Lucene search
K

656 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2025-1935

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability was fixed in Firefox 136, Firefox ESR...

4.3CVSS6.6AI score0.00316EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/02/18 12:0 a.m.5 views

The vulnerability of the OSB Core Functionality component of the integration platform for managing, routing, and processing messages between applications and services in Oracle Service Bus (OSB) allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the OSB Core Functionality component of the integration platform for managing, routing, and processing messages between applications and services in Oracle Service Bus is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an...

6.8CVSS7.6AI score0.00557EPSS
Exploits0References3Affected Software1
SUSE Linux
SUSE Linux
added 2025/02/14 3:28 p.m.1 views

Security update for buildah

This update for buildah fixes the following issues: CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of CONTINUATION frames read for an HTTP/2 request in golang.org/x/net/http2. bsc1236531 Patch Instructions: To install this SUSE update use the SUSE...

6.9CVSS6.9AI score0.91969EPSS
Exploits1References4
Microsoft CVE
Microsoft CVE
added 2025/02/14 8:0 a.m.4 views

twisted.web has disordered HTTP pipeline response

...

5.3CVSS5.8AI score0.00766EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2025/02/14 6:11 a.m.6 views

SUSE CVE-2023-45802

When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...

7.5CVSS6.8AI score0.03024EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2025/02/10 1:6 a.m.3 views

waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request

A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...

9.1CVSS5.8AI score0.00496EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2025/02/10 12:0 a.m.4 views

The vulnerability of the eSettlements component of the PeopleSoft Enterprise FIN eSettlements software allows a perpetrator to compromise the confidentiality and integrity of the protected information.

The vulnerability of the eSettlements component of the PeopleSoft Enterprise FIN eSettlements software lies in the deficiencies of the authentication mechanism. Exploiting this vulnerability allows a malicious actor to manipulate the confidentiality and integrity of the protected information...

5.5CVSS7.6AI score0.00262EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/01/29 10:15 p.m.11 views

AZL-56105 CVE-2024-12705 affecting package bind for versions less than 9.20.5-1

Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...

7.5CVSS7.1AI score0.16182EPSS
Exploits0References1
OSV
OSV
added 2025/01/17 2:8 p.m.4 views

OESA-2025-1056 podman security update

Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of...

7.8CVSS8.8AI score0.82813EPSS
Exploits3References9
CNNVD
CNNVD
added 2024/12/18 12:0 a.m.4 views

Envoy Proxy 安全漏洞

Envoy Proxy is a cloud-native, high-performance edge/intermediate/service proxy open-sourced by Envoy Proxy. A security vulnerability exists in Envoy Proxy that stems from an inability to properly handle http responses, which could lead to downstream failures in networked devices...

7.1CVSS6.7AI score0.0061EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2024/12/05 2:26 a.m.3 views

waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request

A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...

9.1CVSS5.8AI score0.00496EPSS
Exploits0References6
OSV
OSV
added 2024/11/22 2:23 p.m.4 views

OESA-2024-2473 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later th...

6.5CVSS7AI score0.0197EPSS
Exploits1References2
OSV
OSV
added 2024/11/12 7:15 p.m.2 views

CVE-2023-47543

An authorization bypass through user-controlled key vulnerability CWE-639 in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests...

8.1CVSS5.8AI score0.00381EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/10/28 12:0 a.m.4 views

The vulnerability of the Reports component of the Oracle Banking Liquidity Management platform allows a hacker to gain full control over the application.

The vulnerability of the Reports component of the Oracle Banking Liquidity Management management platform is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain full control over the application using th...

7.1CVSS7.6AI score0.00325EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/10/28 12:0 a.m.5 views

The vulnerability of the OSB Core Functionality component of the integration platform for managing, routing, and processing messages between applications and services in Oracle Service Bus (OSB) allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the OSB Core Functionality component of the integration platform for managing, routing, and processing messages between applications and services in Oracle Service Bus is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an...

7.8CVSS7.6AI score0.00655EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/10/24 12:0 a.m.4 views

The vulnerability of the XMLPublisher component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a hacker to gain full control over the application.

The vulnerability of the XMLPublisher component in the Oracle PeopleSoft Enterprise PeopleTools business application suite is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain full control over the application using the HTTP protocol...

9CVSS7.6AI score0.0056EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/10/23 12:0 a.m.3 views

The vulnerability of the Console component of the Oracle WebLogic Server application server, a software platform of Oracle Fusion Middleware, allows a perpetrator to cause a service failure.

The vulnerability of the Console component of the Oracle WebLogic Server application server software, part of the Oracle Fusion Middleware platform, relates to improper cleaning or release of resources due to copying of buffers without checking the size of the input data. Exploiting this...

7.8CVSS7.6AI score0.00657EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/23 12:0 a.m.6 views

PT-2024-23198

Name of the Vulnerable Software and Affected Versions HCL Sametime affected versions not specified Description The issue concerns insecure services in-use on the UIM client by default. Specifically, an unused legacy REST service was enabled by default using the HTTP protocol. This could potential...

4CVSS6.5AI score0.00166EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/10/23 12:0 a.m.11 views

The vulnerability of the Auctions component of the Oracle Sourcing supply management platform, a part of the Oracle E-Business Suite, allows a malicious individual to gain unauthorized access to create, modify, and delete data.

The vulnerability of the Auctions component of the Oracle Sourcing supply management platform, part of the Oracle E-Business Suite, is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to...

8.5CVSS7.6AI score0.00436EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/10/21 12:0 a.m.4 views

The vulnerability of the Diagnostics component of the Oracle Applications Manager software, a business automation system for enterprises under the Oracle E-Business Suite, allows an attacker to modify, add, or delete data.

The vulnerability of the Diagnostics component of the Oracle Applications Manager application management tool within the Oracle E-Business Suite relates to deficiencies in the authentication process due to incorrect validation of input data. Exploiting this vulnerability could allow an attacker t...

8.5CVSS7.6AI score0.00435EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder