675 | 8.2 | Oracle | E-Business Suite | 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2676 | 4.7 | Oracle | E-Business Suite | 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | Content Spoofing | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2677 | 8.2 | Oracle | E-Business Suite | 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 | CPU April 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS |
CVE-2019-2837 | 8.2 | Oracle | E-Business Suite | 12.1.3, 12.2.3 - 12.2.8 | CPU July 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujul2019.html#AppendixEBS |
CVE-2019-2930 | 4.7 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.8 | CPU October 2019 | Content Spoofing | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS |
CVE-2019-2990 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.9 | CPU October 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS |
CVE-2019-2994 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3 | CPU October 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS |
CVE-2019-2995 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.9 | CPU October 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS |
CVE-2019-3000 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.9 | CPU October 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS |
CVE-2019-3022 | 5.8 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.9 | CPU October 2019 | Content Spoofing | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS |
CVE-2019-3024 | 4.7 | Oracle | E-Business Suite | 12.2.3-12.2.9 | CPU October 2019 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS |
CVE-2019-6113 | 7.5 | Onkyo | Onkyo TX-NR686 | 1030-5000-1040-0010 | N/A | Directory Traversal | Context IS | Michael Skiba | https://www.contextis.com/en/resources/advisories/cve-2019-6113 |
CVE-2019-9268 | 5.5 | Android | lmp-mr1, mnc, mnc-mr1, mnc-mr2, nyc, nyc-mr1, nyc-mr2, oc | Android 10 Security Release Notes | Improper Locking | Deja vu | Christopher Dombroski | https://source.android.com/security/overview/release-acknowledgements | |
CVE-2019-15746 | 9.8 | BMLV Stammportal | SITOS Six | <= Build v6.2.1 | N/A | PHP Command Injection | Context IS | Dennis Herrmann and Andre Waldhoff | https://www.contextis.com/en/resources/advisories/cve-2019-15746 |
CVE-2019-15747 | 8.8 | BMLV Stammportal | SITOS Six | <= Build v6.2.1 | N/A | Privilege Escalation via Client-Side-Source Manipulation | Context IS | Dennis Herrmann and Andre Waldhoff | https://www.contextis.com/en/resources/advisories/cve-2019-15747 |
CVE-2019-15748 | 9.8 | BMLV Stammportal | SITOS Six | <= Build v6.2.1 | N/A | Authorisation Bypass | Context IS | Dennis Herrmann and Andre Waldhoff | https://www.contextis.com/en/resources/advisories/cve-2019-15748 |
CVE-2019-15749 | 6.5 | BMLV Stammportal | SITOS Six | <= Build v6.2.1 | N/A | Account Takeover | Context IS | Dennis Herrmann and Andre Waldhoff | https://www.contextis.com/en/resources/advisories/cve-2019-15749 |
CVE-2019-15750 | 6.1 | BMLV Stammportal | SITOS Six | <= Build v6.2.1 | N/A | Cross-Site-Scripting - Non-Persistent | Context IS | Dennis Herrmann and Andre Waldhoff | https://www.contextis.com/en/resources/advisories/cve-2019-15750 |
CVE-2019-15751 | 9.8 | BMLV Stammportal | SITOS Six | <= Build v6.2.1 | N/A | Unrestricted File Upload via SCORM File | Context IS | Dennis Herrmann and Andre Waldhoff | https://www.contextis.com/en/resources/advisories/cve-2019-15751 |
CVE-2020-1030 | 7.8 | Microsoft | Windows | 7/8.1/10, Server 2008/2012/2016/2019 | KB(4570333, 4571756, 4574727, 4577015, 4577032, 4577038, 4577041, 4577048, 4577049, 4577051, 4577053, 4577064, 4577066, 4577070, 4577071) | Elevation of Privilege Vulnerability | FusionX | Victor Mata | https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1030#ID0EWIAC |
CVE-2020-1062 | 7.5 | Microsoft | Internet Explorer | 9 through 11 | 11 | Internet Explorer Memory Corruption Vulnerability | iDefense | Rohit Mothe | https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1062 |
CVE-2020-2582 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.9 | CPU January 2020 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS |
CVE-2020-2596 | 4.7 | Oracle | E-Business Suite | 12.1.3, 12.2.3-12.2.9 | CPU January 2020 | Content Spoofing | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS |
CVE-2020-2597 | 4.7 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.9 | CPU January 2020 | Content Spoofing | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS |
CVE-2020-2657 | 4.7 | Oracle | E-Business Suite | 12.1.3, 12.2.3-12.2.9 | CPU January 2020 | Content Spoofing | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS |
CVE-2020-2658 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.9 | CPU January 2020 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS |
CVE-2020-2661 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.9 | CPU January 2020 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS |
CVE-2020-2662 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.9 | CPU January 2020 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS |
CVE-2020-2665 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.9 | CPU January 2020 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS |
CVE-2020-2667 | 4.7 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.9 | CPU January 2020 | Content Spoofing | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS |
CVE-2020-2668 | 4.7 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.9 | CPU January 2020 | Content Spoofing | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS |
CVE-2020-2669 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.9 | CPU January 2020 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS |
CVE-2020-2670 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.9 | CPU January 2020 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS |
CVE-2020-2671 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.9 | CPU January 2020 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS |
CVE-2020-2672 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.9 | CPU January 2020 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS |
CVE-2020-2794 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.9 | CPU April 2020 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixEBS |
CVE-2020-2796 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.9 | CPU April 2020 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixEBS |
CVE-2020-2813 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.9 | CPU April 2020 | XSS | Accenture | Esteban Morales Montes | https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixEBS |
CVE-2020-2810 | 4.7 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.9 | CPU April 2020 | Open Redirect | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixEBS |
CVE-2020-3369 | 8.6 | CISCO | SD-WAN vEdge router | 19.2.0, 19.2.097, 19.2.098, 19.2.1 | 19.2.2, 20.1.1 | DoS | Maglan | Gil Fidel | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fpdos-hORBfd9f |
CVE-2020-3385 | 7.4 | CISCO | SD-WAN vEdge router | SD-WAN vEdge 5000 Series Routers, SD-WAN vEdge Cloud Routers | 18.4.5, 19.2.3, 20.1.1 | DoS | Maglan | Gil Fidel | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vedgfpdos-PkqQrnwV |
CVE-2020-5825 | 5.5 | Symantec | SEP | Prior to 14.2 RU2 MP1 (14.2.5569.2100) | Upgrade to 14.2 RU2 MP1 (14.2.5569.2100) | arbitrary file write vulnerability | FusionX | Bryan Alexander | https://support.broadcom.com/security-advisory/content/0/0/SYMSA1505 https://www.accenture.com/us-en/blogs/cyber-defense/exploiting-arbitrary-file-move-in-symantec-endpoint-protection |
CVE-2020-9767 | 7.8 | Zoom Video Communications, Inc | Zoom Client for Windows where the Zoom Sharing Service is installed | < 5.0.4 | 5.0.4 | Zoom Sharing Service Local Privilege Escalation | Context IS | Connor Scott | https://support.zoom.us/hc/en-us/articles/360044350792-Security-CVE-2020-9767 |
CVE-2020-13133 | 6.1 | Tufin | SecureChange | <R19.3 HF3 + <R20.1 HF1 | R19.3 HF3 + R20.1 HF1 | Stored XSS | Accenture | Andrej Šimko | https://portal.tufin.com/aspx/SecurityAdvisories |
CVE-2020-13134 | 4.8 | Tufin | SecureChange | <R19.3 HF3 + <R20.1 HF1 | R19.3 HF3 + R20.1 HF1 | Stored XSS | Accenture | Andrej Šimko | https://portal.tufin.com/aspx/SecurityAdvisories |
CVE-2020-13407 | 6.8 | Tufin | SecureTrack | <R20-2 GA | R20-2 GA | Stored XSS | Accenture | Andrej Šimko | https://portal.tufin.com/aspx/SecurityAdvisories |
CVE-2020-13408 | 6.8 | Tufin | SecureTrack | <R20-2 GA | R20-2 GA | Stored XSS | Accenture | Andrej Šimko | https://portal.tufin.com/aspx/SecurityAdvisories |
CVE-2020-13409 | 6.8 | Tufin | SecureTrack | <R20-2 GA | R20-2 GA | Stored XSS | Accenture | Andrej Šimko | https://portal.tufin.com/aspx/SecurityAdvisories |
CVE-2020-13418 | 6.1 | OpenIAM | OpenIAM | 4.1.8 (and possibly other versions in 4.1.x) | 4.2.0.3 | XSS | Accenture | Marek Klon | http://docs.openiam.com/docs-4.2.0/changelog/1-Release-4.2.0 |
CVE-2020-13419 | 5.3 | OpenIAM | OpenIAM | 4.1.8 (and possibly other versions in 4.1.x) | 4.2.0.3 | Path Traversal | Accenture | Marek Klon | http://docs.openiam.com/docs-4.2.0/changelog/1-Release-4.2.0 |
CVE-2020-13420 | 9.8 | OpenIAM | OpenIAM | 4.1.8 (and possibly other versions in 4.1.x) | 4.2.0.3 | Remote Code Execution Through Groovy Script | Accenture | Marek Klon | http://docs.openiam.com/docs-4.2.0/changelog/1-Release-4.2.0 |
CVE-2020-13421 | 9.8 | OpenIAM | OpenIAM | 4.1.8 (and possibly other versions in 4.1.x) | 4.2.0.3 | Missing role segregation | Accenture | Marek Klon | http://docs.openiam.com/docs-4.2.0/changelog/1-Release-4.2.0 |
CVE-2020-13422 | 8.1 | OpenIAM | OpenIAM | 4.1.8 (and possibly other versions in 4.1.x) | 4.2.0.3 | Privilege escalation | Accenture | Marek Klon | http://docs.openiam.com/docs-4.2.0/changelog/1-Release-4.2.0 |
CVE-2020-13460 | 6.3 | Tufin | SecureTrack | <R20-2 GA | R20-2 GA | CSRF | Accenture | Andrej Šimko | https://portal.tufin.com/aspx/SecurityAdvisories |
CVE-2020-13461 | 4.3 | Tufin | SecureTrack | Not planned to be resolved | N/A | Username enumeration | Accenture | Andrej Šimko | https://portal.tufin.com/aspx/SecurityAdvisories |
CVE-2020-13462 | 4.3 | Tufin | SecureChange | <R20-2 GA | R20-2 GA | IDOR | Accenture | Andrej Šimko | https://portal.tufin.com/aspx/SecurityAdvisories |
CVE-2020-14534 | 8.2 | Oracle | E-Business Suite | 12.2.9 | CPU July 2020 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS |
CVE-2020-14555 | 4.7 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.9 | CPU July 2020 | Content Spoofing | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS |
CVE-2020-14590 | 2.7 | Oracle | E-Business Suite | 12.1.3, 12.2.3-12.2.9 | CPU July 2020 | IP address disclosure | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS |
CVE-2020-14657 | 7.6 | Oracle | E-Business Suite | 12.1.3, 12.2.3-12.2.9 | CPU July 2020 | Stored XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS |
CVE-2020-14658 | 9.1 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.9 | CPU July 2020 | SQL Injection | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS |
CVE-2020-14659 | 4.7 | Oracle | E-Business Suite | 12.1.3, 12.2.3-12.2.9 | CPU July 2020 | Open Redirect | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS |
CVE-2020-14660 | 8.2 | Oracle | E-Business Suite | 12.1.3, 12.2.3-12.2.9 | CPU July 2020 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS |
CVE-2020-14661 | 4.7 | Oracle | E-Business Suite | 12.1.3, 12.2.3-12.2.9 | CPU July 2020 | Content Spoofing | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS |
CVE-2020-14665 | 9.1 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.9 | CPU July 2020 | SQL Injection | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS |
CVE-2020-14666 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.9 | CPU July 2020 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS |
CVE-2020-14667 | 7.6 | Oracle | E-Business Suite | 12.1.3, 12.2.3-12.2.9 | CPU July 2020 | Stored XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS |
CVE-2020-14679 | 7.5 | Oracle | E-Business Suite | 12.1.3, 12.2.3-12.2.9 | CPU July 2020 | Unauthorized Role Removal | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS |
CVE-2020-14688 | 8.2 | Oracle | E-Business Suite | 12.1.3, 12.2.3-12.2.9 | CPU July 2020 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS |
CVE-2020-14774 | 7.5 | Oracle | E-Business Suite | 12.1.1 - 12.1.3, 12.2.3 - 12.2.10 | CPU October 2020 | Chained DoS + CSRF | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixEBS |
CVE-2020-14808 | 8.2 | Oracle | E-Business Suite | 12.1.3, 12.2.3 - 12.2.10 | CPU October 2020 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixEBS |
CVE-2020-16240 | 7.5 | General Electric | APM (Meridium) | 4.4.x and earlier | 4.5.0 | IDOR | Accenture | Guido Marilli | https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-20-04 https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01 |
CVE-2020-16244 | 7.2 | General Electric | APM (Meridium) | 4.4.x and earlier | 4.5.0 | Use of a one-way hash without a salt | Accenture | Guido Marilli | https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-20-04 https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01 |
CVE-2020-16279 | 9.8 | Rangee GmbH | RangeeOS | <= 8.0.4 | N/A | OS Command Injection | Context IS | Andre Waldhoff and Bastian Kanbach | https://www.contextis.com/en/resources/advisories/cve-2020-16279 |
CVE-2020-16280 | 5.5 | Rangee GmbH | RangeeOS | <= 8.0.4 | N/A | Unprotected Storage of Credentials | Context IS | Andre Waldhoff and Bastian Kanbach | https://www.contextis.com/en/resources/advisories/cve-2020-16280 |
CVE-2020-16281 | 7.8 | Rangee GmbH | RangeeOS | <= 8.0.4 | N/A | Restricted Environment Breakout | Context IS | Andre Waldhoff and Bastian Kanbach | https://www.contextis.com/en/resources/advisories/cve-2020-16281 |
CVE-2020-16282 | 8.8 | Rangee GmbH | RangeeOS | <= 8.0.4 | N/A | Execution with Unnecessary Privileges | Context IS | Andre Waldhoff and Bastian Kanbach | https://www.contextis.com/en/resources/advisories/cve-2020-16282 |
CVE-2020-24662 | 5.4 | SmartStream Technologies | Transaction Lifecycle Management (TLM) Reconciliation Premium (RP) | <TLM RP 3.1.0 | TLM RP 3.1.0 | Stored XSS | Accenture | Klára Szabó | N/A |
CVE-2020-24663 | 5.4 | Trace Financial | Crest Bridge | <6.3.0.02 | 6.3.0.03 | Stored XSS | Accenture | Klára Szabó | CREST Bridge Information Bulletin 39 (not public) |
CVE-2020-24664 | 5.4 | Hitachi Vantara | Pentaho User Console | < 7.1.0.25 + < 8.2.0.6 + < 8.3.0.0 GA | >= 7.1.0.25 + >= 8.2.0.6 + >= 8.3.0.0 GA | Reflected XSS | Accenture | Andrej Šimko | http://www.hitachi.com/hirt/hitachi-sec/2020/601.html |
CVE-2020-24665 | 6.5 | Hitachi Vantara | Pentaho User Console | < 7.1.0.25 + < 8.2.0.6 + < 8.3.0.0 GA | >= 7.1.0.25 + >= 8.2.0.6 + >= 8.3.0.0 GA | XML Bomb | Accenture | Andrej Šimko | http://www.hitachi.com/hirt/hitachi-sec/2020/601.html |
CVE-2020-24666 | 5.4 | Hitachi Vantara | Pentaho User Console | <7.1.0.23.197 | 9.1.0.1 | Reflected XSS | Accenture | Stanislav Dusek | http://www.hitachi.com/hirt/hitachi-sec/2020/601.html |
CVE-2020-24667 | 8.8 | Trace Financial | Crest Bridge | <6.3.0.02 | 6.3.0.03 | SQL Injection | Accenture | Lukáš Bandura | CREST Bridge Information Bulletin 39 (not public) |
CVE-2020-24668 | 5.4 | Trace Financial | Crest Bridge | <6.3.0.02 | 6.3.0.03 | Stored XSS | Accenture | Klára Szabó | CREST Bridge Information Bulletin 39 (not public) |
CVE-2020-24669 | 4.4 | Hitachi Vantara | Pentaho User Console | < 8.3.0.9 + < 9.0.0.1+ < 9.1.0.0 GA | >= 8.3.0.9 + >= 9.0.0.1 + >= 9.1.0.0 GA | DOM Based XSS | Accenture | Klára Szvitková | http://www.hitachi.com/hirt/hitachi-sec/2020/601.html |
CVE-2020-24670 | 5.4 | Hitachi Vantara | Pentaho User Console | < 7.1.0.25 + < 8.2.0.6 + < 8.3.0.0 GA | >= 7.1.0.25 + >= 8.2.0.6 + >= 8.3.0.0 GA | Reflected XSS | Accenture | Andrej Šimko | http://www.hitachi.com/hirt/hitachi-sec/2020/601.html |
CVE-2020-24671 | 8.8 | Trace Financial | Crest Bridge | <6.3.0.02 | 6.3.0.03 | SQL Injection | Accenture | Klára Szabó | CREST Bridge Information Bulletin 39 (not public) |
CVE-2020-26255 | 9.1 | Kirby | Kirby CMS | <=2.5.13, 3.0.0-3.4.4 | 2.5.14, 3.4.5 | Remote Code Execution | Context IS | Thore Imhof | https://github.com/getkirby/kirby/security/advisories/GHSA-g3h8-cg9x-47qw |
CVE-2021-2077 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU January 2021 | Open Redirect | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2078 | 8.2 | Oracle | E-Business Suite | 12.1, 12.2 | CPU January 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2079 | 8.2 | Oracle | E-Business Suite | 12.1, 12.2 | CPU January 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2080 | 8.2 | Oracle | E-Business Suite | 12.1, 12.2 | CPU January 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2082 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU January 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2083 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU January 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2084 | 8.2 | Oracle | E-Business Suite | 12.1.3, 12.2.3-12.2.10 | CPU January 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2085 | 8.2 | Oracle | E-Business Suite | 12.1.3, 12.2.3-12.2.10 | CPU January 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2089 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU January 2021 | Unsafe Event Names Blacklist Bypass | Accenture | Esteban Morales Montes | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2090 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU January 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2091 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU January 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2092 | 8.2 | Oracle | E-Business Suite | 12.1.3, 12.2.3-12.2.10 | CPU January 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2093 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU January 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2094 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU January 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2096 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU January 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2097 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU January 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2098 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU January 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2099 | 8.2 | Oracle | E-Business Suite | 12.2.3-12.2.10 | CPU January 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2100 | 9.1 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU January 2021 | SQL Injection | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2101 | 9.1 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU January 2021 | SQL Injection | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2102 | 8.2 | Oracle | E-Business Suite | 11.5.10, 12.1, 12.2 | CPU January 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2103 | 8.2 | Oracle | E-Business Suite | 11.5.10, 12.1, 12.2 | CPU January 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2104 | 8.2 | Oracle | E-Business Suite | 11.5.10, 12.1, 12.2 | CPU January 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2105 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU January 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2106 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU January 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2107 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU January 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2114 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU January 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2115 | 7.6 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU January 2021 | stored XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2118 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU January 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS |
