ALPINE-CVE-2019-9514

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RSTSTREAM frames from the peer. Depending on how the peer queues the...

UBUNTU-CVE-2019-9516

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory fo...

Oracle Sun Systems Products Suite Sun ZFS Storage Appliance Kit Component Access Control Error Vulnerability

Oracle Sun Systems Products Suite is a suite of Sun systems products from Oracle Corporation.Sun ZFS Storage Appliance Kit AK is one of the ZFS storage appliance kits. A security vulnerability exists in the HTTP data path subsystems subcomponent of the Sun ZFS Storage AK component version 8.8.3 i...

The vulnerability of the WLS component – the deployment server of Oracle WebLogic Server – allows a perpetrator to modify protected data.

The vulnerability of the WLS component – the deployment of Oracle WebLogic Server applications – is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to remotely gain access to modify, add, or delete protected data through HTTP requests...

The vulnerability of the Java Server Faces component of the Oracle GlassFish Server software platform allows a perpetrator to gain unauthorized access to data.

The vulnerability of the Java Server Faces component of the Oracle GlassFish Server is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain unauthorized access to data using the HTTP protocol...

The vulnerability of the Fluid Core component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a malicious individual to gain unauthorized access to protected data.

The vulnerability of the Fluid Core component in the Oracle PeopleSoft Enterprise PeopleTools business application suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected data using the...

The vulnerability of the Oracle User Management component of the Oracle E-Business Suite automation system allows a perpetrator to gain access to protected information.

The vulnerability of the Oracle User Management component in the Oracle E-Business Suite automation system is related to insufficient access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to protected information using the HTTP protocol...

The vulnerability of the Partner Detail sub-component of the Oracle Partner Management component in the Oracle E-Business Suite allows a malicious actor to gain access to modify, add, or delete data.

The vulnerability of the Partner Detail sub-component of the Oracle Partner Management component in the Oracle E-Business Suite is related to code errors. Exploiting this vulnerability may allow an attacker, operating remotely, to gain access to modify, add, or delete data using the HTTP protocol...

Apache HTTP Server Denial of Service Vulnerability

Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in the HTTP/2 modhttp2 connection for httpd in Apache HTTP Server versions 2.4.17 through...

The vulnerability in the implementation of TCP sockets in Cisco IOS and Cisco IOS XE operating systems allows a hacker to trigger a device reboot and a service failure.

The vulnerability of TCP socket implementations in Cisco IOS and Cisco IOS XE systems is related to state management errors. Exploiting this vulnerability can allow a malicious actor to trigger a device reboot and a service failure by sending specially crafted HTTP packets...

NEC Aterm WG1200HP Operating System Command Injection Vulnerability

The NEC Aterm WG1200HP is a wireless router from Nippon Electric NEC. An operating system command injection vulnerability exists in the NEC Aterm WG1200HP using firmware version 1.0.31 and earlier. An attacker can exploit this vulnerability to execute arbitrary operating system commands via HTTP...

nginx: Excessive CPU usage via flaw in HTTP/2 implementation

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuration file...

The vulnerability of the Process Analysis & Discovery component of the Business Process Management Suite allows a perpetrator to gain unauthorized access to protected data.

The vulnerability of the Process Analysis & Discovery component in the Business Process Management Suite is related to lack of access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected data using the HTTP protocol...

Junos OS: SRX Series: Credentials exposed when using HTTP and HTTPS Firewall Pass-through User Authentication

When an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials in the initial HTTP/HTTPS session is at risk that these credentials may be captured during follow-on HTTP/HTTPS requests by a malicious actor through a...

msystem Remote Code Execution Vulnerability

msystem is a package used in Node.js for downloading and installing the MyStem morphological text analyzer. A security vulnerability exists in msystem that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing...

Unspecified vulnerability in pk-app-wonderbox

pk-app-wonderbox is an app that integrates wonderbox and pillakloud. A security vulnerability exists in pk-app-wonderbox that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the respons...

CVE-2018-0956

A denial of service vulnerability exists in the HTTP 2.0 protocol stack HTTP.sys when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...

Embedthis Software Appweb Embedthis HTTP Library Authentication Bypass Vulnerability

Embedthis Software AppWeb is a fast and small web server from Embedthis Software, USA, which is mainly used for embedded applications, devices and web services with support for security defense policies, digest authentication, virtual hosting, etc. HTTP library is one of the HTTP libraries. The...

UBUNTU-CVE-2015-5206

Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168...

UBUNTU-CVE-2017-5446

An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...