PT-2022-23130 · Unknown · Reactphp Http

Name of the Vulnerable Software and Affected Versions: ReactPHP HTTP versions 0.7.0 through 1.7.0 Description: The issue arises when ReactPHP's HTTP server component processes incoming HTTP cookie values, url-decoding the cookie names. This can lead to confusion between cookies with prefixes like...

Use-After-Free

connman is vulnerable to use-after-free. A WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to an application crash or code execution...

CVE-2022-20896 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

The vulnerability of the E-Business Suite component XDO, a reporting tool within the Oracle BI Publisher software from Oracle Fusion Middleware, allows an intruder to gain unauthorized access to protected information.

The vulnerability of the E-Business Suite component XDO, a reporting tool within the Oracle BI Publisher software from Oracle Fusion Middleware, is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized...

cn.jque:jque-common (>=2022.06-24 <=2022.08.17_23), cn.wekture:fastapi-base (=0.0.1) +112 more potentially affected by CVE-2022-29631 via org.jodd:jodd-http (>=5.0.0 <=6.0.6)

org.jodd:jodd-http MAVEN version =5.0.0, =2022.06-24, =1.0.3, =1.0.3, =1.0.3, =1.0.2, =1.0.1, =3.7.9.B, =3.7.9.B, =3.7.9.B, =3.7.9.B, =4.3.5.B and more Source cves: CVE-2022-29631 Source advisory: OSV:GHSA-PP3C-CF6J-M3FF...

CVE-2021-29854

IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the...

The vulnerability of the HTTP library for Rust Hyper, related to shortcomings in HTTP request processing, allows attackers to compromise data integrity.

The vulnerability of the HTTP library for Rust Hyper relates to the improper handling of requests with a “+” prefix in the Content-Length header. Exploiting this vulnerability allows an attacker to compromise data integrity...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1345)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ai.foxpay.api:foxpay-sdk (>=1.0 <=1.1), ai.genauth:genauth-java-sdk (=3.1.11) +261 more potentially affected by CVE-2022-22885 via cn.hutool:hutool-http (>=4.0.12 <=5.7.18)

cn.hutool:hutool-http MAVEN version =4.0.12, =1.0, =2.4.3, =2.4.3, =2.4.3, =2.4.3, =2.4.3, =2.4.3, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.3, =2.0.5, =3.0.2 and more Source cves: CVE-2022-22885 Source advisory: OSV:GHSA-P7W9-8MXW-P3G7...

CVE-2022-21390

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications component: Webservices Manager. Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network...

Oracle Construction and Engineering Suite 输入验证错误漏洞

Oracle Construction and Engineering Suite is a portfolio management solution suite product for construction projects from Oracle Corporation. A security vulnerability in Oracle Construction and Engineering Suite's Primavera Portfolio Management product could allow an unauthenticated attacker to...

CVE-2021-3965

Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management, and other functions. A security vulnerability exists in the Oracle Mobile...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2021-2527)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to...

F5 Networks BIG-IP : BIG-IP HTTP vulnerability (K93231374)

The version of F5 Networks BIG-IP installed on the remote host is prior to 12.1.6 / 13.1.4 / 14.1.4 / 15.1.3 / 16.0.1.2 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K93231374 advisory. - On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before...

CVE-2021-3003

Agenzia delle Entrate Desktop Telematico 1.0.0 contacts the jws.agenziaentrate.it server over cleartext HTTP, which allows man-in-the-middle attackers to spoof product updates...

CVE-2021-2288

Vulnerability in the Oracle Bills of Material product of Oracle E-Business Suite component: Bill Issues. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Bills of Material...

CVE-2021-2195

Vulnerability in the Oracle Partner Management product of Oracle E-Business Suite component: Attribute Admin Setup. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...

CVE-2021-2188

Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: Shopping Cart. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore...

KZTech / JatonTec / Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated) Vulnerabilit

Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection Authenticated Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page:...