Lucene search
K

656 matches found

Positive Technologies
Positive Technologies
added 2024/10/15 12:0 a.m.4 views

PT-2024-9761 · Oracle · Oracle Enterprise Command Center Framework

Name of the Vulnerable Software and Affected Versions: Oracle Enterprise Command Center Framework versions 11 through 13 Description: The issue is related to insufficient input validation in the Diagnostics component of the Oracle Enterprise Command Center Framework. This can be exploited by a...

4.3CVSS7.9AI score0.0043EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/09/23 1:52 a.m.2 views

net/http: Denial of service due to improper 100-continue handling in net/http

A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service...

7.5CVSS7.3AI score0.01414EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2024/09/02 12:0 a.m.3 views

The vulnerability of the Analytics Web Answers component of the Oracle Business Intelligence Enterprise Edition software platform allows a hacker to gain access to modify or add data.

The vulnerability of the Analytics Web Answers component of the Oracle Business Intelligence Enterprise Edition software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access and modify or add data using the HTTP protocol...

5.5CVSS5.9AI score0.00308EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2024/08/28 2:25 a.m.4 views

SUSE CVE-2024-45321

The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers...

8.1CVSS7.8AI score0.00737EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2024/08/14 12:0 a.m.5 views

The vulnerability of the User Management component of the Oracle iStore system, which is used for creating, managing, and personalizing online stores. This vulnerability exists in the Oracle E-Business Suite, a business automation system that allows attackers to gain unauthorized access to protected information.

The vulnerability of the User Management component of the Oracle iStore system, which is used for creating, managing, and personalizing online stores, and of the Oracle E-Business Suite system, which is used for automating business operations, is related to insufficient validation of input data...

5.3CVSS7.4AI score0.00399EPSS
Exploits0References4Affected Software2
RedHat Linux
RedHat Linux
added 2024/07/31 10:23 a.m.5 views

golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service DoS attack...

7.5CVSS7.2AI score0.91969EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2024/07/17 6:49 p.m.6 views

jetty: stop accepting new connections from valid clients

A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file...

7.5CVSS7AI score0.01433EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/07/11 12:0 a.m.3 views

Suricata security breach

Suricata is a suite of network intrusion detection systems IDS, intrusion prevention systems IPS, and network security monitoring engines developed by the Open Information Security Foundation OISF and its supporting vendors, which supports multi-threading, built-in IPv6, and the ability to load...

7.5CVSS6.7AI score0.01172EPSS
Exploits0References7
Elastic
Elastic
added 2024/06/05 8:57 p.m.7 views

Elastic Cloud Enterprise 3.7.1 Security Update (ESA-2024-08)

Elastic Cloud Enterprise - Uncontrolled Resource Consumption through HTTP/2 endpoints - CVE-2023-45288 ESA-2024-08 On April 4, 2024, the Go Project announced CVE-2023-45288, which can lead to CPU exhaustion as an attacker can cause an HTTP/2 endpoint to read arbitrary amounts of header data. In t...

7.5CVSS9.1AI score0.91969EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2024/05/29 1:33 p.m.5 views

golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service DoS attack...

7.5CVSS7.2AI score0.91969EPSS
Exploits1References7
OSV
OSV
added 2024/05/28 8:0 p.m.4 views

CLSA-2024-1716924362 httpd: Fix of CVE-2024-27316

CVE-2024-27316: fix HTTP/2 DoS vulnerability caused by memory exhaustion from endless continuation frames: Incoming headers that exceed limits are buffered in nghttp2 to generate an HTTP 413 response...

7.5CVSS7AI score0.91327EPSS
Exploits2References1
OSV
OSV
added 2024/05/28 7:16 p.m.4 views

CLSA-2024-1716923768 httpd: Fix of CVE-2024-27316

CVE-2024-27316: fix HTTP/2 DoS vulnerability caused by memory exhaustion from endless continuation frames: Incoming headers that exceed limits are buffered in nghttp2 to generate an HTTP 413 response...

7.5CVSS7AI score0.91327EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2024/05/24 12:0 a.m.4 views

The vulnerability of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Systems allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of LOV components in Oracle Complex Maintenance, Repair, and Overhaul systems arises due to insufficient validation of input data. Exploitation of this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP...

6.4CVSS7.2AI score0.00395EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/05/24 12:0 a.m.4 views

The vulnerability of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Systems allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of LOV components in Oracle Complex Maintenance, Repair, and Overhaul systems arises due to insufficient validation of input data. Exploitation of this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP...

6.4CVSS7.2AI score0.00178EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/05/24 12:0 a.m.4 views

The vulnerability of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Systems allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of LOV components in Oracle Complex Maintenance, Repair, and Overhaul systems arises due to insufficient validation of input data. Exploitation of this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP...

6.4CVSS7.2AI score0.00382EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/05/24 12:0 a.m.6 views

The vulnerabilities of LOV components in terms of technical maintenance, repairs, and major system overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems. These systems are part of the Oracle E-Business Suite, allowing attackers to gain access to read, modify, add, or delete data.

The vulnerability of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or...

6.4CVSS7.2AI score0.00395EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/05/24 12:0 a.m.13 views

The vulnerabilities of LOV components in terms of technical maintenance, repairs, and major system overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems. These systems are part of the Oracle E-Business Suite, allowing attackers to gain access to read, modify, add, or delete data.

The vulnerability of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or...

6.4CVSS7.2AI score0.00382EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/05/15 12:0 a.m.6 views

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—a system for automating business operations in Oracle E-Business Suite—allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, ...

6.4CVSS7.2AI score0.00185EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2024/05/13 12:0 a.m.4 views

PT-2024-40775 · Git +1 · Ndpi

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ crash occurred, involving the functions check content type and change protocol, process request, and ndpi check http tcp...

7AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/05/07 10:45 a.m.1 views

golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service DoS attack...

7.5CVSS7.2AI score0.91969EPSS
Exploits1References7
Rows per page
Query Builder