The vulnerability of Oracle Java SE and Oracle Java SE Embedded software platforms allows attackers to modify, add, or delete data, or gain unauthorized access to protected information.

The vulnerability of the Oracle Java SE and Oracle Java SE Embedded software deployment components is related to lack of access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, or to gain unauthorized access to protected informati...

The vulnerability of the sub-component “Engineering Change Order” of the Oracle Installed Base component in the Oracle E-Business Suite system allows a malicious actor to gain access to modify, add, or delete data.

The vulnerability of the Engineering Change Order component of the Oracle Installed Base component in the Oracle E-Business Suite system for enterprise automation activities is related to lack of access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to...

The vulnerability of the Performance Monitor sub-component of the PeopleSoft Enterprise PeopleTools component of the Oracle PeopleSoft Enterprise business application suite allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Performance Monitor sub-component of the PeopleSoft Enterprise component of the Oracle PeopleSoft Enterprise business application suite is related to access control deficiencies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthoriz...

DEBIAN-CVE-2019-17420

In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the httpheader signature to not alert on a response with a single \r\n ending...

HTTP/2: large amount of data requests leads to denial of service

A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

CloudBees Jenkins Relution Enterprise Appstore Publisher Plugin Authorization Issues Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Relution Enterprise Appstore Publisher Plugin...

UBUNTU-CVE-2019-10082

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown...

DEBIAN-CVE-2019-9516

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory fo...

UBUNTU-CVE-2019-9517

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write many of the byt...

UBUNTU-CVE-2019-9513

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU...

The vulnerability of the Advanced Console controller’s sub-component of Oracle Identity Manager, a software platform of Oracle Fusion Middleware, allows an intruder to gain unauthorized access to protected data.

The vulnerability of the Advanced Console controller’s sub-component in Oracle Identity Manager, a software platform of Oracle Fusion Middleware, is related to access control deficiencies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to...

The vulnerability of the sub-component of the Dynamo Application Framework within the Oracle Commerce Platform of the e-commerce platform Oracle Commerce allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the sub-component of the Dynamo Application Framework within the Oracle Commerce Platform of the e-commerce platform Oracle Commerce is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data...

The vulnerability of the Preferences sub-component of the Oracle CRM Technical Foundation component of the Oracle E-Business Suite allows a perpetrator to access data for modification, addition, or deletion.

The vulnerability of the Preferences sub-component of the Oracle CRM Technical Foundation component of the Oracle E-Business Suite is related to lack of access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data using the HTTP protoco...

CVE-2019-7225

The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags MODBUS coils mapping to the HMI. These credentials are the idal123...

The vulnerability of the Messages sub-component of the Oracle Work in Process component in the Oracle E-Business Suite allows a perpetrator to gain unauthorized access to protected data.

The vulnerability of the Messages sub-component of the Oracle Work in Process component in the Oracle E-Business Suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected data using the...

The vulnerability of the RemoteCall sub-component of the PeopleSoft Enterprise PT PeopleTools component of the Oracle PeopleSoft Products suite allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the RemoteCall sub-component of the PeopleSoft Enterprise PT PeopleTools component of the Oracle PeopleSoft Products suite is related to access control deficiencies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to...

The vulnerability of the Web Container sub-component of the Oracle Service Bus component of the Oracle Fusion Middleware software platform allows a attacker to cause a service failure.

The vulnerability of the Web Container sub-component of the Oracle Service Bus component of the Oracle Fusion Middleware software is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service failures using the HTTP protocol...

The vulnerability of the WLS Core Components of Oracle WebLogic Server application servers allows attackers to modify, add, or delete data.

The vulnerability of Oracle WebLogic Server’s application server’s WLS core components is related to lack of access control mechanisms. Exploiting this vulnerability allows an attacker to remotely modify, add, or delete data using the HTTP protocol...

The vulnerability of the Siebel Core component – the Server BizLogic Script of the Siebel CRM system’s customer relationship management module – allows an attacker to access, modify, add, or delete data, and to cause a partial service disruption.

The vulnerability of the Siebel Core component – the Server BizLogic Script of the Siebel CRM system’s customer relationship management software – is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data, and...