The vulnerability of the Infrastructure component of the Oracle Banking Liquidity Management management platform allows a hacker to gain unauthorized access to read, create, modify, and delete data, or to cause a service failure.

The vulnerability of Oracle Banking Liquidity Management’s infrastructure component relates to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to read, create, modify, and delete data, or cause...

The vulnerability of the Expenses component in the PeopleSoft Enterprise FIN Expenses business application suite allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Expenses component in the PeopleSoft Enterprise FIN Expenses business application is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information using the...

The vulnerability of the UI and Visualization components of the Oracle Hyperion BI+ service allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the UI and Visualization component of the Oracle Hyperion BI+ service is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

CVE-2024-30124

HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously...

CVE-2024-30124 HCL Sametime is impacted by insecure services

HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously...

CVE-2024-30124

CVE-2024-30124 affects HCL Sametime; an unused legacy REST service was enabled by default over HTTP in the UIM client. The issue allows a local attacker to potentially abuse the service endpoint, with the CVSS indicating Local access, low attack complexity, no privileges, and a LOW availability i...

The vulnerability of the Award Processes component of the procurement management platform Oracle Contract Lifecycle Management for the public sector, which is part of the enterprise automation system Oracle E-Business Suite. This vulnerability allows a perpetrator to gain unauthorized access to create, read, modify, and delete data.

The vulnerability of the Award Processes component of the procurement management platform Oracle Contract Lifecycle Management for the public sector system is related to deficiencies in the authorization mechanism. Exploiting this vulnerability could allow an attacker, operating remotely, to gain...

The vulnerability of the Device Integration component of the Oracle MES for Process Manufacturing software solution, a part of the Oracle E-Business Suite, allows an intruder to gain unauthorized access to create, modify, and delete data.

The vulnerability of the Device Integration component of the Oracle MES for Process Manufacturing software solution, a part of the Oracle E-Business Suite, is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow an attacker, operating remotely, to gai...

The vulnerability of the Compensation Plan component of Oracle Incentive Compensation system for corporate clients allows a violator to gain access to modify, add, and delete data. This component is part of the Oracle E-Business Suite, which automates business operations.

The vulnerability of the Compensation Plan component of Oracle’s corporate client incentive compensation system, Oracle Incentive Compensation OIC, and the Oracle E-Business Suite automation system, is related to deficiencies in the authorization process due to incorrect validation of input data...

The vulnerability of the Core server component of Oracle WebLogic Server allows a attacker to trigger a service failure.

The vulnerability of the Core server component of Oracle WebLogic Server is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures using the HTTP protocol...

CVE-2024-45797 LibHTP's unbounded header handling leads to denial service

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5....

CVE-2024-45797

CVE-2024-45797 affects LibHTP prior to 0.5.49, where unbounded processing of HTTP request/response headers can cause excessive CPU and memory usage, leading to DoS-like slowdowns. The issue is addressed in LibHTP 0.5.49. Public disclosures in Ubuntu USN-7814-1 and Debian DLA-4295-1, and related O...

CVE-2024-45797

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5....

CVE-2024-45797 LibHTP's unbounded header handling leads to denial service

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5....

CVE-2024-45797

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5....

CVE-2024-47789 Credential Leakage Vulnerability

UNSUPPORTED WHEN ASSIGNED This vulnerability exists in D3D Security IP Camera D8801 due to usage of weak authentication scheme of the HTTP header protocol where authorization tag contain a Base-64 encoded username and password. A remote attacker could exploit this vulnerability by crafting a HTTP...

CVE-2024-47789

The CVE-2024-47789 entry concerns D3D Security IP Camera D8801. The vulnerability arises from a weak authentication scheme in the HTTP header protocol, where the authorization tag contains a Base-64 encoded username and password. A remote attacker could exploit this by crafting an HTTP packet, re...

CVE-2024-47789 Credential Leakage Vulnerability

UNSUPPORTED WHEN ASSIGNED This vulnerability exists in D3D Security IP Camera D8801 due to usage of weak authentication scheme of the HTTP header protocol where authorization tag contain a Base-64 encoded username and password. A remote attacker could exploit this vulnerability by crafting a HTTP...

net/http: Denial of service due to improper 100-continue handling in net/http

A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service...

CVE-2024-8890

An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. This fact prevents a secure communication channel from being establish...