The vulnerability of the Libraries component in Oracle Java SE and Java SE Embedded software platforms lies in insufficient validation of input data. This allows attackers to gain unauthorized access to protected information, or to perform actions such as reading, modifying, adding, or deleting data.

The vulnerability of the Libraries component in Oracle Java SE and Java SE Embedded software platforms is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information, or to read, modify, add, or delete...

The vulnerability of the UI & Visualization component of the Oracle Hyperion BI+ service, related to insufficient validation of input data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the UI & visualization component of the Oracle Hyperion BI+ event service is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

The vulnerability of the User Interface component of the Oracle SD-WAN Edge application allows a hacker to gain full control over the application.

The vulnerability of the User Interface component of the Oracle SD-WAN Edge application is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain full control over the application using the HTTP protocol...

The vulnerability of the Analytics Web General component of the Oracle Business Intelligence Enterprise Edition software platform allows a hacker to gain full control over the application.

The vulnerability of the Analytics Web General component of the Oracle Business Intelligence Enterprise Edition software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain full control over the application through the...

The vulnerability of the Analytics Actions component of the Oracle Business Intelligence Enterprise Edition software platform allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the Analytics Actions component of the Oracle Business Intelligence Enterprise Edition software lies in deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain access to read, modify, add, or delete data using the HTTP protocol...

The vulnerability of the User Interface component of the Oracle Financial Services Liquidity Risk Management application allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the User Interface component of the Oracle Financial Services Liquidity Risk Management application is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to read, modify, add, or delete da...

The vulnerability of the Others component in the Oracle iSupport web application allows a attacker to gain read, modify, add, or delete access to data.

The vulnerability of the Others component in the Oracle iSupport web application is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain read, modify, add, or delete access to data using the HTTP protocol...

The vulnerability of the UI Servlet component of the Oracle Configurator allows a attacker to gain access to read, modify, add, or delete data.

The vulnerability of the UI Servlet component of the Oracle Configurator is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP protocol...

The vulnerability of the Message Display component of the Oracle Email Center software allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the Message Display component of the Oracle Email Center messaging software is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to modify, add, or delete data using the HTTP protocol...

The vulnerability of the User Interface component of the Oracle Financial Services Loan Loss Forecasting and Provisioning application allows a hacker to gain access to read, modify, add, or delete data.

The vulnerability of the User Interface component of the Oracle Financial Services Loan Loss Forecasting and Provisioning application is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, or...

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

The vulnerability of the Console component of the Oracle WebLogic Server application server allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Console component of the Oracle WebLogic Server application exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to modify, add, or delete data, or to gain unauthorized access to protected information...

The vulnerability of the Investor Module component of the Primavera Portfolio Management software, a software solution for automating management processes in production operations, allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Investor Module component of Primavera Portfolio Management software exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, or gain unauthorized access to protected...

The vulnerability of the SQL component of the Oracle Database Server system allows attackers to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the SQL component of the Oracle Database Server database management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to modify, add, or delete data, or to gain unauthorized access to protected...

CVE-2020-14611

Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware component: Composer. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter...

PT-2020-3575

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 11.0.7 and 14.0.1 Description The issue is related to insufficient input validation in the Hotspot component of Oracle Java SE. It allows an unauthenticated attacker with network access via multiple protocols to...

envoy: Resource exhaustion via HTTP/2 client requests with large payloads and improper stream windows

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream...

The vulnerability of the Purchasing component in the Oracle PeopleSoft Enterprise SCM Purchasing application allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Purchasing component in Oracle PeopleSoft Enterprise SCM Purchasing is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

The vulnerability of the Information Manager Console component of the Oracle Knowledge business application allows a malicious individual to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Information Manager Console component in the Oracle Knowledge business application, where input data is not thoroughly verified. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data, or to unauthorizedly access protected...

The vulnerability of Oracle Siebel’s EAI and SWSE platform’s UI framework allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of Oracle Siebel UI Framework components is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...