The vulnerability of the Envoy proxy server, related to errors in processing mixed-case schemes in HTTP/2, allows attackers to gain access to protected data.

The vulnerability of the Envoy proxy server is related to errors in the processing of mixed-case schemes in HTTP/2. Exploiting this vulnerability can allow a remote attacker to gain access to protected data...

The vulnerability of the PAN-OS operating system, related to errors in processing hypertext links, allows a perpetrator to gain access to confidential data.

The vulnerability of the PAN-OS operating system is related to errors in processing hypertext links. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...

SolarWinds Platform 代码注入漏洞

SolarWinds Platform is a unified monitoring, observability, and service management platform from SolarWinds USA. A security vulnerability exists in SolarWinds Platform versions prior to 2023.3 that originates from a hole that allows remote attackers with SolarWinds Platform account privileges to...

The vulnerability of the Application Express component in the Oracle Application Express development environment allows a hacker to gain full control over the application.

The vulnerability of the Application Express development environment for Oracle Application Express is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain full control over the application using the HTTP protocol...

The vulnerability of the EAS Administration and EAS Console components of the Oracle Hyperion Essbase Administration Services allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the EAS Administration and EAS Console components of the Oracle Hyperion Essbase Administration Services lies in insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information using the HTTP...

The vulnerabilities of the APIkit components, the HTTP connector, and the OAuth2 Provider integrated into the API Gateway environment of the Mule Runtime, allow attackers to gain unauthorized access to protected information.

The vulnerabilities of the APIkit components, the HTTP connector, and the OAuth2 Provider integrated into the API Gateway environment of Mule Runtime Mule are related to errors in processing the relative path to the restricted directory. Exploiting these vulnerabilities can allow an attacker to...

UBUNTU-CVE-2022-28734

Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's...

The vulnerability of the Mojo browser’s IPC library in Google Chrome allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the Mojo library in Google Chrome browsers relates to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure or execute arbitrary code using a specially created HTML page...

The vulnerability of the DevTools set of tools for web development in the Google Chrome web browser allows a hacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the DevTools suite for web development in the Google Chrome web browser relates to the use of memory after it is released. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause a service failure through the u...

SUSE CVE-2023-3732

Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

tduck-platform 跨站脚本漏洞

TDuckCloud tduck-platform is an open source form survey system from China Zhongda Numerical Wei Information Technology Limited TDuckCloud company. A security vulnerability exists in version v4.0 of tduck-platform, which stems from the presence of an arbitrary file upload vulnerability that allows...

PT-2023-4948 · Pypi +3 · Aiohttp +3

Name of the Vulnerable Software and Affected Versions: aiohttp versions 3.8.4 and earlier Description: The issue is related to the handling of HTTP requests in aiohttp, which can lead to HTTP request smuggling when a crafted HTTP request is sent. This affects users of aiohttp as an HTTP server, b...

CVE-2023-22009

Vulnerability in the Oracle Self-Service Human Resources product of Oracle E-Business Suite component: Workforce Management. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2023-34329

AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability...

PT-2023-9328 · Google +2 · Skia +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 115.0.5790.98 Description: The issue is related to an inappropriate implementation in the Skia graphics library of Google Chrome, which can be exploited by a remote attacker to potentially perform a sandbox...

PT-2023-3571 · Google +2 · Google Chrome +2

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 115.0.5790.98 Description: The issue is related to a use after free in WebRTC, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could lead to arbitrary co...

Oracle E-Business Suite 跨站脚本漏洞

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in the Oracle Scripti...

PT-2023-3717 · Google +1 · Google Chrome +1

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 115.0.5790.98 Description: The issue is related to an inappropriate implementation in the Autofill function of Google Chrome, which may allow a remote attacker to obfuscate security UI via a crafted HTML page...

PT-2023-3718 · Google +2 · Google Chrome +2

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 115.0.5790.98 Description: The issue is related to an inappropriate implementation in WebApp Installs, allowing a remote attacker to potentially spoof the contents of the Omnibox URL bar via a crafted HTML page...

CVE-2023-38253

An out-of-bounds read flaw was found in w3m, in the growbuftoStr function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file...