656 matches found
Mozilla: Missing throttling on external protocol launch dialog
The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol...
Mozilla: Missing throttling on external protocol launch dialog
The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol...
CVE-2022-21907
HTTP Protocol Stack Remote Code Execution Vulnerability...
DEBIAN-CVE-2021-44716
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...
The vulnerability of the Oracle Reports Developer component of the Oracle Fusion Middleware software platform allows attackers to influence the integrity and confidentiality of the protected information.
The vulnerability of the Oracle Reports Developer component of the Oracle Fusion Middleware software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to influence the integrity and confidentiality of protected information through the use of the...
The vulnerability of the implementation of the HTTP or FTP protocol in the console-based graphic editor ImageMagick allows a attacker to perform an SSRF attack.
The vulnerability of the HTTP or FTP protocol implementation of the console-based graphic editor ImageMagick is related to insufficient verification of the authenticity of executed requests. Exploiting this vulnerability may allow a malicious actor, operating remotely, to carry out an SSRF attack...
IBM QRadar Network Security 安全漏洞
IBM QRadar Network Security is a network security manager from IBM USA, Inc. used to provide better visibility and control over activities and users on the network, while using deep packet inspection, heuristics and behavior-based analysis to detect and prevent advanced threats.A security...
CVE-2021-29991
Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox 91.0.1 and Thunderbird 91.0.1...
Oracle E-Business Suite 安全漏洞
Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management, and other functions. A security vulnerability exists in the Oracle Payabl...
netty: Request smuggling via content-length header
A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The...
libcurl 资源管理错误漏洞
HAXX Haxx libcurl is a free, open source client-side URL transport library from the Swedish company HAXX. The library supports FTP, FTPS, TFTP, HTTP and more. Haxx libcurl suffers from a resource management error vulnerability that arises from mismanagement of system resources e.g., memory, disk...
AZL-6744 CVE-2021-22939 affecting package nodejs for versions less than 16.14.0-1
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted...
ALPINE-CVE-2021-36159
libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the...
CVE-2021-2419
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...
netty: Request smuggling via content-length header
A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The...
Varnish Cache 环境问题漏洞
Varnish Cache is a suite of reverse web caching servers. A security vulnerability exists in Varnish Enterprise, which arises from an HTTP/2-enabled Varnish Cache that allows request smuggling and VCL authorization bypass via large Content-Length headers in POST requests. The following products an...
The vulnerability of the User Interface component of Oracle Incentive Compensation (OIC) system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the User Interface component of the Oracle Incentive Compensation system for corporate clients relates to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information usi...
CVE-2021-22765
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 Versions 3.0.0 and newer and PowerLogic EGX300 All Versions that could cause denial of service or remote code execution via a specially crafted HTTP packet...
The vulnerability of the View Reports component in the Oracle Applications Manager management tool allows a hacker to gain access to create, modify, or delete data.
The vulnerability of the View Reports component in the Oracle Applications Manager management tool is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain access to the ability to create, modify, or delete data using the HTTP protocol...
The vulnerability of the Attachments component of the Oracle Document Management and Collaboration software, which allows a hacker to access, create, modify, or delete data.
The vulnerability of the Attachments component of the Oracle Document Management and Collaboration software lies in insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain access to the ability to create, modify, or delete data using the HTTP protocol...