The vulnerability of the Management Console component in the Oracle Cloud Infrastructure Storage Gateway allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Management Console component in Oracle Cloud Infrastructure Storage Gateway is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information throu...

The vulnerability of the UI Framework component of the Enterprise Manager Base Platform allows a perpetrator to gain access to read data or modify data.

The vulnerability of the UI Framework component of the Enterprise Manager Base Platform exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read data or to modify, add, or delete data through HTTP requests...

CVE-2021-22679

The affected product is vulnerable to an integer overflow while processing HTTP headers, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK...

Mozilla: Secure Lock icon could have been spoofed

Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

Oracle E-Business Suite Oracle Trade Management Quotes 安全漏洞

Oracle E-Business Suite is an extension of the original Application ERP, including ERP Enterprise Resource Planning, HR Human Resource Management, CRM Customer Relationship Management and so on, a collection of management software, is seamlessly integrated with a management suite.Oracle Trade...

UBUNTU-CVE-2021-21295

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a...

tomcat: HTTP/2 request header mix-up

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this...

The vulnerability of the Miscellaneous component of the Oracle Scripting environment for creating and processing scripts allows a malicious individual to gain unauthorized access to protected information or to read, add, or delete data.

The vulnerability of the Miscellaneous component of the Oracle Scripting environment for creating and processing scripts is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information or...

tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become...

Rust Code Injection Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust hyper crate before 0.12.34, which stems from the possibility of HTTP request smuggling. In some cases, remote code can be executed using an HTTP server on a loopback...

The vulnerability of the Core component of the Oracle Banking Corporate Lending software allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Core component of the Oracle Banking Corporate Lending software lies in insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information via the HTTP network protocol...

The vulnerability of the Oracle Application Express Quick Poll component of the Oracle Database Server database management system allows attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the Oracle Application Express Quick Poll component of the Oracle Database Server management system exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality and integrity of the protected informati...

Oracle Retail Customer Management and Segmentation Foundation Promotions Unauthorized Access Vulnerability

Oracle Retail Customer Management and Segmentation Foundation is a retail customer management component from Oracle. This component is responsible for customer management and segmentation. An unauthorized access vulnerability exists in Oracle Retail Customer Management and Segmentation Foundation...

IBM DataPower Gateway Denial of Service Vulnerability (CNVD-2020-54936)

IBM DataPower Gateway is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and optimizes access across...

The vulnerability of the Oracle Security Service software, which arises due to insufficient validation of input data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Oracle Security Service software exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information using the HTTPS protocol...

Ubiquiti Networks EdgeSwitch Operating System Command Injection Vulnerability

The Ubiquiti Networks EdgeSwitch is a Gigabit network switch device from Ubiquiti Networks, Inc. A command injection vulnerability exists in the Ubiquiti Networks EdgeSwitch using firmware version v1.9.0. The vulnerability can be exploited to execute arbitrary shell commands with elevated...

HTTP/2: flood using SETTINGS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

HTTP Request Smuggling

Overview reel is a fast, non-blocking "evented" web server built on httpparser.rb, websocket-driver, Celluloid::IO, and nio4r. Note: This project is deprecated, and is not maintained anymore. Affected versions of this package are vulnerable to HTTP Request Smuggling. HTTP pipelining issues and...

DEBIAN-CVE-2020-9481

Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack...