1081 matches found
OESA-2024-1189 varnish security update
This is Varnish Cache, a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x,...
OESA-2024-1169 nodejs security update
Node.js is an open-source, cross-platform, JavaScript runtime environment, it executes JavaScript code outside of a browser. Security Fixes: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the...
OESA-2024-1161 qt5-qtbase security update
This package provides base tools, such as string, xml, and network handling. Security Fixes: An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect...
The vulnerability of the sub-component “Outcome-Result” of the component “Oracle Customer Interaction History” in the Oracle E-Business Suite system, which allows a malicious user to access, modify, add, or delete data.
The vulnerability of the CRM User Management Framework component of the Oracle Customer Interaction History system within the Oracle E-Business Suite relates to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain access to read, modify, add, or...
Amazon Linux 2 : cri-tools (ALAS-2024-2446)
The version of cri-tools installed on the remote host is prior to 1.29.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2446 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read ma...
China-backed Hackers Hijack Software Updates to Implant "NSPX30" Spyware
A previously undocumented China-aligned threat actor has been linked to a set of adversary-in-the-middle AitM attacks that hijack update requests from legitimate software to deliver a sophisticated implant named NSPX30. Slovak cybersecurity firm ESET is tracking the advanced persistent threat APT...
php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP
A vulnerability was found in PHP where the weak randomness affects applications that use SOAP with HTTP Digest authentication against a possibly malicious server over HTTP allows a remote authenticated attackers to cause a stack information leak...
The vulnerability of the Admin Console component of the Oracle CRM system, which manages customer relationships. The Oracle CRM Technical Foundation, a business automation system, and the Oracle E-Business Suite enable a perpetrator to cause service interruptions.
The vulnerability of the Admin Console component of the Oracle CRM system, which manages customer relationships, is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to cause service interruptions using the HTTP network protocol...
The vulnerability of the Login component – SSO of the Oracle Application Object Library – allows a perpetrator to cause a service failure.
The vulnerability of the Login component – SSO in the Oracle Application Object Library exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures using the HTTP protocol...
Fedora: Security Advisory for python-aiohttp (FEDORA-2023-a04cc349e1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for python-aiohttp (FEDORA-2023-1f06098c71)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2024-1235 · Oracle · Oracle Isupport
Name of the Vulnerable Software and Affected Versions: Oracle iSupport versions 12.2.3 through 12.2.13 Description: The issue exists due to insufficient input validation in the Internal Operations component of Oracle iSupport, part of the Oracle E-Business Suite. This allows a remote attacker to...
[SECURITY] Fedora 38 Update: python-aiohttp-3.9.1-1.fc38
Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...
SUSE SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2023:4909-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4909-1 advisory. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security...
CVE-2023-47118
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...
Exploit for CVE-2022-21907
CVE-2022-21907 Vulnerability in HTTP Protocol Stack Enabling R...
[SECURITY] Fedora 39 Update: python-aiohttp-3.8.6-1.fc39
Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...
[SECURITY] Fedora 38 Update: python-aiohttp-3.8.6-1.fc38
Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...
PT-2023-9576 · Oracle · Oracle E-Business Suite +1
Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to weaknesses in the authorization mechanism of the Auctions component in Oracle Sourcing, part of the Oracle E-Business Suite. This can allow a remote...
PT-2023-9840 · Oracle · Peoplesoft Enterprise Peopletools
Name of the Vulnerable Software and Affected Versions: PeopleSoft Enterprise PeopleTools versions 8.59 through 8.61 Description: The issue is related to the Portal component of Oracle PeopleSoft Enterprise PeopleTools, where the structure of web pages is not properly protected. This can be...