The vulnerability of the “Estimate and Actual Charges” component of the Oracle Depot Repair automation software allows a intruder to gain unauthorized access to protected information.

The vulnerability of the “Estimate and Actual Charges” component of the Oracle Depot Repair automation software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information through the...

The vulnerability of the Courseware component of the customer interaction application of Oracle Quoting allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Courseware component of the Oracle Quoting application lies in its lack of access control mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information via the HTTP network protocol...

Vulnerability of the Preferences component of the Oracle CRM system’s customer relationship management module. The Oracle E-Business Suite technical foundation for enterprise automation, which allows attackers to gain unauthorized access to protected information.

The vulnerability of the Preferences component of the Oracle CRM system’s customer relationship management module is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the...

The vulnerability of the Hierarchy Diagrammers component of the Oracle Human Resources software allows a hacker to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Hierarchy Diagrammers component in Oracle Human Resources software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker operating remotely to modify, add, or delete data, or gain unauthorized access to protected information...

The vulnerability of the Application Performance Management (EM Request Monitoring) component of the Oracle Enterprise Manager software allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Application Performance Management EM Request Monitoring component of the Oracle Enterprise Manager is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data, or to unauthorizedly acce...

The vulnerability of the Email Address list and Message Display components of the Oracle Email Center software, a business automation system within the Oracle E-Business Suite. This allows attackers to access, modify, add, or delete data, or gain unauthorized access to protected information.

The vulnerability of the Email Address list and Message Display components of the Oracle Email Center software, a messaging automation system within the Oracle E-Business Suite, is related to lack of access control. Exploiting this vulnerability could allow an attacker to modify, add, or delete...

The vulnerability of the User Interface component in Oracle iSupport, which allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the User Interface component in Oracle iSupport is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain access to modify, add, or delete data using the HTTP protocol...

The vulnerability of the Absence Recording component in the Oracle Human Resources HR management software allows a violator to gain access to modify, add, or delete data.

The vulnerability of the Absence Recording component in the Oracle Human Resources HR management software is related to lack of access control. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data using the HTTP protocol...

The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing online stores, allows attackers to gain access to modify, add, or delete data, as well as to unauthorizedly access protected information.

The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing e-commerce stores, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to remotely gain access to modify, add, or...

haproxy: HTTP/2 implementation vulnerable to intermediary encapsulation attacks

The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return CR, ASCII 0xd, line feed LF, ASCII 0xa, and the zero character NUL, ASCII 0x0, aka Intermediary Encapsulation Attacks...

CVE-2020-2826

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite component: Print Server. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One...

CVE-2020-2744

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: Security. Supported versions that are affected are 6.3.7, 6.4.2 and 6.4.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportati...

haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes

A flaw was found in the way HAProxy processed certain HTTP/2 request packets. This flaw allows an attacker to send crafted HTTP/2 request packets, which cause memory corruption, leading to a crash or potential remote arbitrary code execution with the permissions of the user running HAProxy...

php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response

In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the phpstreamurlwraphttpex function in ext/standard/httpfopenwrapper.c. This subsequently results in copying a large string...

Unspecified Vulnerability in F5 BIG-IP (CNVD-2020-21485)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A security vulnerability exists in BIG-IP. An attacker can exploit the vulnerability with the help of malformed HTTP/3 message...

CVE-2020-5857

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, undisclosed HTTP behavior may lead to a denial of service...

The vulnerability of the HTTP_ST component in the D-Link DIR-859 router’s microprogramming system arises from the failure to take measures to neutralize specific elements used in the operating system commands. This vulnerability allows a perpetrator to execute arbitrary commands.

The vulnerability of the HTTPST component in the D-Link DIR-859 router’s microprogramming software exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...

The vulnerability of the Oracle iSupport web application allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Oracle iSupport web application is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or delete data using the HTTPS protocol...

The vulnerability of the Attachments/File Upload component of the Oracle Applications Framework allows a malicious actor to gain access to modify, add, or delete data.

The vulnerability of the Attachments/File Upload component of the Oracle Applications Framework is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or delete data using the HTTPS protocol...

The vulnerability of the SWSE Server component of the Siebel UI Framework allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the SWSE Server component of the Siebel UI Framework is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...