Lucene search
K

656 matches found

BDU FSTEC
BDU FSTEC
added 2023/01/27 12:0 a.m.5 views

The vulnerability of the Visual Analyzer component of the Oracle Business Intelligence Enterprise Edition software platform allows a malicious individual to gain unauthorized access to read, modify, or delete data.

The vulnerability of the Visual Analyzer component of the Oracle Business Intelligence Enterprise Edition software is related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to read, modify, or delete...

6.4CVSS6.6AI score0.00377EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/01/18 12:15 a.m.4 views

CVE-2023-21845

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Panel Processor. The supported version that is affected is 8.60. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

5.4CVSS6.7AI score0.00403EPSS
Exploits0References1
OSV
OSV
added 2023/01/06 11:4 a.m.2 views

OESA-2023-1021 jetty security update

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in order to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate...

7.5CVSS8.9AI score0.01818EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/12/15 4:20 p.m.5 views

nodejs: Improper handling of URI Subject Alternative Names

A flaw was found in node.js where it accepted a certificate's Subject Alternative Names SAN entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host...

7.4CVSS7.3AI score0.08373EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/11/25 12:0 a.m.4 views

Spatie Browsershot 跨站脚本漏洞

Spatie Browsershot is a codebase based on Php, Javascript that converts browser pages into PDF or image formats by the Belgian Spatie team. A security vulnerability exists in Spatie Browsershot version 3.57.2, which stems from not validating the URL protocol passed to the Browsershot::url method,...

8.2CVSS7.8AI score0.0061EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2022/11/22 12:0 a.m.4 views

The vulnerability of the Twisted Web HTTP 1.1 module of the Twisted.web.http network framework allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Twisted Web HTTP 1.1 module of the Twisted.web.http network framework in Twisted is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service failures...

9.3CVSS7.5AI score0.028EPSS
Exploits0References14Affected Software6
RedHat Linux
RedHat Linux
added 2022/11/08 9:43 a.m.9 views

golang: net/http: improper sanitization of Transfer-Encoding header

A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid...

6.5CVSS6.6AI score0.01113EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2022/10/25 9:7 a.m.1 views

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

7.5CVSS6.6AI score0.02513EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/10/18 9:15 p.m.3 views

CVE-2022-39428

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite component: Upload. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web...

9.8CVSS5.8AI score0.36455EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/15 12:0 a.m.1 views

PT-2022-21170 · Parse-Url · Url-Parse

Name of the Vulnerable Software and Affected Versions: parse-url versions prior to 8.1.0 Description: The issue concerns a misinterpretation of input in the parse-url library, where certain HTTP or HTTPS URLs are parsed incorrectly. Specifically, the library may identify the URL's protocol as SSH...

9.4CVSS7.4AI score0.00586EPSS
Exploits1References7
OSV
OSV
added 2022/09/13 9:15 p.m.3 views

CVE-2022-40621

Because the WAVLINK Quantum D4G WN531G3 running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed...

7.5CVSS5.8AI score0.00694EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/09/13 7:15 p.m.2 views

CVE-2022-35838

HTTP V3 Denial of Service Vulnerability...

7.5CVSS5.8AI score0.0207EPSS
Exploits0References3Affected Software2
RedHat Linux
RedHat Linux
added 2022/09/13 9:59 a.m.2 views

nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding

A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This issue can lead to HTTP Request Smuggling HRS, causing web cache poisoning, and conducting XSS attacks...

6.5CVSS7.3AI score0.35079EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2022/09/07 12:0 a.m.8 views

The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model, allowing a perpetrator to gain access to read data and modify it.

The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify...

6.8CVSS6.9AI score0.00551EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/09/07 12:0 a.m.7 views

The vulnerability of the Core component of the ZFS Storage Appliance Kit allows a attacker to compromise the integrity and accessibility of the protected information.

The vulnerability of the Core component of the ZFS Storage Appliance Kit exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to compromise the integrity and accessibility of protected information using the HTTP protocol...

3.4CVSS6.4AI score0.00215EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/09/07 12:0 a.m.5 views

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to gain read access to data and modify it.

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP protoco...

5.5CVSS6.6AI score0.00393EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/09/06 6:15 p.m.2 views

DEBIAN-CVE-2022-27664

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...

7.5CVSS7.1AI score0.02513EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/09/06 6:15 p.m.2 views

CVE-2022-27664

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...

7.5CVSS7.2AI score0.02513EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/09/06 12:0 a.m.2 views

Google Golang 安全漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

7.5CVSS7AI score0.02513EPSS
Exploits0References34
OSV
OSV
added 2022/08/26 4:15 p.m.1 views

UBUNTU-CVE-2021-3859

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...

7.5CVSS7AI score0.01287EPSS
Exploits0References3
Rows per page
Query Builder