Lucene search
K

656 matches found

BDU FSTEC
BDU FSTEC
added 2022/06/15 12:0 a.m.6 views

The vulnerability of the Identity Console component of the Oracle Identity Manager software platform allows a perpetrator to create, delete, or alter access to critical data.

The vulnerability of the Identity Console component of the Oracle Identity Manager software platform exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to create, delete, or alter access to critical data using the HTTP network protocol...

7.6CVSS7.5AI score0.00682EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/15 12:0 a.m.8 views

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a malicious actor to gain read, modify, add, or delete access to data, or to cause a service failure.

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK set is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain read, modify, add, or delete access to data, or cause a service failure using th...

7.8CVSS7.5AI score0.01063EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/06/14 10:15 a.m.4 views

CVE-2022-30937

A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant All versions, EN100 Ethernet module IEC 104 variant All versions, EN100 Ethernet module IEC 61850 variant All versions V4.37, EN100 Ethernet module Modbus TCP variant All versions, EN100 Ethernet module PROFINET IO varia...

7.5CVSS7AI score0.01174EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/06/01 12:0 a.m.7 views

The vulnerability of Siemens SICAM P850 and Siemens SICAM P855 multifunctional measuring devices, which stems from the transmission of data in an open manner via the HTTP protocol, allows attackers to intercept traffic and disrupt the operation of the devices.

The vulnerability of Siemens SICAM P850 and Siemens SICAM P855 multifunctional measuring devices lies in the transmission of data in an open manner via the HTTP protocol. Exploiting this vulnerability can allow a remote attacker to intercept traffic and disrupt the operation of the device...

10CVSS7.4AI score0.0067EPSS
Exploits0References5Affected Software2
Positive Technologies
Positive Technologies
added 2022/05/24 12:0 a.m.3 views

PT-2022-10500 · Undertow · Undertow

Name of the Vulnerable Software and Affected Versions: Undertow versions prior to 2.0.40.Final Undertow versions prior to 2.2.11.Final Description: A flaw was found in Undertow, related to a potential security issue in flow control handling by the browser over HTTP/2, which may cause overhead or ...

5.9CVSS5.6AI score0.01175EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 2022/05/13 8:15 p.m.8 views

CVE-2022-22282

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability...

9.8CVSS7.5AI score0.07192EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2022/05/10 1:49 p.m.2 views

python: urllib: HTTP client possible infinite loop on a 100 Continue response

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability...

7.5CVSS6.9AI score0.11586EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/04/19 12:0 a.m.3 views

Oracle PeopleSoft Enterprise FIN Cash Management 输入验证错误漏洞

Oracle PeopleSoft Enterprise FIN Cash Management is an enterprise financial gateway from Oracle Corporation. A security vulnerability exists in Oracle PeopleSoft Enterprise FIN Cash Management that could allow a low-privileged attacker with network access over HTTP to compromise PeopleSoft...

5.4CVSS6.7AI score0.00483EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/04/11 12:0 a.m.5 views

The vulnerability of the User Interface component of the Oracle iStore system, a system for creating, managing, and personalizing online stores, allows a malicious actor to gain unauthorized access to read, modify, or delete data.

The vulnerability of the User Interface component of the Oracle iStore system, which is used for creating, managing, and personalizing online stores, is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorize...

6.1CVSS6.8AI score0.00706EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/08 12:0 a.m.4 views

The vulnerability of the Instance Main component in the Oracle Installed Base centralized information storage system allows a attacker to trigger a service failure.

The vulnerability of the Instance Main component of the Oracle Installed Base centralized storage system is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to trigger a service failure using the HTTP protocol...

7.8CVSS7.3AI score0.01287EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/07 12:0 a.m.5 views

The vulnerability of the UI Servlet component of the Oracle Configurator allows a attacker to gain access to read, modify, add, or delete data.

The vulnerability of the UI Servlet component of the Oracle Configurator relates to insufficient validation of input data. Exploiting this vulnerability may allow an attacker to gain access to read, modify, add, or delete data using the HTTP protocol over the network...

8.5CVSS7.6AI score0.01091EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/03/29 10:6 a.m.2 views

USN-5313-2 openjdk-lts regression

USN-5313-1 fixed vulnerabilities and added features in OpenJDK. Unfortunately, that update introduced a regression in OpenJDK 11 that could impact interoperability with some popular HTTP/2 servers making it unable to connect to said servers. This update fixes the problem. We apologize for the...

5.3CVSS5.9AI score0.08346EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/02/02 2:49 p.m.6 views

undertow: client side invocation timeout raised when calling over HTTP2

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...

7.5CVSS5.7AI score0.01287EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/01/28 12:0 a.m.3 views

Western Digital My Cloud 数据伪造问题漏洞

Western Digital My Cloud is a personal cloud storage device from Western Digital. Western Digital My Cloud has a security vulnerability that could allow an attacker to trick a NAS device into loading via an insecure HTTP call. This is the result of insufficient authentication of device calls...

9.8CVSS8.3AI score0.01853EPSS
Exploits0References5
OSV
OSV
added 2022/01/26 1:15 a.m.2 views

ALPINE-CVE-2022-23959

In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise Cache Plus 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections...

9.1CVSS7AI score0.01957EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/01/25 8:15 p.m.6 views

CVE-2022-23027

On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1.x beginning in 13.1.3.6, 12.1.5.3-12.1.6, and 11.6.5.2, when a FastL4 profile and an HTTP, FIX, and/or hash persistence profile are configured on the same virtual server, undisclosed requests can cause the virtual server to sto...

5.3CVSS5.8AI score0.00915EPSS
Exploits0References2
OSV
OSV
added 2022/01/19 12:15 p.m.2 views

CVE-2022-21395

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications component: Mediation Engine. Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to...

7.2CVSS5.8AI score0.01168EPSS
Exploits0References1
OSV
OSV
added 2022/01/19 12:15 p.m.2 views

CVE-2022-21391

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications component: Connection Manager. Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with network acces...

9.9CVSS7.3AI score0.01208EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/01/19 12:0 a.m.2 views

Oracle PeopleSoft Products 安全漏洞

Oracle PeopleSoft Products is a set of enterprise human capital management solutions from Oracle Oracle. The products provide human capital management, financial management, supplier relationship management, and other capabilities. A security vulnerability exists in Oracle PeopleSoft Products'...

7.5CVSS7.7AI score0.01583EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/01/19 12:0 a.m.3 views

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management, and other functions. A security vulnerability exists in the Oracle Sourci...

8.1CVSS8AI score0.01028EPSS
Exploits0References3
Rows per page
Query Builder