CVE-2022-29269

In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address...

python: CRLF injection via HTTP request method in httplib/http.client

A flaw was found in Python. The built-in modules httplib and http.client included in Python 2 and Python 3, respectively do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The highest threat fr...

Nagios XI 跨站脚本漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A cross-site scripting vulnerability exists in Nagios XI version 5.8.5 and prior versions. An attacker cou...

HTTP compression denial of service

curl supports "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited...

The vulnerability of the Advising Notes component of the PeopleSoft Enterprise CS Academic Advisement application allows a perpetrator to gain unauthorized access to the device.

The vulnerability of the Advising Notes component in the PeopleSoft Enterprise CS Academic Advisement application exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to the device through HTTP...

WordPress Plugin WP-Filebase Download Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Plugin WP-Filebase Download Manager version 3.4.4 contains a cross-site scripting...

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a hacker to trigger a service failure.

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK set is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to trigger a service failure using the HTTP protocol...

The vulnerability of the Marketing Administration component of the Oracle Marketing marketing platform allows a perpetrator to gain read access to data and modify it. This component is part of the Oracle E-Business Suite, which facilitates automated business operations.

The vulnerability of the Marketing Administration component of the Oracle Marketing marketing platform exists due to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to gain access to read, modify, add, or delete data using the HTTP network protocol...

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a hacker to trigger a service failure.

The vulnerability of the Outside In Filters component within Oracle’s software development kit SDK “Outside In Technology” exists due to insufficient testing of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures using the HTTP protocol...

The vulnerability of the Reports sub-component of the Oracle Financial Services Crime and Compliance Investigation Hub component of the banking analytics system’s simulation model, allowing a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Reports sub-component of the Oracle Financial Services Crime and Compliance Investigation Hub component of the banking analytics system’s simulation model exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to modify,...

The vulnerability of the Notification Configuration component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a perpetrator to gain unauthorized access to protected data or compromise the integrity of that data.

The vulnerability of the Notification Configuration component in the Oracle PeopleSoft Enterprise PeopleTools business application exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected...

The vulnerability of the Integration and Interfaces components of the Oracle PeopleSoft Enterprise CS Campus Community application allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Integration and Interfaces components of the Oracle PeopleSoft Enterprise CS Campus Community application exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected...

The vulnerability of the Tools and Frameworks component of the Oracle Commerce Guided Search search engine and the Oracle Commerce Experience Manager user environment management tool allows a perpetrator to gain access to and modify data.

The vulnerability of the Tools and Frameworks component of the Oracle Commerce Guided Search system, as well as the Oracle Commerce Experience Manager user environment management tool, exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to ga...

The vulnerability of the Wireless component of the Oracle Field Service software solution from the Oracle E-Business Suite allows a perpetrator to gain access to and modify data.

The vulnerability of the Wireless component of the Oracle Field Service software in the Oracle E-Business Suite exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to read, modify, add, or delete data...

The vulnerability of the Tools and Frameworks component of the Oracle Commerce Guided Search search engine and the Oracle Commerce Experience Manager user environment management tool allows a perpetrator to gain access to data for reading purposes.

The vulnerability of the Tools and Frameworks component of the Oracle Commerce Guided Search search engine and the Oracle Commerce Experience Manager user environment management tool exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor t...

The vulnerability of the Marketing Administration sub-component of the Oracle Marketing component in the Oracle E-Business Suite system allows a malicious actor to gain read access to data and modify it.

The vulnerability of the Marketing Administration sub-component of the Oracle Marketing component in the Oracle E-Business Suite exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, or...

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a hacker to trigger a service failure.

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK set is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to trigger a service failure using the HTTP protocol...

The vulnerability of the Request Management & Workflow sub-component of the Oracle Identity Manager identity management software allows a malicious actor to gain unauthorized access to protected data.

The vulnerability of the Request Management & Workflow sub-component of the Oracle Identity Manager identity management software exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected...

grub2: Out-of-bound write when handling split HTTP headers

A flaw was found in grub2 when handling split HTTP headers. While processing a split HTTP header, grub2 wrongly advances its control pointer to the internal buffer by one position, which can lead to an out-of-bounds write. This flaw allows an attacker to leverage this issue by crafting a maliciou...

The vulnerability of the “Loans And Deposits” sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model allows a perpetrator to gain access to and modify data.

The vulnerability of the “Loans And Deposits” sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read,...