CVE-2021-2155 | 4.3 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU April 2021 | Stored XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS |
CVE-2021-2182 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU April 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS |
CVE-2021-2183 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU April 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS |
CVE-2021-2184 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU April 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS |
CVE-2021-2185 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU April 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS |
CVE-2021-2186 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU April 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS |
CVE-2021-2187 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU April 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS |
CVE-2021-2188 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU April 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS |
CVE-2021-2189 | 7.5 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU April 2021 | DoS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS |
CVE-2021-2190 | 7.5 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU April 2021 | DoS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS |
CVE-2021-2195 | 8.2 | Oracle | E-Business Suite | 12.1.3, 12.2.3-12.2.10 | CPU April 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS |
CVE-2021-2198 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU April 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS |
CVE-2021-2150 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU April 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS |
CVE-2021-2199 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU April 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS |
CVE-2021-2200 | 9.1 | Oracle | E-Business Suite | 12.2.10 | CPU April 2021 | SQL Injection | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS |
CVE-2021-2181 | 7.6 | Oracle | E-Business Suite | 12.1.3, 12.2.3-12.2.10 | CPU April 2021 | Stored XSS | Accenture | Esteban Montes Morales | https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS |
CVE-2021-2197 | 8.1 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU April 2021 | XSS | Accenture | Torben Capiau | https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS |
CVE-2021-2205 | 9.1 | Oracle | E-Business Suite | 12.2.7-12.2.10 | CPU April 2021 | SQL Injection | Accenture | Martin Neumann | https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS |
CVE-2021-2206 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU April 2021 | XSS | Accenture | Martin Neumann | https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS |
CVE-2021-2209 | 8.5 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU April 2021 | Stored XSS | Accenture | Martin Neumann | https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS |
CVE-2021-2210 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU April 2021 | XSS | Accenture | Martin Neumann | https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS |
CVE-2021-2359 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU July 2021 | XSS | Accenture | Martin Neumann | https://www.oracle.com/security-alerts/cpujul2021.html#AppendixEBS |
CVE-2021-2436 | 8.2 | Oracle | E-Business Suite | 12.1.1-12.1.3, 12.2.3-12.2.10 | CPU July 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujul2021.html#AppendixEBS |
CVE-2021-25649 | 4.9 | Avaya | Avaya Aura Utility Services | 7.x | No fix, End of Manufacturer Support | Information disclosure | FusionX | Shelby Spencer and Gerardo Iglesias-Galvan | N/A |
CVE-2021-25650 | 7.7 | Avaya | Avaya Aura Utility Services | 7.x | No fix, End of Manufacturer Support | Privilege escalation | FusionX | Shelby Spencer and Gerardo Iglesias-Galvan | N/A |
CVE-2021-25651 | 8.0 | Avaya | Avaya Aura Utility Services | 7.x | No fix, End of Manufacturer Support | Privilege escalation | FusionX | Shelby Spencer and Gerardo Iglesias-Galvan | N/A |
CVE-2021-25652 | 4.9 | Avaya | Avaya Aura Appliance Virtualization Platform Utilities (AVPU) | 8.0.0.0 through 8.1.3.1 | 8.1.3.2 | Information disclosure | FusionX | Shelby Spencer and Gerardo Iglesias-Galvan | https://downloads.avaya.com/css/P8/documents/101076479 |
CVE-2021-25653 | 8.0 | Avaya | Avaya Aura Appliance Virtualization Platform Utilities (AVPU) | 8.0.0.0 through 8.1.3.1 | 8.1.3.2 | Privilege escalation | FusionX | Shelby Spencer and Gerardo Iglesias-Galvan | https://downloads.avaya.com/css/P8/documents/101076479 |
CVE-2021-25654 | 6.2 | Avaya | Avaya Aura Device Services | 7.0 through 8.1.4.0 | 8.1.4.1 | Arbitrary code execution | FusionX | Shelby Spencer and Gerardo Iglesias-Galvan | https://downloads.avaya.com/css/P8/documents/101076523 |
CVE-2021-31927 | 4.3 | Annex Cloud | Loyalty Experience Platform | <2021.1.0.1 | 2021.1.0.2 | IDOR | Accenture | Guillermo Alvarez | https://www.annexcloud.com/responsible-disclosure |
CVE-2021-31928 | 8.8 | Annex Cloud | Loyalty Experience Platform | <2021.1.0.1 | 2021.1.0.2 | Privilege Escalation | Accenture | Guillermo Alvarez | https://www.annexcloud.com/responsible-disclosure |
CVE-2021-31929 | 4.3 | Annex Cloud | Loyalty Experience Platform | <2021.1.0.1 | 2021.1.0.2 | Improper Access Control | Accenture | Guillermo Alvarez | https://www.annexcloud.com/responsible-disclosure |
CVE-2021-33031 | 3.1 | LABCUP LTD. | Labcup | <v2_next_18022 | v2_next_18032 | Improper Access Control | Accenture | Alberto Chica Nunez | N/A |
CVE-2021-34483 | 7.8 | Microsoft | Windows | 7/8.1/10, Server 2008/2012/2016/2019 | Windows Print Spooler Elevation of Privilege Vulnerability | FusionX | Victor Mata | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34483 | |
CVE-2021-35580 | 6.1 | Oracle | E-Business Suite | 12.1.3, 12.2.3-12.2.10 | CPU October 2021 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuoct2021.html#AppendixEBS |
CVE-2021-35581 | 4.7 | Oracle | E-Business Suite | 12.1.3, 12.2.3-12.2.10 | CPU October 2021 | Content Spoofing | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuoct2021.html#AppendixEBS |
CVE-2021-35582 | 6.5 | Oracle | E-Business Suite | 12.1.3, 12.2.3-12.2.10 | CPU October 2021 | CSV Injection | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuoct2021.html#AppendixEBS |
CVE-2021-36958 | 7.3 | Microsoft | Windows | 7/8.1/10, Server 2008/2012/2016/2019 | Windows Print Spooler Remote Code Execution Vulnerability | FusionX | Victor Mata | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958 | |
CVE-2022-21251 | 7.5 | Oracle | E-Business Suite | 12.2.3-12.2.11 | CPU January 2022 | Denial of Service | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2022.html#AppendixEBS |
CVE-2022-23706 | 6.1 | Hewlett Packard Enterprise | HPE OneView | < 7 | 44697 | Stored XSS | Maglan | Michael Musheev | https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04278en_us |
CVE-2022-24450 | 8.8 | Synadia | Nats.io | 2.x to 2.7.1 | 2.7.2 | Unconstrained account assumption by authenticated clients | Accenture | Victor Mata, Gerardo Iglesias-Galvan | https://advisories.nats.io/CVE/CVE-2022-24450.txt |
CVE-2022-26146 | 5.4 | Tricentis | qTest | <10.4 | 10.4 | Stored XSS | Accenture | Klara Szabo | https://support-hub.tricentis.com/open?id=manual&lang=en&path=%2Fqtest%2F10400%2Fen%2Fcontent%2Fqtest_manager%2Frelease_notes%2Fonpremise_release_notes%2Fmanager_10.4.0_onpremise_release_notes.htm&product=qtest&sessionRotationTrigger=true&type=product_manual&version=10.4.2%20On%20Premise |
CVE-2022-26413 | 8.0 | Zyxel | VMG3312-T20A Firmware + others | V530ABFX5C0 | 44663 | OS Command Injection | Accenture | Martin Petráň | https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml |
CVE-2022-26414 | 6.0 | Zyxel | VMG3312-T20A Firmware + others | V530ABFX5C0 | 44663 | Buffer Overflow | Accenture | Martin Petráň | https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml |
CVE-2022-26971 | 5.3 | Barco | Barco Control Room Management Suite | all versions before 3.14.1 | 44705 | Unauthenticated license key update | Accenture | Murat Aydemir | https://www.barco.com/en/support/knowledge-base/KB12681 |
CVE-2022-26972 | 6.1 | Barco | Barco Control Room Management Suite | all versions before 3.14.1 | 44705 | Reflected Cross Site Scripting (XSS) | Accenture | Murat Aydemir | https://www.barco.com/en/support/knowledge-base/KB12677 |
CVE-2022-26973 | 5.3 | Barco | Barco Control Room Management Suite | all versions before 3.14.1 | 44705 | information disclosure of sensitive information | Accenture | Murat Aydemir | https://www.barco.com/en/support/knowledge-base/KB12678 |
CVE-2022-26974 | 6.1 | Barco | Barco Control Room Management Suite | all versions before 3.14.1 | 44705 | Reflected Cross Site Scripting (XSS) | Accenture | Murat Aydemir | https://www.barco.com/en/support/knowledge-base/KB12677 |
CVE-2022-26975 | 7.5 | Barco | Barco Control Room Management Suite | all versions before 3.14.1 | 44705 | Unauthenticated access to log files | Accenture | Murat Aydemir | https://www.barco.com/en/support/knowledge-base/KB12677 |
CVE-2022-26976 | 5.4 | Barco | Barco Control Room Management Suite | all versions before 3.14.1 | 44705 | Stored Cross Site Scripting (XSS) | Accenture | Murat Aydemir | https://www.barco.com/en/support/knowledge-base/KB12682 |
CVE-2022-26977 | 6.1 | Barco | Barco Control Room Management Suite | all versions before 3.14.1 | 44705 | Reflected Cross Site Scripting (XSS) | Accenture | Murat Aydemir | https://www.barco.com/en/support/knowledge-base/KB12683 |
CVE-2022-26978 | 6.1 | Barco | Barco Control Room Management Suite | all versions before 3.14.1 | 44705 | Reflected Cross Site Scripting (XSS) | Accenture | Murat Aydemir | https://www.barco.com/en/support/knowledge-base/KB12677 |
CVE-2022-28357 | 9.8 | Synadia | Nats.io | Nats Server: 2.2.0 up to and including 2.7.4 Nats Streaming Server: 0.15.0 up to and including 0.24.3 | 44669 | Arbitrary file write from the privileged system account | FusionX | Victor Mata, Gerardo Iglesias-Galvan | https://advisories.nats.io/CVE/CVE-2022-28357.txt |
CVE-2022-28616 | 9.8 | Hewlett Packard Enterprise | HPE OneView | < 7 | 44697 | Server-Side Request Forgery | Maglan | Michael Musheev | https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04278en_us |
CVE-2022-28617 | 9.8 | Hewlett Packard Enterprise | HPE OneView | < 7 | 44697 | Security Restrictions Bypass | Maglan | Michael Musheev | https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04278en_us |
CVE-2022-31321 | 9.1 | BoltCMS | BoltCMS | v5.7 and earlier | Fix in development | Arbitrary Directory Creation and Enumeration | Accenture | Pratheepan Karthikeyan | |
CVE-2022-34530 | 5.3 | Backdrop CMS | Backdrop CMS | <=1.22.0 | N/A | Username enumeration | Accenture | Pratheepan Karthikeyan | |
CVE-2022-35118 | 6.1 | PyroCMS | PyroCMS | 3.9 and earlier | N/A | Multiple Stored Cross Site Scripting (XSS) | Accenture | Pratheepan Karthikeyan | |
CVE-2023-20899 | 5.3 | VMware | VMware SD-WAN (Edge) | <= 4.5.1 | 4.5.2 | Authentication bypass | Accenture | Marco Bruinenberg | https://www.vmware.com/security/advisories/VMSA-2023-0015.html |
CVE-2023-21806 | 8.2 | Microsoft | Power BI Report Server | < 15.0.1111.115 | KB5023884 (January 2023 update) - v15.0.1111.115 | Stored XSS | Accenture | Andrej Šimko | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21806 |
CVE-2023-24488 | 6.1 | Citrix | ADC and Gateway | <13.1-45.61; <13.0-90.11; <12.1-65.35 | 13.1-45.61 ; 13.0-90.11; 12.1-65.35 | XSS | Accenture | Petr Juhaňák | https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488 |
CVE-2023-36293 | 8.8 | WManager | WManager | WManager version 1.0.7 and earlier | Not fixed | SQL Injection | Accenture | Daniele Montanaro | https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md?ref_type=heads |
CVE-2024-4017 | 8.8 | BeyondTrust | BeyondTrust U-Series Appliance | >= 3.4, < 4.0.3 | >=4.0.3 | Local Privilege Escalation | Accenture | Daniele Montanaro, Paolo Caminati | https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md?ref_type=heads |
CVE-2024-4018 | 8.8 | BeyondTrust | BeyondTrust U-Series Appliance | >= 3.4, < 4.0.3 | >=4.0.3 | Local Privilege Escalation | Accenture | Daniele Montanaro, Paolo Caminati | https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md?ref_type=heads |
CVE-2024-4019 | 9.1 | BeyondTrust | BeyondTrust BeyondInsight | <23.2 | >=23.2 | SSRF | Accenture | Daniele Montanaro | https://www.beyondtrust.com/trust-center/security-advisories/BT24-05 |
CVE-2024-4020 | 5.3 | BeyondTrust | BeyondTrust BeyondInsight | <23.1 | >=23.1 | Username Enumeration | Accenture | Daniele Montanaro | https://www.beyondtrust.com/trust-center/security-advisories/BT24-06 |
CVE-2024-20938 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU January 2024 | Open Redirection | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2024.html#AppendixEBS |
CVE-2024-20939 | 4.3 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU January 2024 | DOS & CSRF | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2024.html#AppendixEBS |
CVE-2024-20940 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU January 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2024.html#AppendixEBS |
CVE-2024-20941 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU January 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2024.html#AppendixEBS |
CVE-2024-20942 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU January 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2024.html#AppendixEBS |
CVE-2024-20943 | 5.4 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU January 2024 | Stored XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2024.html#AppendixEBS |
CVE-2024-20944 | 5.4 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU January 2024 | Stored XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2024.html#AppendixEBS |
CVE-2024-20947 | 5.4 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU January 2024 | Stored XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2024.html#AppendixEBS |
CVE-2024-20948 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU January 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2024.html#AppendixEBS |
