UBUNTU-CVE-2022-0976

Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2022-0977

Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page...

PT-2022-4565 · Oracle · Oracle Workflow +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.11 Description: The issue exists due to insufficient input validation in the Worklist component of the Oracle Workflow product. This allows a remote attacker to gain unauthorized access to...

Oracle E-Business Suite 输入验证错误漏洞

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. An input validation error vulnerability exists in...

Oracle Financial Services Applications 输入验证错误漏洞

Oracle Financial Services Applications is a suite of financial services software from Oracle USA. The product includes core banking, online banking, and property management. An input validation error vulnerability exists in Oracle Banking Trade Finance component: Infrastructure version 14.5, whic...

CVE-2022-27934

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP...

CVE-2022-27929

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP...

Allocation of Resources Without Limits or Throttling

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: An attacker can cause unbounded memory growth in servers accepting HTTP/2 requests. Remediation...

The vulnerability of the providers.dll library in the Node.js software platform, related to HTTP request processing flaws, allows attackers to execute arbitrary code.

The vulnerability of the providers.dll library in the Node.js software platform is related to an uncontrolled search path during the loading of DLL libraries. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Node.js software platform, related to deficiencies in HTTP request processing, allows a perpetrator to carry out a “HTTP request hijacking” attack.

The vulnerability of the Node.js software platform is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to carry out an “HTTP request hijacking” attack...

The vulnerability in the HTTP server of the microprogramming software for AutomationDirect C-More series of touchscreen HMI devices allows a hacker to disclose protected information.

The vulnerability of the HTTP server of the C-More EA9 HMI series of touchscreen software solutions is related to the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information that is protected by the system...

CVE-2022-34160

IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 229330...

IBM CICS TX Standard and Advanced 跨站脚本漏洞

IBM CICS TX Standard and Advanced is a comprehensive, single transaction runtime package from IBM USA. It can provide a cloud-native deployment model for standalone applications. An HTML injection vulnerability exists in IBM CICS TX Standard and Advanced version 11.1. The vulnerability stems from...

DEBIAN-CVE-2022-2048

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources lef...

UBUNTU-CVE-2022-2048

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources lef...

undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server...

undertow: potential security issue in flow control over HTTP/2 may lead to DOS

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability...

netty: control chars in header names may lead to HTTP request smuggling

A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling...

The vulnerability of the Mozilla Firefox browser, related to errors during HTML sanitization, allows a hacker to execute arbitrary code.

The vulnerability of the Mozilla Firefox browser is related to errors during HTML sanitization. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki versions prior to 1.37.3, which stems from a...