656 matches found
The vulnerability of the Identity Console component of the Oracle Identity Manager software platform allows a perpetrator to create, delete, or alter access to critical data.
The vulnerability of the Identity Console component of the Oracle Identity Manager software platform exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to create, delete, or alter access to critical data using the HTTP network protocol...
The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a malicious actor to gain read, modify, add, or delete access to data, or to cause a service failure.
The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK set is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain read, modify, add, or delete access to data, or cause a service failure using th...
CVE-2022-30937
A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant All versions, EN100 Ethernet module IEC 104 variant All versions, EN100 Ethernet module IEC 61850 variant All versions V4.37, EN100 Ethernet module Modbus TCP variant All versions, EN100 Ethernet module PROFINET IO varia...
The vulnerability of Siemens SICAM P850 and Siemens SICAM P855 multifunctional measuring devices, which stems from the transmission of data in an open manner via the HTTP protocol, allows attackers to intercept traffic and disrupt the operation of the devices.
The vulnerability of Siemens SICAM P850 and Siemens SICAM P855 multifunctional measuring devices lies in the transmission of data in an open manner via the HTTP protocol. Exploiting this vulnerability can allow a remote attacker to intercept traffic and disrupt the operation of the device...
PT-2022-10500 · Undertow · Undertow
Name of the Vulnerable Software and Affected Versions: Undertow versions prior to 2.0.40.Final Undertow versions prior to 2.2.11.Final Description: A flaw was found in Undertow, related to a potential security issue in flow control handling by the browser over HTTP/2, which may cause overhead or ...
CVE-2022-22282
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability...
python: urllib: HTTP client possible infinite loop on a 100 Continue response
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability...
Oracle PeopleSoft Enterprise FIN Cash Management 输入验证错误漏洞
Oracle PeopleSoft Enterprise FIN Cash Management is an enterprise financial gateway from Oracle Corporation. A security vulnerability exists in Oracle PeopleSoft Enterprise FIN Cash Management that could allow a low-privileged attacker with network access over HTTP to compromise PeopleSoft...
The vulnerability of the User Interface component of the Oracle iStore system, a system for creating, managing, and personalizing online stores, allows a malicious actor to gain unauthorized access to read, modify, or delete data.
The vulnerability of the User Interface component of the Oracle iStore system, which is used for creating, managing, and personalizing online stores, is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorize...
The vulnerability of the Instance Main component in the Oracle Installed Base centralized information storage system allows a attacker to trigger a service failure.
The vulnerability of the Instance Main component of the Oracle Installed Base centralized storage system is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to trigger a service failure using the HTTP protocol...
The vulnerability of the UI Servlet component of the Oracle Configurator allows a attacker to gain access to read, modify, add, or delete data.
The vulnerability of the UI Servlet component of the Oracle Configurator relates to insufficient validation of input data. Exploiting this vulnerability may allow an attacker to gain access to read, modify, add, or delete data using the HTTP protocol over the network...
USN-5313-2 openjdk-lts regression
USN-5313-1 fixed vulnerabilities and added features in OpenJDK. Unfortunately, that update introduced a regression in OpenJDK 11 that could impact interoperability with some popular HTTP/2 servers making it unable to connect to said servers. This update fixes the problem. We apologize for the...
undertow: client side invocation timeout raised when calling over HTTP2
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...
Western Digital My Cloud 数据伪造问题漏洞
Western Digital My Cloud is a personal cloud storage device from Western Digital. Western Digital My Cloud has a security vulnerability that could allow an attacker to trick a NAS device into loading via an insecure HTTP call. This is the result of insufficient authentication of device calls...
ALPINE-CVE-2022-23959
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise Cache Plus 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections...
CVE-2022-23027
On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1.x beginning in 13.1.3.6, 12.1.5.3-12.1.6, and 11.6.5.2, when a FastL4 profile and an HTTP, FIX, and/or hash persistence profile are configured on the same virtual server, undisclosed requests can cause the virtual server to sto...
CVE-2022-21395
Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications component: Mediation Engine. Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to...
CVE-2022-21391
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications component: Connection Manager. Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with network acces...
Oracle PeopleSoft Products 安全漏洞
Oracle PeopleSoft Products is a set of enterprise human capital management solutions from Oracle Oracle. The products provide human capital management, financial management, supplier relationship management, and other capabilities. A security vulnerability exists in Oracle PeopleSoft Products'...
Oracle E-Business Suite 安全漏洞
Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management, and other functions. A security vulnerability exists in the Oracle Sourci...