China-backed Hackers Hijack Software Updates to Implant "NSPX30" Spyware

A previously undocumented China-aligned threat actor has been linked to a set of adversary-in-the-middle AitM attacks that hijack update requests from legitimate software to deliver a sophisticated implant named NSPX30. Slovak cybersecurity firm ESET is tracking the advanced persistent threat APT...

php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP

A vulnerability was found in PHP where the weak randomness affects applications that use SOAP with HTTP Digest authentication against a possibly malicious server over HTTP allows a remote authenticated attackers to cause a stack information leak...

The vulnerability of the Admin Console component of the Oracle CRM system, which manages customer relationships. The Oracle CRM Technical Foundation, a business automation system, and the Oracle E-Business Suite enable a perpetrator to cause service interruptions.

The vulnerability of the Admin Console component of the Oracle CRM system, which manages customer relationships, is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to cause service interruptions using the HTTP network protocol...

The vulnerability of the Login component – SSO of the Oracle Application Object Library – allows a perpetrator to cause a service failure.

The vulnerability of the Login component – SSO in the Oracle Application Object Library exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures using the HTTP protocol...

Fedora: Security Advisory for python-aiohttp (FEDORA-2023-a04cc349e1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for python-aiohttp (FEDORA-2023-1f06098c71)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-1235 · Oracle · Oracle Isupport

Name of the Vulnerable Software and Affected Versions: Oracle iSupport versions 12.2.3 through 12.2.13 Description: The issue exists due to insufficient input validation in the Internal Operations component of Oracle iSupport, part of the Oracle E-Business Suite. This allows a remote attacker to...

[SECURITY] Fedora 38 Update: python-aiohttp-3.9.1-1.fc38

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

SUSE SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2023:4909-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4909-1 advisory. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security...

CVE-2023-47118

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...

Exploit for CVE-2022-21907

CVE-2022-21907 Vulnerability in HTTP Protocol Stack Enabling R...

[SECURITY] Fedora 39 Update: python-aiohttp-3.8.6-1.fc39

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

[SECURITY] Fedora 38 Update: python-aiohttp-3.8.6-1.fc38

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

PT-2023-9576 · Oracle · Oracle E-Business Suite +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to weaknesses in the authorization mechanism of the Auctions component in Oracle Sourcing, part of the Oracle E-Business Suite. This can allow a remote...

PT-2023-9840 · Oracle · Peoplesoft Enterprise Peopletools

Name of the Vulnerable Software and Affected Versions: PeopleSoft Enterprise PeopleTools versions 8.59 through 8.61 Description: The issue is related to the Portal component of Oracle PeopleSoft Enterprise PeopleTools, where the structure of web pages is not properly protected. This can be...

SUSE CVE-2023-47641

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...

CVE-2023-47641

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...

AZL-44538 CVE-2023-47641 affecting package python-aiohttp 3.6.2-3

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...

CVE-2023-47641

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...

CVE-2023-47641

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...