Oracle Fusion Middleware Security Vulnerability

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle USA. The platform provides middleware, software collections, and other capabilities. A security vulnerability exists in Oracle WebCenter Content version...

ai.aletyx.kogito:aletyx-kogito-ai-addons-quarkus-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-quarkus-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +1898 more potentially affected by CVE-2023-4853 via io.quarkus:quarkus-vertx-http (>=3.0.0.Alpha1 <=3.2.5.Final)

io.quarkus:quarkus-vertx-http MAVEN version =3.0.0.Alpha1, =0.1.0, =0.1.0, =0.0.2, =0.1.1, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.10 and more Source cves: CVE-2023-4853 Source advisory: OSV:GHSA-4F4R-WGV2-JJVG...

CVE-2023-40924

creationtimestamp| type| source ---|---|--- 2023-09-08 16:19:35+00:00| seen| https://t.me/cibsecurity/70144 2026-04-06 09:57:24+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2023/CVE-2023-40924.yaml 2026-04-07 21:03:06+00:00| seen|...

CVE-2022-35748

HTTP.sys Denial of Service Vulnerability...

CVE-2023-31193

Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Because they do not use HTTPS, OvrC Pro devices are susceptible to exploitation...

CVE-2023-29530 Laminas Diactoros vulnerable to HTTP Multiline Header Termination

Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value...

curl security update

7.76.1-19.el91.2 - fix HTTP multi-header compression denial of service CVE-2023-23916...

Rogue NuGet Packages Infect .NET Developers with Crypto-Stealing Malware

The NuGet repository is the target of a new "sophisticated and highly-malicious attack" aiming to infect .NET developer systems with cryptocurrency stealer malware. The 13 rogue packages, which were downloaded more than 160,000 times over the past month, have since been taken down. "The packages...

Oracle Linux 9 : httpd (ELSA-2023-0970)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0970 advisory. - Resolves: 2165970 - CVE-2006-20001 httpd: moddav: out-of-bounds read/write of zero byte - Resolves: 2165973 - CVE-2022-37436 httpd: modproxy: HTTP...

Allocation of Resources Without Limits or Throttling

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder,...

SUSE CVE-2016-2216

The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as...

SUSE CVE-2019-13114

http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service crash due to a NULL pointer dereference by returning a crafted response that lacks a space character...

PT-2023-7635 · Oracle · Oracle Isupplier Portal +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.6 through 12.2.8 Description: The issue is related to the Oracle iSupplier Portal product, specifically the Supplier Management component. It allows an unauthenticated attacker with network access via HTT...

PT-2022-7291

Name of the Vulnerable Software and Affected Versions net/http versions prior to the fixed version Description The issue is related to the net/http package in the Go programming language, which is vulnerable to excessive memory growth due to unbounded resource allocation. An attacker can cause th...

Design/Logic Flaw

Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT...

AlmaLinux 8 : container-tools:3.0 (ALSA-2022:7529)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7529 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 cri-o: memory exhaustion on the node when access to the kube api...

Oracle E-Business Suite 访问控制错误漏洞

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle Web...

CVE-2022-21587

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite component: Upload. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web...

Reverse Shell Commands Over HTTP Payload (CVE-2022-29078)

A reverse shell command Injection over HTTP vulnerability has been reported. A remote attacker can exploit this issue by sending a specially crafted request to the victim. Successful exploitation would allow an attacker to execute arbitrary code on the target machine...

Infinite loop

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Infinite loop. Go Vulnerability Report: HTTP/2 server connections can hang forever waiting for a clean shutdown that was preempted by a fatal error. This condition can be...