656 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-1935
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability was fixed in Firefox 136, Firefox ESR...
The vulnerability of the OSB Core Functionality component of the integration platform for managing, routing, and processing messages between applications and services in Oracle Service Bus (OSB) allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the OSB Core Functionality component of the integration platform for managing, routing, and processing messages between applications and services in Oracle Service Bus is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an...
Security update for buildah
This update for buildah fixes the following issues: CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of CONTINUATION frames read for an HTTP/2 request in golang.org/x/net/http2. bsc1236531 Patch Instructions: To install this SUSE update use the SUSE...
twisted.web has disordered HTTP pipeline response
...
SUSE CVE-2023-45802
When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...
waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request
A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...
The vulnerability of the eSettlements component of the PeopleSoft Enterprise FIN eSettlements software allows a perpetrator to compromise the confidentiality and integrity of the protected information.
The vulnerability of the eSettlements component of the PeopleSoft Enterprise FIN eSettlements software lies in the deficiencies of the authentication mechanism. Exploiting this vulnerability allows a malicious actor to manipulate the confidentiality and integrity of the protected information...
AZL-56105 CVE-2024-12705 affecting package bind for versions less than 9.20.5-1
Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...
OESA-2025-1056 podman security update
Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of...
Envoy Proxy 安全漏洞
Envoy Proxy is a cloud-native, high-performance edge/intermediate/service proxy open-sourced by Envoy Proxy. A security vulnerability exists in Envoy Proxy that stems from an inability to properly handle http responses, which could lead to downstream failures in networked devices...
waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request
A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...
OESA-2024-2473 curl security update
cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later th...
CVE-2023-47543
An authorization bypass through user-controlled key vulnerability CWE-639 in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests...
The vulnerability of the Reports component of the Oracle Banking Liquidity Management platform allows a hacker to gain full control over the application.
The vulnerability of the Reports component of the Oracle Banking Liquidity Management management platform is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain full control over the application using th...
The vulnerability of the OSB Core Functionality component of the integration platform for managing, routing, and processing messages between applications and services in Oracle Service Bus (OSB) allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the OSB Core Functionality component of the integration platform for managing, routing, and processing messages between applications and services in Oracle Service Bus is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an...
The vulnerability of the XMLPublisher component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a hacker to gain full control over the application.
The vulnerability of the XMLPublisher component in the Oracle PeopleSoft Enterprise PeopleTools business application suite is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain full control over the application using the HTTP protocol...
The vulnerability of the Console component of the Oracle WebLogic Server application server, a software platform of Oracle Fusion Middleware, allows a perpetrator to cause a service failure.
The vulnerability of the Console component of the Oracle WebLogic Server application server software, part of the Oracle Fusion Middleware platform, relates to improper cleaning or release of resources due to copying of buffers without checking the size of the input data. Exploiting this...
PT-2024-23198
Name of the Vulnerable Software and Affected Versions HCL Sametime affected versions not specified Description The issue concerns insecure services in-use on the UIM client by default. Specifically, an unused legacy REST service was enabled by default using the HTTP protocol. This could potential...
The vulnerability of the Auctions component of the Oracle Sourcing supply management platform, a part of the Oracle E-Business Suite, allows a malicious individual to gain unauthorized access to create, modify, and delete data.
The vulnerability of the Auctions component of the Oracle Sourcing supply management platform, part of the Oracle E-Business Suite, is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to...
The vulnerability of the Diagnostics component of the Oracle Applications Manager software, a business automation system for enterprises under the Oracle E-Business Suite, allows an attacker to modify, add, or delete data.
The vulnerability of the Diagnostics component of the Oracle Applications Manager application management tool within the Oracle E-Business Suite relates to deficiencies in the authentication process due to incorrect validation of input data. Exploiting this vulnerability could allow an attacker t...