The vulnerability of the Java Server Faces component of the Oracle GlassFish Server software platform allows a perpetrator to gain unauthorized access to data.

The vulnerability of the Java Server Faces component of the Oracle GlassFish Server is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain unauthorized access to data using the HTTP protocol...

The vulnerability of the Oracle User Management component of the Oracle E-Business Suite automation system allows a perpetrator to gain access to protected information.

The vulnerability of the Oracle User Management component in the Oracle E-Business Suite automation system is related to insufficient access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to protected information using the HTTP protocol...

The vulnerability of the Fluid Core component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a malicious individual to gain unauthorized access to protected data.

The vulnerability of the Fluid Core component in the Oracle PeopleSoft Enterprise PeopleTools business application suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected data using the...

The vulnerability of the Partner Detail sub-component of the Oracle Partner Management component in the Oracle E-Business Suite allows a malicious actor to gain access to modify, add, or delete data.

The vulnerability of the Partner Detail sub-component of the Oracle Partner Management component in the Oracle E-Business Suite is related to code errors. Exploiting this vulnerability may allow an attacker, operating remotely, to gain access to modify, add, or delete data using the HTTP protocol...

Apache HTTP Server Denial of Service Vulnerability

Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in the HTTP/2 modhttp2 connection for httpd in Apache HTTP Server versions 2.4.17 through...

The vulnerability in the implementation of TCP sockets in Cisco IOS and Cisco IOS XE operating systems allows a hacker to trigger a device reboot and a service failure.

The vulnerability of TCP socket implementations in Cisco IOS and Cisco IOS XE systems is related to state management errors. Exploiting this vulnerability can allow a malicious actor to trigger a device reboot and a service failure by sending specially crafted HTTP packets...

NEC Aterm WG1200HP Operating System Command Injection Vulnerability

The NEC Aterm WG1200HP is a wireless router from Nippon Electric NEC. An operating system command injection vulnerability exists in the NEC Aterm WG1200HP using firmware version 1.0.31 and earlier. An attacker can exploit this vulnerability to execute arbitrary operating system commands via HTTP...

nginx: Excessive CPU usage via flaw in HTTP/2 implementation

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuration file...

The vulnerability of the Process Analysis & Discovery component of the Business Process Management Suite allows a perpetrator to gain unauthorized access to protected data.

The vulnerability of the Process Analysis & Discovery component in the Business Process Management Suite is related to lack of access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected data using the HTTP protocol...

Junos OS: SRX Series: Credentials exposed when using HTTP and HTTPS Firewall Pass-through User Authentication

When an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials in the initial HTTP/HTTPS session is at risk that these credentials may be captured during follow-on HTTP/HTTPS requests by a malicious actor through a...

msystem Remote Code Execution Vulnerability

msystem is a package used in Node.js for downloading and installing the MyStem morphological text analyzer. A security vulnerability exists in msystem that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing...

Unspecified vulnerability in pk-app-wonderbox

pk-app-wonderbox is an app that integrates wonderbox and pillakloud. A security vulnerability exists in pk-app-wonderbox that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the respons...

CVE-2018-0956

A denial of service vulnerability exists in the HTTP 2.0 protocol stack HTTP.sys when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...

Embedthis Software Appweb Embedthis HTTP Library Authentication Bypass Vulnerability

Embedthis Software AppWeb is a fast and small web server from Embedthis Software, USA, which is mainly used for embedded applications, devices and web services with support for security defense policies, digest authentication, virtual hosting, etc. HTTP library is one of the HTTP libraries. The...

UBUNTU-CVE-2015-5206

Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168...

UBUNTU-CVE-2017-5446

An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

The vulnerability of the iOS operating system and the Mac OS X operating system allows attackers to compromise the security of information.

The vulnerability of the HTTPProtocol component in the iOS operating system and the Mac OS X operating system is related to errors in the code. Exploiting this vulnerability allows remote HTTP/2 servers to affect the security of the information being processed...

CVE-2017-2428

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in the "HTTPProtocol" component. It allows remote HTTP/2 servers to have an...

CVE-2016-8329

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Mobile Application Platform. Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

Oracle E-Business Suite Remote Security Vulnerability (CNVD-2017-00638)

Oracle E-Business Suite is a suite of fully integrated, global business management software from Oracle Corporation. Oracle Common Applications also known as Oracle Common Application Calendar, CAC is one of the components that can simplify the management of daily activities, appointments, and...