{"vulnerability": "CVE-2024-2127", "sightings": [{"uuid": "f536aa68-2b72-4a21-be19-88efcc91f9f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21273", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1414/", "content": "", "creation_timestamp": "2024-10-17T05:00:00.000000Z"}, {"uuid": "39b084ea-1fe2-41a0-bc30-851a8ac19601", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21276", "type": "seen", "source": "https://t.me/cvedetector/7957", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-21276 - Oracle Work in Process HTTP Deserialization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-21276 \nPublished : Oct. 15, 2024, 8:15 p.m. | 30\u00a0minutes ago \nDescription : Vulnerability in the Oracle Work in Process product of Oracle E-Business Suite (component: Messages).  Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Work in Process.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Work in Process accessible data as well as  unauthorized access to critical data or complete access to all Oracle Work in Process accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-15T22:48:07.000000Z"}, {"uuid": "602e0481-4652-401c-af4c-82adf59b68e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21273", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-692/", "content": "", "creation_timestamp": "2025-07-29T03:00:00.000000Z"}, {"uuid": "cb7ea440-0eb6-4569-8797-57b55ca6092e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21273", "type": "seen", "source": "https://t.me/cvedetector/7956", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-21273 - Oracle Virtualization VirtualBox Core Unauthorized Data Access\", \n  \"Content\": \"CVE ID : CVE-2024-21273 \nPublished : Oct. 15, 2024, 8:15 p.m. | 30\u00a0minutes ago \nDescription : Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 7.0.22 and  prior to 7.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). \nSeverity: 6.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-15T22:48:03.000000Z"}, {"uuid": "a34b89a3-20a1-4c4b-8d5a-bcf3f71dda79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21277", "type": "seen", "source": "https://t.me/cvedetector/7955", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-21277 - Oracle MES for Process Manufacturing HTTP Unauthenticated Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-21277 \nPublished : Oct. 15, 2024, 8:15 p.m. | 30\u00a0minutes ago \nDescription : Vulnerability in the Oracle MES for Process Manufacturing product of Oracle E-Business Suite (component: Device Integration).  Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle MES for Process Manufacturing.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle MES for Process Manufacturing accessible data as well as  unauthorized access to critical data or complete access to all Oracle MES for Process Manufacturing accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-15T22:48:02.000000Z"}, {"uuid": "9057afe0-44c7-4b33-8b15-eb593030cb1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21275", "type": "seen", "source": "https://t.me/cvedetector/7954", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-21275 - Oracle E-Business Suite Quoting HTTP Unauthorized Access and Data Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-21275 \nPublished : Oct. 15, 2024, 8:15 p.m. | 30\u00a0minutes ago \nDescription : Vulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: User Interface).  Supported versions that are affected are 12.2.7-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Quoting.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Quoting accessible data as well as  unauthorized access to critical data or complete access to all Oracle Quoting accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-15T22:48:01.000000Z"}, {"uuid": "67da863d-03f7-4c2f-9616-710b81edf53e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21274", "type": "seen", "source": "https://t.me/cvedetector/7953", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-21274 - Oracle WebLogic Server Console HTTP Unauthenticated DOS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-21274 \nPublished : Oct. 15, 2024, 8:15 p.m. | 30\u00a0minutes ago \nDescription : Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).  Supported versions that are affected are 12.2.1.4.0 and  14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-15T22:48:01.000000Z"}, {"uuid": "e0e59b2d-db16-48a3-b869-58e95d5813cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2127", "type": "seen", "source": "https://t.me/ctinow/202790", "content": "https://ift.tt/YGFZN5b\nCVE-2024-2127", "creation_timestamp": "2024-03-07T21:31:57.000000Z"}, {"uuid": "c986061e-52ed-4401-8b14-e9301249654c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21278", "type": "seen", "source": "https://t.me/cvedetector/7948", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-21278 - \"Oracle Contract Lifecycle Management for Public Sector HTTP Unauthorized Data Access and Modification Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-21278 \nPublished : Oct. 15, 2024, 8:15 p.m. | 30\u00a0minutes ago \nDescription : Vulnerability in the Oracle Contract Lifecycle Management for Public Sector product of Oracle E-Business Suite (component: Award Processes).  Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Contract Lifecycle Management for Public Sector.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Contract Lifecycle Management for Public Sector accessible data as well as  unauthorized access to critical data or complete access to all Oracle Contract Lifecycle Management for Public Sector accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-15T22:47:53.000000Z"}, {"uuid": "36ce4e6a-5f6d-45aa-a539-c5ab782deefe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21279", "type": "seen", "source": "https://t.me/cvedetector/7949", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-21279 - Oracle Sourcing Auctions HTTP Unauthorized Access and Data Manipulation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-21279 \nPublished : Oct. 15, 2024, 8:15 p.m. | 30\u00a0minutes ago \nDescription : Vulnerability in the Oracle Sourcing product of Oracle E-Business Suite (component: Auctions).  Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Sourcing.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Sourcing accessible data as well as  unauthorized access to critical data or complete access to all Oracle Sourcing accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-15T22:47:54.000000Z"}, {"uuid": "a63ea58b-8391-4dde-8c0d-471bb76dfb10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21270", "type": "seen", "source": "https://t.me/cvedetector/7961", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-21270 - Oracle E-Business Suite Common Applications Calendar HTTP Task Manipulation arbitrary Data Access\", \n  \"Content\": \"CVE ID : CVE-2024-21270 \nPublished : Oct. 15, 2024, 8:15 p.m. | 30\u00a0minutes ago \nDescription : Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks).  Supported versions that are affected are 12.2.6-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common Applications Calendar.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Common Applications Calendar accessible data as well as  unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-15T22:48:10.000000Z"}, {"uuid": "1afc9f20-4863-45d6-9a29-51a135057158", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2127", "type": "seen", "source": "https://t.me/ctinow/202799", "content": "https://ift.tt/YGFZN5b\nCVE-2024-2127", "creation_timestamp": "2024-03-07T21:32:07.000000Z"}]}