656 matches found
CVE-2024-21083
Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: Script Engine. Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle BI Publisher...
PT-2024-4899 · Oracle · Oracle Bi Publisher
Name of the Vulnerable Software and Affected Versions: Oracle BI Publisher versions 7.0.0.0.0 and 12.2.1.4.0 Description: The issue is related to insufficient access control in the Service Gateway component of Oracle BI Publisher, allowing an unauthenticated attacker with network access via HTTP ...
The vulnerability of the `fetch()` function in HTTP/1.1 of the Node.js software platform allows a attacker to cause a service failure.
The vulnerability of the fetch function in HTTP/1.1 in Node.js software platforms is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a remote attacker to cause service failures...
CLSA-2024-1712672178 curl: Fix of CVE-2024-2398
CVE-2024-2398: http2: push headers better cleanup...
AZL-39004 CVE-2023-45288 affecting package helm for versions less than 3.15.2-1
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
UBUNTU-CVE-2024-28871
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available...
PT-2024-40495 · Unknown · Amphp/Http +1
Name of the Vulnerable Software and Affected Versions: amphp/http-client versions 4.0.0-rc10 through 4.0.0 Description: The issue affects early versions of amphp/http-client with HTTP/2 support, causing the collection of HTTP/2 CONTINUATION frames in an unbounded buffer. This occurs because the...
squid: Denial of Service in HTTP Chunked Decoding
A flaw was found in Squid. This issue may allow a remote attacker to trigger an uncontrolled recursion bug when sending a specially crafted, chunked, encoded HTTP Message, resulting in a denial of service...
golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...
OESA-2024-1171 nodejs security update
Node.js is an open-source, cross-platform, JavaScript runtime environment, it executes JavaScript code outside of a browser. Security Fixes: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the...
CVE-2023-21833
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Object Store. The supported version that is affected is 8.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit...
squid: DoS against HTTP and HTTPS
A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk...
Vulnerability of the sub-component: Engineering Change Order for the Oracle Installed Base component of the Oracle E-Business Suite. This component allows an attacker to read, modify, add, or delete data.
The vulnerability of the Engineering Change Order component of the Oracle Installed Base system, a component of the Oracle E-Business Suite, relates to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain access to read, modify, add, or delete data...
The vulnerability of the sub-component “Outcome-Result” of the component “Oracle Customer Interaction History” in the Oracle E-Business Suite system, which allows a malicious user to access, modify, add, or delete data.
The vulnerability of the CRM User Management Framework component of the Oracle Customer Interaction History system within the Oracle E-Business Suite relates to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain access to read, modify, add, or...
The vulnerability of the Setup sub-component, part of the Admin component in Oracle Knowledge Management, a system for automating business processes within the Oracle E-Business Suite, allows an attacker to gain access to read, modify, add, or delete data.
The vulnerability of the Setup sub-component and the Admin component of Oracle Knowledge Management, a system for automating business processes within the Oracle E-Business Suite, exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating...
The vulnerability of the HTML UI component of the Oracle Installed Base information storage center in the Oracle E-Business Suite allows a perpetrator to gain access to read, modify, add, or delete data.
The vulnerability of the HTML UI component of the Oracle Installed Base information storage center in the Oracle E-Business Suite relates to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to read, modify, add, or delete data using the HTT...
PT-2024-1212 · Oracle · Oracle E-Business Suite
Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the CRM User Management Framework component of Oracle Common Applications in Oracle E-Business Suite. This can be...
Fortinet FortiVoice 路径遍历漏洞
Fortinet FortiVoice is a network communications solution from Fortinet, Inc. A path traversal vulnerability exists in FortiVoice fortivoice. The vulnerability stems from the program failing to properly filter for special elements in the path of a resource or file. An attacker could exploit this...
UBUNTU-CVE-2023-47118
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...
CVE-2023-5629
A CWE-601:URL Redirection to Untrusted Site ‘Open Redirect’ vulnerability exists that could cause disclosure of information through phishing attempts over HTTP...