CVE-2024-20949 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU January 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2024.html#AppendixEBS |
CVE-2024-20950 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU January 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2024.html#AppendixEBS |
CVE-2024-20951 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU January 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpujan2024.html#AppendixEBS |
CVE-2024-21016 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21017 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21018 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21019 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21020 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21021 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21022 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21023 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21024 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21025 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21026 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21027 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21028 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21029 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21030 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21031 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21032 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21033 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21034 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21035 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21036 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21037 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21038 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21039 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21040 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21041 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21042 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21043 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21044 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21045 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21046 | 6.1 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | XSS | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
CVE-2024-21086 | 4.3 | Oracle | E-Business Suite | 12.2.3-12.2.13 | CPU April 2024 | CSRF | Accenture | Andrej Šimko | https://www.oracle.com/security-alerts/cpuapri2024.html#AppendixEBS |
Vulnerabilities without CVE assigned:
Vuln ID | Vendor | Software | Affected version(s) | Fixed in | Vulnerability | Company | Reporter | Attribution link | Note |
---|---|---|---|---|---|---|---|---|---|
Mitel 17-0002 | Mitel | MiVoice Conference/Video Phone (UC360) | <2.1.3.12 | 2.1.3.12 | Privilege Escalation / Remote Code Execution Vulnerability in MiVoice Conference/Video Phone (UC360) | Context IS | Tom Moreton | https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-17-0002 | N/A |
Mitel 17-0003 | Mitel | MiVoice Conference/Video Phone (UC360) | <2.1 SP5 (build 2.1.5.4) | 2.1 SP5 (build 2.1.5.4) | Multiple Vulnerabilities in MiVoice Conference/Video Phone (UC360) | Context IS | Tom Moreton | https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-17-0003 | N/A |
N/A | Hyperoptic | ZTE H298N and ZTE H298A | All Hyperoptic ZTE home routers before fixes relased: H298N: V1.1.3_HOP15T2 and H298A: V1.0.25_HOP.1T3 | Patched on 30th April 2018. Updated firmware versions: H298N: V1.1.3_HOP15T2 H298A: V1.0.25_HOP.1T3 |
Hardcoded account allows compromise of all Hyperoptic ZTE home routers | Context IS | Dan Cater | https://www.contextis.com/en/resources/advisories/hyperoptic-zte-home-routers | N/A |
N/A | SAP | API Business Hub Enterprise | < 1.153.x | 1.153.x | SQL Injection | Accenture | Andrej Šimko | https://www.sap.com/documents/2022/02/089613a0-167e-0010-bca6-c68f7e60039b.html (May 2023) | CVE not assigned due to vulnerability being in Cloud and not on-premise solution. As per MITRE rules 7.4.4 |
N/A | Okta | Auth0 | N/A | N/A | Session fixation | Sentor | Laban Sköllermark | https://sentorsecurity.com/blog/vulnerability-disclosure-session-fixation-in-auth0/ | No CVE since cloud product. |
N/A | Okta | Auth0 | N/A | N/A | Authentication bypass | Sentor | Laban Sköllermark | https://sentorsecurity.com/blog/vulnerability-disclosure-authentication-bypass-in-auth0/ | No CVE since cloud product. Coordinated disclosure in progress. |
Fully populated public CVE statistics:
Rating | CVSS3.1 score | CVE count |
---|---|---|
Low | 0.1 - 3.9 | 3 |
Medium | 4.0 - 6.9 | 126 |
High | 7.0 - 8.9 | 155 |
Critical | 9.0 - 10.0 | 22 |
Any | 0.1-10.0 | 306 |
CVEs in RESERVED state:
CVE ID | Vulnerability | Credits |
---|
Other statistics:
Description | Vulnerability count |
---|---|
CVE not assigned | 0 |
CVE reserved | 2 |
CVSS score to be added | 0 |