Astra Linux - уязвимость в golang-1.19

A malicious HTTP sender can use chunk extensions to cause the recipient reading from the request or response body to read much more bytes from the network than actually exist in the body. A malicious HTTP client can further exploit this to cause the server to automatically read a large amount of...

PT-2026-37831

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK: 17.0.14, 21.0.6, 24; Oracle...

Oracle Health Sciences Applications security vulnerabilities

Oracle Health Sciences Applications is a clinical research and development solution developed by Oracle Corporation for the healthcare industry in the United States. The version 7.0.1.0 of Oracle Life Sciences Central Coding in Oracle Health Sciences Applications contains a security vulnerability...

Oracle Health Sciences Applications security vulnerabilities

Oracle Health Sciences Applications is a clinical research and development solution developed by Oracle Corporation for the healthcare industry in the United States. Version 7.0.1.0 of Oracle Life Sciences Central Designer in Oracle Health Sciences Applications contains a security vulnerability...

Oracle Hospitality Applications security vulnerabilities

Oracle Hospitality Applications is a set of business applications, servers, and storage solutions for hotel management developed by Oracle Corporation in the United States. This product offers features such as human resources cost management and tracking of services provided throughout customers’...

CVE-2021-2158

Vulnerability in the Hyperion Financial Management product of Oracle Hyperion component: Task Automation. The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Management...

mysql: Client: mysqldump unspecified vulnerability (CPU Apr 2024)

A flaw was found in the MySQL Server product of Oracle MySQL component: Client: mysqldump. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can resul...

CVE-2025-58408

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger reads of stale data that can lead to kernel exceptions and write use-after-free. The Use After Free common weakness enumeration was chosen as the stale data can include handles to resources in whi...

Oracle Java SE 安全漏洞

Oracle Java SE is a U.S. Oracle Corporation for the development and deployment of Java applications for desktops, servers, and embedded devices and real-time environments. A security vulnerability exists in Oracle GraalVM for JDK versions 17.0.16 and 21.0.8 for Oracle Java SE, which stems from a...

Oracle Financial Services Applications 安全漏洞

Oracle Financial Services Applications is a suite of financial services software from Oracle Corporation USA. The product includes core banking, online banking, and estate management. A security vulnerability exists in Oracle Financial Services Analytical Applications Infrastructure versions...

Broadcom Unified Infrastructure Management 安全漏洞

Broadcom Unified Infrastructure Management is an IT infrastructure monitoring and management platform from Broadcom, Inc. A security vulnerability exists in Broadcom Unified Infrastructure Management that stems from improper handling of access control lists for robotic components, which could...

CVE-2025-30745

Vulnerability in the Oracle MES for Process Manufacturing product of Oracle E-Business Suite component: Device Integration. Supported versions that are affected are 12.2.12-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

Oracle Fusion Middleware 授权问题漏洞

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle. The platform provides middleware, software collection, etc. WebLogic Server is one of the application server components for cloud and traditional...

CVE-2021-35665

Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion component: Repository. The supported version that is affected is 11.2.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Financial Reporting...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the omission of the last block of data from the icegetmoduleeeprom function, which could result in an...

mysql: Client: mysqldump unspecified vulnerability (CPU Apr 2024)

A flaw was found in the MySQL Server product of Oracle MySQL component: Client: mysqldump. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can resul...

Oracle MySQL 安全漏洞

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL version 9.1.0 and prior versions. An attacker can use this vulnerability to create, delete, or modify...

Oracle JD Edwards Products 跨站请求伪造漏洞

Oracle JD Edwards Products is a fully integrated suite of enterprise resource planning ERP applications from Oracle Corporation. The products provide application modules for financial management, project management, and asset lifecycle management.JD Edwards EnterpriseOne Tools is one of the...

Medium: amazon-ecr-credential-helper

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

Medium: cni-plugins

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...