Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

Note: Older vulnerabilities don't have CVSS3.1 score generated, so CVSS2 was used instead.

CVE ID CVSS3.1 score Vendor Software Affected version(s) Fixed in Vulnerability Company Reporter Attribution link
CVE-2001-0710 5.0 NetBSD, FreeBSD NetBSD, FreeBSD NetBSD 1.5 and earlier, FreeBSD 4.3 and earlier 37005 Denial of Service FusionX James Thomas ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-006.txt.asc
CVE-2012-0160 10.0 Microsoft .Net Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 ms12-035 .NET Framework Serialization Vulnerability Context IS James Forshaw https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-035
CVE-2012-0161 10.0 Microsoft .Net Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 ms12-035 .NET Framework Serialization Vulnerability Context IS James Forshaw https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-035
CVE-2014-3524 10.0 LibreOffice Calc <4.3.1 and <4.2.6 4.3.1 and 4.2.6 Command injection when loading Calc spreadsheets under Windows Context IS James Kettle, Rohan Durve https://blog.documentfoundation.org/blog/2014/08/28/libreoffice-4-3-1-fresh-announced/
CVE-2016-1801 7.5 Apple iOS/MacOS iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 iOS 9.3.2, OS X 10.11.5, and tvOS 9.2.1 Information disclosure vulnerability in Proxy Auto-Config Context IS Paul Stone, Alex Chapman https://lists.apple.com/archives/security-announce/2016/May/msg00001.html
CVE-2016-3535 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3 CPU July 2016 XSS Accenture Martin Petráň https://www.oracle.com/security-alerts/cpujul2016.html#AppendixEBS
CVE-2016-3536 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3 CPU July 2016 XSS Accenture Martin Petráň https://www.oracle.com/security-alerts/cpujul2016.html#AppendixEBS
CVE-2016-3763 3.3 Google Android Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 Android 4.4.4, 5.0.2, 5.1.1, and 6.x 2016-07-01 Information disclosure vulnerability in Proxy Auto-Config Context IS Paul Stone, Alex Chapman https://source.android.com/security/bulletin/2016-07-01
CVE-2016-5134 8.8 Google Chrome <52.0.2743.82 52.0.2743.82 URL leakage via PAC script Context IS Paul Stone, Alex Chapman https://chromereleases.googleblog.com/2016/07/stable-channel-update.html
CVE-2016-7086 7.8 Vmware Vmware Workstation Pro + Player <12.5.0 12.5.0 Local privileges escalation in VMware installer Context IS Adam Bridge https://www.vmware.com/security/advisories/VMSA-2016-0014.html
CVE-2016-7742 7.8 Apple MacOS <10.12.2 10.12.2 Opening a maliciously crafted archive may lead to arbitrary code execution Context IS Gareth Evans https://support.apple.com/HT207423
CVE-2016-7988 7.5 Samsung Android KK(4.4), L(5.0/5.1), and M(6.0) SMR-AUG-2016 No Permissions on SET_WIFI Broadcast receiver Context IS Tom Court https://security.samsungmobile.com/securityUpdate.smsb
CVE-2016-7989 7.5 Samsung Android KK(4.4), L(5.0/5.1), and M(6.0) SMR-AUG-2016 Unhandled ArrayIndexOutOfBounds exception in Android Runtime Context IS Tom Court https://security.samsungmobile.com/securityUpdate.smsb
CVE-2016-7990 9.8 Samsung Android KK(4.4), L(5.0/5.1), and M(6.0) SMR-DEC-2016 Integer overflow in libomacp.so Context IS Tom Court https://security.samsungmobile.com/securityUpdate.smsb
CVE-2016-7991 7.5 Samsung Android KK(4.4), L(5.0/5.1), and M(6.0) SMR-DEC-2016 omacp app ignores security fields in OMA CP message Context IS Tom Court https://security.samsungmobile.com/securityUpdate.smsb
CVE-2017-5384 5.9 Mozilla Firefox <51 51 Information disclosure via Proxy Auto-Config (PAC) Context IS Paul Stone, Alex Chapman https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/
CVE-2017-5669 7.8 Linux < v4.17-rc7 v4.17-rc7 Shmat syscall allows null-page protection bypass Context IS Gareth Evans https://bugzilla.kernel.org/show_bug.cgi?id=192931
CVE-2017-8419 7.8 LAME Lame 3.99.5 MP3 <v3.100 v3.100 Multiple stack and heap corruptions from malicious file Context IS Gareth Evans https://sourceforge.net/p/lame/bugs/458/
CVE-2017-9377 8.8 Barco ClickShare Base Units <v1.7.0.3 v1.7.0.3 Command Injection Vulnerability on ClickShare Base Units Context IS Claudio Moletta https://www.barco.com/en/Support/software/R33050037
CVE-2018-3242 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 CPU October 2018 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2018.html#AppendixEBS
CVE-2018-3243 8.2 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 CPU October 2018 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2018.html#AppendixEBS
CVE-2018-3253 8.5 Oracle Virtual Directory 11.1.1.7.0-11.1.1.9.0 CPU October 2018 Read Domain User Password Hashes Accenture Jason Lang https://www.oracle.com/security-alerts/cpuoct2018.html
CVE-2018-3256 4.9 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 CPU October 2018 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2018.html#AppendixEBS
CVE-2018-6492 6.1 MicroFocus HP Network Automation v10.0x, v10.1x, v10.2x, v10.3x, v10.4x, v10.5x MFSBGN03806 Cross-Site Scripting (XSS) Context IS Tilman Bender, Dennis Herrmann and Bastian Kanbach https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014
CVE-2018-6493 8.8 MicroFocus HP Network Automation v10.0x, v10.1x, v10.2x, v10.3x, v10.4x, v10.5x MFSBGN03806 SQL Injection Context IS Tilman Bender, Dennis Herrmann and Bastian Kanbach https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014
CVE-2018-8150 6.5 Microsoft Office Outlook Microsoft Office 2016 Click-to-Run (C2R) 8.5.2018 Security Feature Bypass Atanas Kirilov https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8150
CVE-2018-12939 6.5 steinm SeedDMS <5.1.8 5.1.8 Directory Traversal Context IS Dennis Herrmann and Malte Poll https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG
CVE-2018-12940 8.8 steinm SeedDMS <5.1.8 5.1.8 Unrestricted File Upload Context IS Dennis Herrmann and Malte Poll https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG
CVE-2018-12941 8.8 steinm SeedDMS <5.1.8 5.1.8 Remote Code Execution Context IS Dennis Herrmann and Malte Poll https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG
CVE-2018-12942 8.8 steinm SeedDMS <5.1.8 5.1.8 SQL Injection Context IS Dennis Herrmann and Malte Poll https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG
CVE-2018-12943 6.1 steinm SeedDMS <5.1.8 5.1.8 Cross Site Scripting (XSS) Context IS Dennis Herrmann and Malte Poll https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG
CVE-2018-12944 6.1 steinm SeedDMS <5.1.8 5.1.8 Persistent Cross-Site Scripting (XSS) Context IS Dennis Herrmann and Malte Poll https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG
CVE-2018-15510 6.1 Totemo Totemomail 6.0.0 < 6.0 to build 578 6.0 to build 578 Cross-Site Scripting Context IS Michael Skiba, Andre Waldhoff, Carsten Sandker https://www.contextis.com/en/resources/advisories/cve-2018-15510
CVE-2018-15511 6.1 Totemo Totemomail 6.0.0 < 6.0 to build 578 6.0 to build 578 Cross-Site Scripting Context IS Michael Skiba, Andre Waldhoff, Carsten Sandker https://www.contextis.com/en/resources/advisories/cve-2018-15511
CVE-2018-15512 6.1 Totemo Totemomail 6.0.0 < 6.0 to build 578 6.0 to build 578 Cross-Site Scripting Context IS Michael Skiba, Andre Waldhoff, Carsten Sandker https://www.contextis.com/en/resources/advisories/cve-2018-15512
CVE-2018-15513 5.3 Totemo Totemomail 6.0.0 < 6.0 to build 578 6.0 to build 578 Privilege Escalation Context IS Michael Skiba, Andre Waldhoff, Carsten Sandker https://www.contextis.com/en/resources/advisories/cve-2018-15513
CVE-2018-18379 6.1 Elementor Elementor LTD < 2.0.10 2.0.10 Cross Site Scripting (XSS) Context IS Christopher Vella https://www.contextis.com/en/resources/advisories/cve-2018-18379
CVE-2018-18589 8.0 Microfocus Real User Monitoring (RUM) 9.26IP, 9.30, 9.40 and 9.50 Java Deserialization Input Validation iDefense, Accenture Deapesh Misra https://upport.microfocus.com/kb/kmdoc.php?id=KM03272900
CVE-2019-2400 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS
CVE-2019-2445 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS
CVE-2019-2447 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS
CVE-2019-2470 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS
CVE-2019-2485 4.7 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS
CVE-2019-2491 4.7 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS
CVE-2019-2492 4.7 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS
CVE-2019-2496 4.7 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 Content Spoofing Accenture Andrej Šimko, Deapesh Misra https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS
CVE-2019-2497 8.2 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU January 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2019.html#AppendixEBS
CVE-2019-2551 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2600 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2603 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2604 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2622 4.7 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 Open Redirect Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2639 8.2 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2640 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2641 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2642 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2643 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2651 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2652 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2653 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2654 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2660 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2661 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2662 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2663 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2664 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2665 8.2 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2666 8.2 Oracle E-Business Suite 12.1.1 - 12.1.3, 12.2.3 - 12.2.8 CPU July 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2019.html#AppendixEBS
