The vulnerability of the components of the Oracle Enterprise Command Center Framework allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Diagnostics components of the Oracle Enterprise Command Center Framework is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information through the HTTP network protocol...

Medium: grpc

Issue Overview: It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This occu...

[SECURITY] Fedora 41 Update: python-aiohttp-3.10.5-3.fc41

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

PT-2024-41474 · Hikvision · Ds-2Cd1Xxxg0 +11

Уязвимость реализации протокола HTTP служб DynDNS и NO-IP микропрограммного обеспечения IP-камер Hikvision связана с передачей конфиденциальной информации в незашифрованном виде. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить атаку типа «человек посередине»...

The vulnerability of the Infrastructure component of the Oracle Banking Liquidity Management management platform allows a hacker to gain unauthorized access to read, create, modify, and delete data, or to cause a service failure.

The vulnerability of Oracle Banking Liquidity Management’s infrastructure component relates to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to read, create, modify, and delete data, or cause...

The vulnerability of the Expenses component in the PeopleSoft Enterprise FIN Expenses business application suite allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Expenses component in the PeopleSoft Enterprise FIN Expenses business application is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information using the...

The vulnerability of the UI and Visualization components of the Oracle Hyperion BI+ service allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the UI and Visualization component of the Oracle Hyperion BI+ service is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

CVE-2024-30124

HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously...

CVE-2024-30124 HCL Sametime is impacted by insecure services

HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously...

CVE-2024-30124

CVE-2024-30124 affects HCL Sametime; an unused legacy REST service was enabled by default over HTTP in the UIM client. The issue allows a local attacker to potentially abuse the service endpoint, with the CVSS indicating Local access, low attack complexity, no privileges, and a LOW availability i...

The vulnerability of the Device Integration component of the Oracle MES for Process Manufacturing software solution, a part of the Oracle E-Business Suite, allows an intruder to gain unauthorized access to create, modify, and delete data.

The vulnerability of the Device Integration component of the Oracle MES for Process Manufacturing software solution, a part of the Oracle E-Business Suite, is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow an attacker, operating remotely, to gai...

The vulnerability of the Award Processes component of the procurement management platform Oracle Contract Lifecycle Management for the public sector, which is part of the enterprise automation system Oracle E-Business Suite. This vulnerability allows a perpetrator to gain unauthorized access to create, read, modify, and delete data.

The vulnerability of the Award Processes component of the procurement management platform Oracle Contract Lifecycle Management for the public sector system is related to deficiencies in the authorization mechanism. Exploiting this vulnerability could allow an attacker, operating remotely, to gain...

The vulnerability of the Compensation Plan component of Oracle Incentive Compensation system for corporate clients allows a violator to gain access to modify, add, and delete data. This component is part of the Oracle E-Business Suite, which automates business operations.

The vulnerability of the Compensation Plan component of Oracle’s corporate client incentive compensation system, Oracle Incentive Compensation OIC, and the Oracle E-Business Suite automation system, is related to deficiencies in the authorization process due to incorrect validation of input data...

The vulnerability of the Core server component of Oracle WebLogic Server allows a attacker to trigger a service failure.

The vulnerability of the Core server component of Oracle WebLogic Server is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures using the HTTP protocol...

CVE-2024-45797

CVE-2024-45797 affects LibHTP prior to 0.5.49, where unbounded processing of HTTP request/response headers can cause excessive CPU and memory usage, leading to DoS-like slowdowns. The issue is addressed in LibHTP 0.5.49. Public disclosures in Ubuntu USN-7814-1 and Debian DLA-4295-1, and related O...

CVE-2024-45797

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5....

CVE-2024-45797 LibHTP's unbounded header handling leads to denial service

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5....

CVE-2024-45797

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5....

CVE-2024-45797 LibHTP's unbounded header handling leads to denial service

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5....

CVE-2024-47789 Credential Leakage Vulnerability

UNSUPPORTED WHEN ASSIGNED This vulnerability exists in D3D Security IP Camera D8801 due to usage of weak authentication scheme of the HTTP header protocol where authorization tag contain a Base-64 encoded username and password. A remote attacker could exploit this vulnerability by crafting a HTTP...