The vulnerability of the Text Catalog component of the Oracle PeopleSoft Enterprise HCM Shared Components application allows a hacker to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Text Catalog component of the Oracle PeopleSoft Enterprise HCM Shared Components application exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to modify, add, or delete data, or gain unauthorized...

Medium: ecs-init

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

CVE-2024-36387

...

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Core component of the Oracle VM VirtualBox software relates to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

The vulnerability of the sub-component of the Oracle Commerce Platform component, a e-commerce platform, allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the sub-component of the Oracle Commerce Platform exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to modify, add, or delete data using the HTTP protocol...

The vulnerability of the Suricata detection and intrusion prevention mechanism, which allows a intruder to trigger a service failure.

The vulnerability of the httpmemcap parameter in the Suricata intrusion detection and prevention tool is related to pointer assignment errors. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

qtbase: qtbase: Delay any communication until encrypted() can be responded to

A vulnerability was found in Qt where, during a TLS connection for servers supporting HTTP2, Qt may send data to a server even if the TLS certificate doesn't match the redirected address. This occurs because Qt fails to validate the certificate against the redirected address, potentially sending...

PT-2025-46931

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 126.0.6478.182 Description An issue in the DevTools component of Google Chrome could allow a remote attacker to potentially escape the sandbox through a specially crafted HTML page. The security severity is rate...

CVE-2024-21132

Vulnerability in the Oracle Purchasing product of Oracle E-Business Suite component: Approvals. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Purchasing. Successful attacks...

DEBIAN-CVE-2024-6775

Use after free in Media Stream in Google Chrome prior to 126.0.6478.182 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Google Chrome 安全漏洞

Google Chrome is a web browser of Google Google, U.S. V8 is one of the open source JavaScript engine. Google Chrome suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to perform out-of-bounds memory access via a crafted HTML page...

Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2024-1916)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service DoS attack...

The vulnerability of the virtual server “1C-Bitrix: Virtual Machine” involves unlimited loading of dangerous type files, allowing a hacker to execute arbitrary code.

The vulnerability of the virtual server “1C-Bitrix: Virtual Machine” is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted PHP file...

The vulnerability of the web interface of IP-telephone devices, BAS-IP, allows a perpetrator to disclose protected information.

The vulnerability of the web interface of IP-telephone devices BAS-IP relates to the storage of user credentials in configuration files. Exploiting this vulnerability can allow an attacker to disclose sensitive information by sending a specially crafted HTTP request...

PT-2024-6936 · Oracle · Oracle Bi Publisher

Name of the Vulnerable Software and Affected Versions: Oracle BI Publisher versions 7.0.0.0.0 through 12.2.1.4.0 Description: The issue is related to a component of the Oracle BI Publisher, specifically the Web Server, and involves insufficient input validation leading to authorization bypass. Th...

USN-6885-2 apache2 regression

USN-6885-1 fixed vulnerabilities in Apache HTTP Server. One of the security fixes introduced a regression when proxying requests to a HTTP/2 server. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Marc Stern discovered that the Apache HTTP Server...

CBL Mariner 2.0 Security Update: fluent-bit / nghttp2 / nodejs / nodejs18 (CVE-2024-28182)

The version of fluent-bit / nghttp2 / nodejs / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28182 advisory. - nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 ...

CVE-2023-35006

IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

IBM Security QRadar 安全漏洞

IBM Security QRadar is a modernized threat detection and response solution from International Business Machines IBM, Inc. designed to unify and integrate the security analyst experience and improve their response speed throughout the incident lifecycle. IBM Security QRadar suffers from an HTML...