CVE-2019-2668 8.2 Oracle E-Business Suite 12.1.1 - 12.1.3, 12.2.3 - 12.2.8 CPU July 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2019.html#AppendixEBS
CVE-2019-2669 4.7 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2670 4.7 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2671 8.2 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2672 8.2 Oracle E-Business Suite 12.1.1 - 12.1.3, 12.2.3 - 12.2.8 CPU July 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2019.html#AppendixEBS
CVE-2019-2673 4.7 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2674 4.7 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2675 8.2 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2676 4.7 Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2677 8.2 Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8 CPU April 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixEBS
CVE-2019-2837 8.2 Oracle E-Business Suite 12.1.3, 12.2.3 - 12.2.8 CPU July 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2019.html#AppendixEBS
CVE-2019-2930 4.7 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.8 CPU October 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS
CVE-2019-2990 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU October 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS
CVE-2019-2994 8.2 Oracle E-Business Suite 12.1.1-12.1.3 CPU October 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS
CVE-2019-2995 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU October 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS
CVE-2019-3000 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU October 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS
CVE-2019-3022 5.8 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU October 2019 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS
CVE-2019-3024 4.7 Oracle E-Business Suite 12.2.3-12.2.9 CPU October 2019 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixEBS
CVE-2019-6113 7.5 Onkyo Onkyo TX-NR686 1030-5000-1040-0010 N/A Directory Traversal Context IS Michael Skiba https://www.contextis.com/en/resources/advisories/cve-2019-6113
CVE-2019-9268 5.5 Google Android lmp-mr1, mnc, mnc-mr1, mnc-mr2, nyc, nyc-mr1, nyc-mr2, oc Android 10 Security Release Notes Improper Locking Deja vu Christopher Dombroski https://source.android.com/security/overview/release-acknowledgements
CVE-2019-15746 9.8 BMLV Stammportal SITOS Six <= Build v6.2.1 N/A PHP Command Injection Context IS Dennis Herrmann and Andre Waldhoff https://www.contextis.com/en/resources/advisories/cve-2019-15746
CVE-2019-15747 8.8 BMLV Stammportal SITOS Six <= Build v6.2.1 N/A Privilege Escalation via Client-Side-Source Manipulation Context IS Dennis Herrmann and Andre Waldhoff https://www.contextis.com/en/resources/advisories/cve-2019-15747
CVE-2019-15748 9.8 BMLV Stammportal SITOS Six <= Build v6.2.1 N/A Authorisation Bypass Context IS Dennis Herrmann and Andre Waldhoff https://www.contextis.com/en/resources/advisories/cve-2019-15748
CVE-2019-15749 6.5 BMLV Stammportal SITOS Six <= Build v6.2.1 N/A Account Takeover Context IS Dennis Herrmann and Andre Waldhoff https://www.contextis.com/en/resources/advisories/cve-2019-15749
CVE-2019-15750 6.1 BMLV Stammportal SITOS Six <= Build v6.2.1 N/A Cross-Site-Scripting - Non-Persistent Context IS Dennis Herrmann and Andre Waldhoff https://www.contextis.com/en/resources/advisories/cve-2019-15750
CVE-2019-15751 9.8 BMLV Stammportal SITOS Six <= Build v6.2.1 N/A Unrestricted File Upload via SCORM File Context IS Dennis Herrmann and Andre Waldhoff https://www.contextis.com/en/resources/advisories/cve-2019-15751
CVE-2020-1030 7.8 Microsoft Windows 7/8.1/10, Server 2008/2012/2016/2019 KB(4570333, 4571756, 4574727, 4577015, 4577032, 4577038, 4577041, 4577048, 4577049, 4577051, 4577053, 4577064, 4577066, 4577070, 4577071) Elevation of Privilege Vulnerability FusionX Victor Mata https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1030#ID0EWIAC
CVE-2020-1062 7.5 Microsoft Internet Explorer 9 through 11 11 Internet Explorer Memory Corruption Vulnerability iDefense Rohit Mothe https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1062
CVE-2020-2582 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2596 4.7 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU January 2020 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2597 4.7 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2657 4.7 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU January 2020 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2658 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2661 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2662 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2665 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2667 4.7 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2668 4.7 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2669 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2670 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2671 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2672 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU January 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2020.html#AppendixEBS
CVE-2020-2794 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU April 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixEBS
CVE-2020-2796 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU April 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixEBS
CVE-2020-2813 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU April 2020 XSS Accenture Esteban Morales Montes https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixEBS
CVE-2020-2810 4.7 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU April 2020 Open Redirect Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixEBS
CVE-2020-3369 8.6 CISCO SD-WAN vEdge router 19.2.0, 19.2.097, 19.2.098, 19.2.1 19.2.2, 20.1.1 DoS Maglan Gil Fidel https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fpdos-hORBfd9f
CVE-2020-3385 7.4 CISCO SD-WAN vEdge router SD-WAN vEdge 5000 Series Routers, SD-WAN vEdge Cloud Routers 18.4.5, 19.2.3, 20.1.1 DoS Maglan Gil Fidel https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vedgfpdos-PkqQrnwV
CVE-2020-5825 5.5 Symantec SEP Prior to 14.2 RU2 MP1 (14.2.5569.2100) Upgrade to 14.2 RU2 MP1 (14.2.5569.2100) arbitrary file write vulnerability FusionX Bryan Alexander https://support.broadcom.com/security-advisory/content/0/0/SYMSA1505
https://www.accenture.com/us-en/blogs/cyber-defense/exploiting-arbitrary-file-move-in-symantec-endpoint-protection
CVE-2020-9767 7.8 Zoom Video Communications, Inc Zoom Client for Windows where the Zoom Sharing Service is installed < 5.0.4 5.0.4 Zoom Sharing Service Local Privilege Escalation Context IS Connor Scott https://support.zoom.us/hc/en-us/articles/360044350792-Security-CVE-2020-9767
CVE-2020-13133 6.1 Tufin SecureChange <R19.3 HF3 + <R20.1 HF1 R19.3 HF3 + R20.1 HF1 Stored XSS Accenture Andrej Šimko https://portal.tufin.com/aspx/SecurityAdvisories
CVE-2020-13134 4.8 Tufin SecureChange <R19.3 HF3 + <R20.1 HF1 R19.3 HF3 + R20.1 HF1 Stored XSS Accenture Andrej Šimko https://portal.tufin.com/aspx/SecurityAdvisories
CVE-2020-13407 6.8 Tufin SecureTrack <R20-2 GA R20-2 GA Stored XSS Accenture Andrej Šimko https://portal.tufin.com/aspx/SecurityAdvisories
CVE-2020-13408 6.8 Tufin SecureTrack <R20-2 GA R20-2 GA Stored XSS Accenture Andrej Šimko https://portal.tufin.com/aspx/SecurityAdvisories
CVE-2020-13409 6.8 Tufin SecureTrack <R20-2 GA R20-2 GA Stored XSS Accenture Andrej Šimko https://portal.tufin.com/aspx/SecurityAdvisories
CVE-2020-13418 6.1 OpenIAM OpenIAM 4.1.8 (and possibly other versions in 4.1.x) 4.2.0.3 XSS Accenture Marek Klon http://docs.openiam.com/docs-4.2.0/changelog/1-Release-4.2.0
CVE-2020-13419 5.3 OpenIAM OpenIAM 4.1.8 (and possibly other versions in 4.1.x) 4.2.0.3 Path Traversal Accenture Marek Klon http://docs.openiam.com/docs-4.2.0/changelog/1-Release-4.2.0
CVE-2020-13420 9.8 OpenIAM OpenIAM 4.1.8 (and possibly other versions in 4.1.x) 4.2.0.3 Remote Code Execution Through Groovy Script Accenture Marek Klon http://docs.openiam.com/docs-4.2.0/changelog/1-Release-4.2.0
CVE-2020-13421 9.8 OpenIAM OpenIAM 4.1.8 (and possibly other versions in 4.1.x) 4.2.0.3 Missing role segregation Accenture Marek Klon http://docs.openiam.com/docs-4.2.0/changelog/1-Release-4.2.0
CVE-2020-13422 8.1 OpenIAM OpenIAM 4.1.8 (and possibly other versions in 4.1.x) 4.2.0.3 Privilege escalation Accenture Marek Klon http://docs.openiam.com/docs-4.2.0/changelog/1-Release-4.2.0
CVE-2020-13460 6.3 Tufin SecureTrack <R20-2 GA R20-2 GA CSRF Accenture Andrej Šimko https://portal.tufin.com/aspx/SecurityAdvisories
CVE-2020-13461 4.3 Tufin SecureTrack Not planned to be resolved N/A Username enumeration Accenture Andrej Šimko https://portal.tufin.com/aspx/SecurityAdvisories
CVE-2020-13462 4.3 Tufin SecureChange <R20-2 GA R20-2 GA IDOR Accenture Andrej Šimko https://portal.tufin.com/aspx/SecurityAdvisories
