Lucene search
+L

1696 matches found

BDU FSTEC
BDU FSTEC
added 2021/05/26 12:0 a.m.4 views

The vulnerability of the HTTP Protocol Stack in Microsoft Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the HTTP Protocol Stack in Microsoft Windows operating systems is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially created HTTP request...

10CVSS8.3AI score0.99657EPSS
Exploits24References7
BDU FSTEC
BDU FSTEC
added 2021/05/24 12:0 a.m.6 views

The vulnerability of the Frameworks component of the Oracle PeopleSoft Enterprise CS Campus Community application, which allows a perpetrator to gain unauthorized access to protected information

The vulnerability of the Frameworks component in the Oracle PeopleSoft Enterprise CS Campus Community application is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information using the HTTP protocol...

3.5CVSS6.4AI score0.00723EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/24 12:0 a.m.8 views

The vulnerability of the Management Console component in the Oracle Cloud Infrastructure Storage Gateway allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Management Console component in Oracle Cloud Infrastructure Storage Gateway is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information throu...

9.1CVSS7.8AI score0.01074EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/24 12:0 a.m.7 views

The vulnerability of the Management Console component in the Oracle Cloud Infrastructure Storage Gateway allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Management Console component in Oracle Cloud Infrastructure Storage Gateway is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information throu...

10CVSS7.8AI score0.01872EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/19 12:0 a.m.9 views

The vulnerability of the sub-component Courseware within the Oracle Quoting component of the Oracle E-Business Suite allows a perpetrator to gain unauthorized access to the device.

The vulnerability of the Courseware sub-component of the Oracle Quoting component in the Oracle E-Business Suite system’s enterprise automation activity system is related to code errors. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to the...

8.5CVSS6.9AI score0.00987EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/19 12:0 a.m.6 views

The vulnerability of the TopLink Integration server component of Oracle WebLogic Server allows a hacker to gain unauthorized access to the device.

The vulnerability of the TopLink Integration component of Oracle WebLogic Server applications exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the device through HTTP requests...

7.8CVSS6.9AI score0.01938EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/19 12:0 a.m.7 views

The vulnerability of the Receipts sub-component of the Oracle Receivables component in the Oracle E-Business Suite system, which allows a perpetrator to gain unauthorized access to the device.

The vulnerability of the Receipts sub-component of the Oracle Receivables component in the Oracle E-Business Suite system is related to code errors. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to the device through HTTP requests...

8.5CVSS6.9AI score0.00987EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/19 12:0 a.m.5 views

The vulnerability of the Rules Framework component of the Oracle Financial Services Analytical Applications Infrastructure software allows a perpetrator to gain read access to data or modify data.

The vulnerability of the Rules Framework component of the Oracle Financial Services Analytical Applications Infrastructure software exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain read access to data or modify...

6.1CVSS7AI score0.00853EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/19 12:0 a.m.8 views

The vulnerability of the Sites sub-component of the Oracle Site Hub component in the Oracle E-Business Suite system, which allows a malicious individual to gain unauthorized access to the device.

The vulnerability of the Sites sub-component of the Oracle Site Hub component in the Oracle E-Business Suite system for enterprise automation activities is related to code errors. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to the device...

8.5CVSS6.9AI score0.00987EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2021/05/18 2:2 p.m.3 views

python: CRLF injection via HTTP request method in httplib/http.client

A flaw was found in Python. The built-in modules httplib and http.client included in Python 2 and Python 3, respectively do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The highest threat fr...

7.2CVSS6.7AI score0.0642EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2021/05/12 12:0 a.m.12 views

The vulnerability of the sub-components “Loan Details” and “Loan Accounting Events” of the Oracle Loans component in the Oracle E-Business Suite, a business automation system, allows a malicious individual to gain unauthorized access to the device.

The vulnerability of the Loan Details and Loan Accounting Events subcomponents of the Oracle Loans component in the Oracle E-Business Suite is related to code errors. Exploitation of this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to the device through HT...

8.5CVSS6.9AI score0.00987EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/12 12:0 a.m.8 views

The vulnerability of the Gateway component of the Oracle Secure Global Desktop software allows a hacker to gain full control over the application.

The vulnerability of the Oracle Secure Global Desktop software’s Gateway component is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain full control over the application using the HTTP protocol...

10CVSS7.7AI score0.02497EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/12 12:0 a.m.6 views

The vulnerability of the Message Display component of the Oracle Email Center messaging software in the Oracle E-Business Suite, a business automation system, allows a malicious individual to access, modify, add, or delete data, or gain full control over the application.

The vulnerability of the Message Display component of the Oracle Email Center messaging software, a part of the Oracle E-Business Suite for enterprise automation, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or...

8.5CVSS6.8AI score0.00796EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/12 12:0 a.m.11 views

The vulnerability of the Quote sub-component of the Oracle Lease and Finance Management component in the Oracle E-Business Suite system allows a malicious individual to gain unauthorized access to the device.

The vulnerability of the Quotes sub-component of the Oracle Lease and Finance Management component within the Oracle E-Business Suite automation system is related to code errors. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to the device...

8.5CVSS6.9AI score0.00931EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2021/05/11 12:0 a.m.9 views

PT-2021-3092

Name of the Vulnerable Software and Affected Versions Microsoft HTTP Protocol Stack versions prior to the fixed version Description The issue is related to a memory usage problem after memory release in the HTTP Protocol Stack of Microsoft Windows operating systems. This can be exploited by a...

9.8CVSS7.2AI score0.99657EPSS
Exploits24References46
OSV
OSV
added 2021/05/06 1:15 p.m.1 views

CVE-2021-1516

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance SMA, Cisco Email Security Appliance ESA, and Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to access sensitive information on an affecte...

6.5CVSS6.7AI score0.01156EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/05/06 7:51 a.m.4 views

netty: Request smuggling via content-length header

A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The...

5.9CVSS7.1AI score0.04935EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2021/05/05 12:0 a.m.8 views

The vulnerability of the Customer Tab sub-component of the Oracle Customers Online component of the Oracle E-Business Suite allows a malicious actor to gain unauthorized access to the device and disclose protected information.

The vulnerability of the Customer Tab sub-component of the Oracle Customers Online component of the Oracle E-Business Suite is related to code errors. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the device and disclose protected...

8.5CVSS6.9AI score0.01666EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/05 12:0 a.m.6 views

The vulnerability of the Thunderbird email client, as well as the Firefox and Firefox ESR browsers, relates to errors during permission saving, allowing a malicious actor to mistakenly assign a security certificate to an HTTP page.

The vulnerability of the Thunderbird email client, as well as browsers Firefox and Firefox ESR, is related to errors during the saving of permissions. Exploiting this vulnerability could allow a remote attacker to erroneously assign a security certificate to an HTTP page...

8.5CVSS7AI score0.00554EPSS
Exploits0References14Affected Software20
BDU FSTEC
BDU FSTEC
added 2021/05/05 12:0 a.m.10 views

The vulnerability of the LOV sub-component of the Oracle Depot Repair component in the Oracle E-Business Suite automation system allows a malicious individual to gain unauthorized access to the device and disclose protected information.

The vulnerability of the LOV sub-component of the Oracle Depot Repair component in the Oracle E-Business Suite automation system is related to code errors. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the device and disclose protected...

8.5CVSS6.8AI score0.01015EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder