Lucene search
K

656 matches found

OSV
OSV
added 2024/04/16 10:15 p.m.5 views

CVE-2024-21083

Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: Script Engine. Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle BI Publisher...

7.2CVSS7.1AI score0.00684EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/16 12:0 a.m.7 views

PT-2024-4899 · Oracle · Oracle Bi Publisher

Name of the Vulnerable Software and Affected Versions: Oracle BI Publisher versions 7.0.0.0.0 and 12.2.1.4.0 Description: The issue is related to insufficient access control in the Service Gateway component of Oracle BI Publisher, allowing an unauthenticated attacker with network access via HTTP ...

5.8CVSS6.7AI score0.00437EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/04/15 12:0 a.m.6 views

The vulnerability of the `fetch()` function in HTTP/1.1 of the Node.js software platform allows a attacker to cause a service failure.

The vulnerability of the fetch function in HTTP/1.1 in Node.js software platforms is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a remote attacker to cause service failures...

7.8CVSS6.6AI score0.007EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/04/09 2:16 p.m.4 views

CLSA-2024-1712672178 curl: Fix of CVE-2024-2398

CVE-2024-2398: http2: push headers better cleanup...

8.6CVSS6.9AI score0.36081EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 9:15 p.m.5 views

AZL-39004 CVE-2023-45288 affecting package helm for versions less than 3.15.2-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS7AI score0.91969EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 3:15 p.m.4 views

UBUNTU-CVE-2024-28871

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available...

7.5CVSS7.1AI score0.00841EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/04/03 12:0 a.m.3 views

PT-2024-40495 · Unknown · Amphp/Http +1

Name of the Vulnerable Software and Affected Versions: amphp/http-client versions 4.0.0-rc10 through 4.0.0 Description: The issue affects early versions of amphp/http-client with HTTP/2 support, causing the collection of HTTP/2 CONTINUATION frames in an unbounded buffer. This occurs because the...

8.2CVSS7.3AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/03/26 12:18 p.m.1 views

squid: Denial of Service in HTTP Chunked Decoding

A flaw was found in Squid. This issue may allow a remote attacker to trigger an uncontrolled recursion bug when sending a specially crafted, chunked, encoded HTTP Message, resulting in a denial of service...

8.6CVSS5.8AI score0.65254EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/02/27 10:49 p.m.3 views

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References9
OSV
OSV
added 2024/02/23 11:6 a.m.7 views

OESA-2024-1171 nodejs security update

Node.js is an open-source, cross-platform, JavaScript runtime environment, it executes JavaScript code outside of a browser. Security Fixes: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the...

7.5CVSS8.2AI score0.99999EPSS
Exploits19References2
OSV
OSV
added 2024/02/17 2:15 a.m.6 views

CVE-2023-21833

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Object Store. The supported version that is affected is 8.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit...

4.3CVSS7.3AI score0.00375EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/02/12 8:44 a.m.1 views

squid: DoS against HTTP and HTTPS

A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk...

7.5CVSS5.7AI score0.05229EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/01/24 12:0 a.m.6 views

Vulnerability of the sub-component: Engineering Change Order for the Oracle Installed Base component of the Oracle E-Business Suite. This component allows an attacker to read, modify, add, or delete data.

The vulnerability of the Engineering Change Order component of the Oracle Installed Base system, a component of the Oracle E-Business Suite, relates to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain access to read, modify, add, or delete data...

5.5CVSS6.6AI score0.0034EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/01/24 12:0 a.m.7 views

The vulnerability of the sub-component “Outcome-Result” of the component “Oracle Customer Interaction History” in the Oracle E-Business Suite system, which allows a malicious user to access, modify, add, or delete data.

The vulnerability of the CRM User Management Framework component of the Oracle Customer Interaction History system within the Oracle E-Business Suite relates to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain access to read, modify, add, or...

6.4CVSS6.8AI score0.00342EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/01/24 12:0 a.m.5 views

The vulnerability of the Setup sub-component, part of the Admin component in Oracle Knowledge Management, a system for automating business processes within the Oracle E-Business Suite, allows an attacker to gain access to read, modify, add, or delete data.

The vulnerability of the Setup sub-component and the Admin component of Oracle Knowledge Management, a system for automating business processes within the Oracle E-Business Suite, exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating...

6.4CVSS6.6AI score0.00269EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/01/24 12:0 a.m.4 views

The vulnerability of the HTML UI component of the Oracle Installed Base information storage center in the Oracle E-Business Suite allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the HTML UI component of the Oracle Installed Base information storage center in the Oracle E-Business Suite relates to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to read, modify, add, or delete data using the HTT...

6.4CVSS6.8AI score0.00361EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.4 views

PT-2024-1212 · Oracle · Oracle E-Business Suite

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the CRM User Management Framework component of Oracle Common Applications in Oracle E-Business Suite. This can be...

6.4CVSS7.5AI score0.00308EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/01/10 12:0 a.m.4 views

Fortinet FortiVoice 路径遍历漏洞

Fortinet FortiVoice is a network communications solution from Fortinet, Inc. A path traversal vulnerability exists in FortiVoice fortivoice. The vulnerability stems from the program failing to properly filter for special elements in the path of a resource or file. An attacker could exploit this...

6.5CVSS6.7AI score0.00628EPSS
Exploits0References3
OSV
OSV
added 2023/12/20 5:15 p.m.3 views

UBUNTU-CVE-2023-47118

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...

9.8CVSS6AI score0.00462EPSS
Exploits0References2
OSV
OSV
added 2023/12/14 5:15 a.m.3 views

CVE-2023-5629

A CWE-601:URL Redirection to Untrusted Site ‘Open Redirect’ vulnerability exists that could cause disclosure of information through phishing attempts over HTTP...

6.1CVSS5.8AI score0.00423EPSS
Exploits0References1
Rows per page
Query Builder