CVE-2020-14534 8.2 Oracle E-Business Suite 12.2.9 CPU July 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS
CVE-2020-14555 4.7 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU July 2020 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS
CVE-2020-14590 2.7 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU July 2020 IP address disclosure Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS
CVE-2020-14657 7.6 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU July 2020 Stored XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS
CVE-2020-14658 9.1 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU July 2020 SQL Injection Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS
CVE-2020-14659 4.7 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU July 2020 Open Redirect Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS
CVE-2020-14660 8.2 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU July 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS
CVE-2020-14661 4.7 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU July 2020 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS
CVE-2020-14665 9.1 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU July 2020 SQL Injection Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS
CVE-2020-14666 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.9 CPU July 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS
CVE-2020-14667 7.6 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU July 2020 Stored XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS
CVE-2020-14679 7.5 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU July 2020 Unauthorized Role Removal Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS
CVE-2020-14688 8.2 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.9 CPU July 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEBS
CVE-2020-14774 7.5 Oracle E-Business Suite 12.1.1 - 12.1.3, 12.2.3 - 12.2.10 CPU October 2020 Chained DoS + CSRF Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixEBS
CVE-2020-14808 8.2 Oracle E-Business Suite 12.1.3, 12.2.3 - 12.2.10 CPU October 2020 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixEBS
CVE-2020-16240 7.5 General Electric APM (Meridium) 4.4.x and earlier 4.5.0 IDOR Accenture Guido Marilli https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-20-04
https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01
CVE-2020-16244 7.2 General Electric APM (Meridium) 4.4.x and earlier 4.5.0 Use of a one-way hash without a salt Accenture Guido Marilli https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-20-04
https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01
CVE-2020-16279 9.8 Rangee GmbH RangeeOS <= 8.0.4 N/A OS Command Injection Context IS Andre Waldhoff and Bastian Kanbach https://www.contextis.com/en/resources/advisories/cve-2020-16279
CVE-2020-16280 5.5 Rangee GmbH RangeeOS <= 8.0.4 N/A Unprotected Storage of Credentials Context IS Andre Waldhoff and Bastian Kanbach https://www.contextis.com/en/resources/advisories/cve-2020-16280
CVE-2020-16281 7.8 Rangee GmbH RangeeOS <= 8.0.4 N/A Restricted Environment Breakout Context IS Andre Waldhoff and Bastian Kanbach https://www.contextis.com/en/resources/advisories/cve-2020-16281
CVE-2020-16282 8.8 Rangee GmbH RangeeOS <= 8.0.4 N/A Execution with Unnecessary Privileges Context IS Andre Waldhoff and Bastian Kanbach https://www.contextis.com/en/resources/advisories/cve-2020-16282
CVE-2020-24662 5.4 SmartStream Technologies Transaction Lifecycle Management (TLM) Reconciliation Premium (RP) <TLM RP 3.1.0 TLM RP 3.1.0 Stored XSS Accenture Klára Szabó N/A
CVE-2020-24663 5.4 Trace Financial Crest Bridge <6.3.0.02 6.3.0.03 Stored XSS Accenture Klára Szabó CREST Bridge Information Bulletin 39 (not public)
CVE-2020-24664 5.4 Hitachi Vantara Pentaho User Console < 7.1.0.25 + < 8.2.0.6 + < 8.3.0.0 GA >= 7.1.0.25 + >= 8.2.0.6 + >= 8.3.0.0 GA Reflected XSS Accenture Andrej Šimko http://www.hitachi.com/hirt/hitachi-sec/2020/601.html
CVE-2020-24665 6.5 Hitachi Vantara Pentaho User Console < 7.1.0.25 + < 8.2.0.6 + < 8.3.0.0 GA >= 7.1.0.25 + >= 8.2.0.6 + >= 8.3.0.0 GA XML Bomb Accenture Andrej Šimko http://www.hitachi.com/hirt/hitachi-sec/2020/601.html
CVE-2020-24666 5.4 Hitachi Vantara Pentaho User Console <7.1.0.23.197 9.1.0.1 Reflected XSS Accenture Stanislav Dusek http://www.hitachi.com/hirt/hitachi-sec/2020/601.html
CVE-2020-24667 8.8 Trace Financial Crest Bridge <6.3.0.02 6.3.0.03 SQL Injection Accenture Lukáš Bandura CREST Bridge Information Bulletin 39 (not public)
CVE-2020-24668 5.4 Trace Financial Crest Bridge <6.3.0.02 6.3.0.03 Stored XSS Accenture Klára Szabó CREST Bridge Information Bulletin 39 (not public)
CVE-2020-24669 4.4 Hitachi Vantara Pentaho User Console < 8.3.0.9 + < 9.0.0.1+ < 9.1.0.0 GA >= 8.3.0.9 + >= 9.0.0.1 + >= 9.1.0.0 GA DOM Based XSS Accenture Klára Szvitková http://www.hitachi.com/hirt/hitachi-sec/2020/601.html
CVE-2020-24670 5.4 Hitachi Vantara Pentaho User Console < 7.1.0.25 + < 8.2.0.6 + < 8.3.0.0 GA >= 7.1.0.25 + >= 8.2.0.6 + >= 8.3.0.0 GA Reflected XSS Accenture Andrej Šimko http://www.hitachi.com/hirt/hitachi-sec/2020/601.html
CVE-2020-24671 8.8 Trace Financial Crest Bridge <6.3.0.02 6.3.0.03 SQL Injection Accenture Klára Szabó CREST Bridge Information Bulletin 39 (not public)
CVE-2020-26255 9.1 Kirby Kirby CMS <=2.5.13, 3.0.0-3.4.4 2.5.14, 3.4.5 Remote Code Execution Context IS Thore Imhof https://github.com/getkirby/kirby/security/advisories/GHSA-g3h8-cg9x-47qw
CVE-2021-2077 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 Open Redirect Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2078 8.2 Oracle E-Business Suite 12.1, 12.2 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2079 8.2 Oracle E-Business Suite 12.1, 12.2 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2080 8.2 Oracle E-Business Suite 12.1, 12.2 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2082 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2083 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2084 8.2 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2085 8.2 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2089 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 Unsafe Event Names Blacklist Bypass Accenture Esteban Morales Montes https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2090 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2091 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2092 8.2 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2093 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2094 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2096 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2097 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2098 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2099 8.2 Oracle E-Business Suite 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2100 9.1 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 SQL Injection Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2101 9.1 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 SQL Injection Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2102 8.2 Oracle E-Business Suite 11.5.10, 12.1, 12.2 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2103 8.2 Oracle E-Business Suite 11.5.10, 12.1, 12.2 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2104 8.2 Oracle E-Business Suite 11.5.10, 12.1, 12.2 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2105 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2106 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2107 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2114 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2115 7.6 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 stored XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2118 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU January 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2021.html#AppendixEBS
CVE-2021-2155 4.3 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 Stored XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2182 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2183 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2184 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2185 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2186 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2187 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2188 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2189 7.5 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 DoS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2190 7.5 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 DoS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2195 8.2 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2198 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2150 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2199 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2200 9.1 Oracle E-Business Suite 12.2.10 CPU April 2021 SQL Injection Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2181 7.6 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.10 CPU April 2021 Stored XSS Accenture Esteban Montes Morales https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2197 8.1 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Torben Capiau https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2205 9.1 Oracle E-Business Suite 12.2.7-12.2.10 CPU April 2021 SQL Injection Accenture Martin Neumann https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2206 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Martin Neumann https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2209 8.5 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 Stored XSS Accenture Martin Neumann https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2210 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU April 2021 XSS Accenture Martin Neumann https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
CVE-2021-2359 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU July 2021 XSS Accenture Martin Neumann https://www.oracle.com/security-alerts/cpujul2021.html#AppendixEBS
CVE-2021-2436 8.2 Oracle E-Business Suite 12.1.1-12.1.3, 12.2.3-12.2.10 CPU July 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujul2021.html#AppendixEBS
CVE-2021-25649 4.9 Avaya Avaya Aura Utility Services 7.x No fix, End of Manufacturer Support Information disclosure FusionX Shelby Spencer and Gerardo Iglesias-Galvan N/A
CVE-2021-25650 7.7 Avaya Avaya Aura Utility Services 7.x No fix, End of Manufacturer Support Privilege escalation FusionX Shelby Spencer and Gerardo Iglesias-Galvan N/A
CVE-2021-25651 8.0 Avaya Avaya Aura Utility Services 7.x No fix, End of Manufacturer Support Privilege escalation FusionX Shelby Spencer and Gerardo Iglesias-Galvan N/A
CVE-2021-25652 4.9 Avaya Avaya Aura Appliance Virtualization Platform Utilities (AVPU) 8.0.0.0 through 8.1.3.1 8.1.3.2 Information disclosure FusionX Shelby Spencer and Gerardo Iglesias-Galvan https://downloads.avaya.com/css/P8/documents/101076479
CVE-2021-25653 8.0 Avaya Avaya Aura Appliance Virtualization Platform Utilities (AVPU) 8.0.0.0 through 8.1.3.1 8.1.3.2 Privilege escalation FusionX Shelby Spencer and Gerardo Iglesias-Galvan https://downloads.avaya.com/css/P8/documents/101076479
CVE-2021-25654 6.2 Avaya Avaya Aura Device Services 7.0 through 8.1.4.0 8.1.4.1 Arbitrary code execution FusionX Shelby Spencer and Gerardo Iglesias-Galvan https://downloads.avaya.com/css/P8/documents/101076523
CVE-2021-31927 4.3 Annex Cloud Loyalty Experience Platform <2021.1.0.1 2021.1.0.2 IDOR Accenture Guillermo Alvarez https://www.annexcloud.com/responsible-disclosure
CVE-2021-31928 8.8 Annex Cloud Loyalty Experience Platform <2021.1.0.1 2021.1.0.2 Privilege Escalation Accenture Guillermo Alvarez https://www.annexcloud.com/responsible-disclosure
CVE-2021-31929 4.3 Annex Cloud Loyalty Experience Platform <2021.1.0.1 2021.1.0.2 Improper Access Control Accenture Guillermo Alvarez https://www.annexcloud.com/responsible-disclosure
CVE-2021-33031 3.1 LABCUP LTD. Labcup <v2_next_18022 v2_next_18032 Improper Access Control Accenture Alberto Chica Nunez N/A
CVE-2021-34483 7.8 Microsoft Windows 7/8.1/10, Server 2008/2012/2016/2019 Windows Print Spooler Elevation of Privilege Vulnerability FusionX Victor Mata https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34483
CVE-2021-35580 6.1 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.10 CPU October 2021 XSS Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2021.html#AppendixEBS
CVE-2021-35581 4.7 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.10 CPU October 2021 Content Spoofing Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2021.html#AppendixEBS
CVE-2021-35582 6.5 Oracle E-Business Suite 12.1.3, 12.2.3-12.2.10 CPU October 2021 CSV Injection Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpuoct2021.html#AppendixEBS
CVE-2021-36958 7.3 Microsoft Windows 7/8.1/10, Server 2008/2012/2016/2019 Windows Print Spooler Remote Code Execution Vulnerability FusionX Victor Mata https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958
CVE-2022-21251 7.5 Oracle E-Business Suite 12.2.3-12.2.11 CPU January 2022 Denial of Service Accenture Andrej Šimko https://www.oracle.com/security-alerts/cpujan2022.html#AppendixEBS
CVE-2022-23706 6.1 Hewlett Packard Enterprise HPE OneView < 7 44697 Stored XSS Maglan Michael Musheev https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04278en_us
CVE-2022-24450 8.8 Synadia Nats.io 2.x to 2.7.1 2.7.2 Unconstrained account assumption by authenticated clients Accenture Victor Mata, Gerardo Iglesias-Galvan https://advisories.nats.io/CVE/CVE-2022-24450.txt
CVE-2022-26146 5.4 Tricentis qTest <10.4 10.4 Stored XSS Accenture Klara Szabo https://support-hub.tricentis.com/open?id=manual&lang=en&path=%2Fqtest%2F10400%2Fen%2Fcontent%2Fqtest_manager%2Frelease_notes%2Fonpremise_release_notes%2Fmanager_10.4.0_onpremise_release_notes.htm&product=qtest&sessionRotationTrigger=true&type=product_manual&version=10.4.2%20On%20Premise
CVE-2022-26413 8.0 Zyxel VMG3312-T20A Firmware + others V530ABFX5C0 44663 OS Command Injection Accenture Martin Petráň https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml
CVE-2022-26414 6.0 Zyxel VMG3312-T20A Firmware + others V530ABFX5C0 44663 Buffer Overflow Accenture Martin Petráň https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml
CVE-2022-26971 5.3 Barco Barco Control Room Management Suite all versions before 3.14.1 44705 Unauthenticated license key update Accenture Murat Aydemir https://www.barco.com/en/support/knowledge-base/KB12681
CVE-2022-26972 6.1 Barco Barco Control Room Management Suite all versions before 3.14.1 44705 Reflected Cross Site Scripting (XSS) Accenture Murat Aydemir https://www.barco.com/en/support/knowledge-base/KB12677
CVE-2022-26973 5.3 Barco Barco Control Room Management Suite all versions before 3.14.1 44705 information disclosure of sensitive information Accenture Murat Aydemir https://www.barco.com/en/support/knowledge-base/KB12678
CVE-2022-26974 6.1 Barco Barco Control Room Management Suite all versions before 3.14.1 44705 Reflected Cross Site Scripting (XSS) Accenture Murat Aydemir https://www.barco.com/en/support/knowledge-base/KB12677
CVE-2022-26975 7.5 Barco Barco Control Room Management Suite all versions before 3.14.1 44705 Unauthenticated access to log files Accenture Murat Aydemir https://www.barco.com/en/support/knowledge-base/KB12677
CVE-2022-26976 5.4 Barco Barco Control Room Management Suite all versions before 3.14.1 44705 Stored Cross Site Scripting (XSS) Accenture Murat Aydemir https://www.barco.com/en/support/knowledge-base/KB12682
CVE-2022-26977 6.1 Barco Barco Control Room Management Suite all versions before 3.14.1 44705 Reflected Cross Site Scripting (XSS) Accenture Murat Aydemir https://www.barco.com/en/support/knowledge-base/KB12683
CVE-2022-26978 6.1 Barco Barco Control Room Management Suite all versions before 3.14.1 44705 Reflected Cross Site Scripting (XSS) Accenture Murat Aydemir https://www.barco.com/en/support/knowledge-base/KB12677
CVE-2022-28357 TBA Synadia Nats.io Nats Server: 2.2.0 up to and including 2.7.4 Nats Streaming Server: 0.15.0 up to and including 0.24.3 44669 Arbitrary file write from the privileged system account FusionX Victor Mata, Gerardo Iglesias-Galvan https://advisories.nats.io/CVE/CVE-2022-28357.txt
CVE-2022-28616 9.8 Hewlett Packard Enterprise HPE OneView < 7 44697 Server-Side Request Forgery Maglan Michael Musheev https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04278en_us
CVE-2022-28617 9.8 Hewlett Packard Enterprise HPE OneView < 7 44697 Security Restrictions Bypass Maglan Michael Musheev https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04278en_us
CVE-2022-31321 9.1 BoltCMS BoltCMS v5.7 and earlier Fix in development Arbitrary Directory Creation and Enumeration Accenture Pratheepan Karthikeyan
CVE-2022-34530 5.3 Backdrop CMS Backdrop CMS <=1.22.0 N/A Username enumeration Accenture Pratheepan Karthikeyan
CVE-2022-35118 6.1 PyroCMS PyroCMS 3.9 and earlier N/A Multiple Stored Cross Site Scripting (XSS) Accenture Pratheepan Karthikeyan
CVE-2023-21806 8.2 Microsoft Power BI Report Server < 15.0.1111.115 KB5023884 (January 2023 update) - v15.0.1111.115 Stored XSS Accenture Andrej Šimko https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21806
CVE-2023-24488 6.1 Citrix ADC and Gateway <13.1-45.61; <13.0-90.11; <12.1-65.35 13.1-45.61 ; 13.0-90.11; 12.1-65.35 XSS Accenture Petr Juhaňák https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488

Vulnerabilities without CVE assigned:

Vuln ID Vendor Software Affected version(s) Fixed in Vulnerability Company Reporter Attribution link Note
Mitel 17-0002 Mitel MiVoice Conference/Video Phone (UC360) <2.1.3.12 2.1.3.12 Privilege Escalation / Remote Code Execution Vulnerability in MiVoice Conference/Video Phone (UC360) Context IS Tom Moreton https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-17-0002 N/A
Mitel 17-0003 Mitel MiVoice Conference/Video Phone (UC360) <2.1 SP5 (build 2.1.5.4) 2.1 SP5 (build 2.1.5.4) Multiple Vulnerabilities in MiVoice Conference/Video Phone (UC360) Context IS Tom Moreton https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-17-0003 N/A
N/A Hyperoptic ZTE H298N and ZTE H298A All Hyperoptic ZTE home routers before fixes relased: H298N: V1.1.3_HOP15T2 and H298A: V1.0.25_HOP.1T3 Patched on 30th April 2018. Updated firmware versions:
H298N: V1.1.3_HOP15T2
H298A: V1.0.25_HOP.1T3
Hardcoded account allows compromise of all Hyperoptic ZTE home routers Context IS Dan Cater https://www.contextis.com/en/resources/advisories/hyperoptic-zte-home-routers N/A
N/A SAP API Business Hub Enterprise < 1.153.x 1.153.x SQL Injection Accenture Andrej Šimko https://www.sap.com/documents/2022/02/089613a0-167e-0010-bca6-c68f7e60039b.html (May 2023) CVE not assigned due to vulnerability being in Cloud and not on-premise solution. As per MITRE rules 7.4.4

Fully populated public CVE statistics:

Rating CVSS3.1 score CVE count
Low 0.1 - 3.9 3
Medium 4.0 - 6.9 80
High 7.0 - 8.9 152
Critical 9.0 - 10.0 20
Any 0.1-10.0 255

Other statistics:

Description Vulnerability count
CVE not assigned 4
CVSS score to be added 1