656 matches found
The vulnerability of the Visual Analyzer component of the Oracle Business Intelligence Enterprise Edition software platform allows a malicious individual to gain unauthorized access to read, modify, or delete data.
The vulnerability of the Visual Analyzer component of the Oracle Business Intelligence Enterprise Edition software is related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to read, modify, or delete...
CVE-2023-21845
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Panel Processor. The supported version that is affected is 8.60. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...
OESA-2023-1021 jetty security update
Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in order to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate...
nodejs: Improper handling of URI Subject Alternative Names
A flaw was found in node.js where it accepted a certificate's Subject Alternative Names SAN entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host...
Spatie Browsershot 跨站脚本漏洞
Spatie Browsershot is a codebase based on Php, Javascript that converts browser pages into PDF or image formats by the Belgian Spatie team. A security vulnerability exists in Spatie Browsershot version 3.57.2, which stems from not validating the URL protocol passed to the Browsershot::url method,...
The vulnerability of the Twisted Web HTTP 1.1 module of the Twisted.web.http network framework allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the Twisted Web HTTP 1.1 module of the Twisted.web.http network framework in Twisted is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service failures...
golang: net/http: improper sanitization of Transfer-Encoding header
A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid...
golang: net/http: handle server errors after sending GOAWAY
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...
CVE-2022-39428
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite component: Upload. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web...
PT-2022-21170 · Parse-Url · Url-Parse
Name of the Vulnerable Software and Affected Versions: parse-url versions prior to 8.1.0 Description: The issue concerns a misinterpretation of input in the parse-url library, where certain HTTP or HTTPS URLs are parsed incorrectly. Specifically, the library may identify the URL's protocol as SSH...
CVE-2022-40621
Because the WAVLINK Quantum D4G WN531G3 running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed...
CVE-2022-35838
HTTP V3 Denial of Service Vulnerability...
nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding
A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This issue can lead to HTTP Request Smuggling HRS, causing web cache poisoning, and conducting XSS attacks...
The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model, allowing a perpetrator to gain access to read data and modify it.
The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify...
The vulnerability of the Core component of the ZFS Storage Appliance Kit allows a attacker to compromise the integrity and accessibility of the protected information.
The vulnerability of the Core component of the ZFS Storage Appliance Kit exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to compromise the integrity and accessibility of protected information using the HTTP protocol...
The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to gain read access to data and modify it.
The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP protoco...
DEBIAN-CVE-2022-27664
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...
CVE-2022-27664
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...
Google Golang 安全漏洞
Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...
UBUNTU-CVE-2021-3859
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...