The vulnerability of the Application Service component of the software for working with Oracle Web Applications Desktop Integrator allows a perpetrator to gain access to modify, add, or delete data, or to gain unauthorized access to protected information.

The vulnerability of the Application Service component of the Oracle Web Applications Desktop Integrator software exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, or gain unauthorized...

The vulnerability of the Manage Proxies component of the Oracle E-Business Suite automation system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Manage Proxies component of the Oracle E-Business Suite automation system exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP...

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a hacker to trigger a service failure.

The vulnerability of the Outside In Filters component in Oracle’s software development kit SDK is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to trigger a service failure using the HTTP protocol...

The vulnerability of the Web Runtime component of the JD Edwards EnterpriseOne Tools system allows a perpetrator to gain access to and modify data.

The vulnerability of the Web Runtime component of the JD Edwards EnterpriseOne Tools system exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP protocol...

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a hacker to trigger a service failure.

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK set is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to trigger a service failure using the HTTP protocol...

CVE-2022-32559

An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics...

CVE-2022-27219

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0 SP2. Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks a...

Siemens SINEMA Remote Connect Server 安全特征问题漏洞

SINEMA Remote Connect is a remote network management platform that makes it easy to manage tunneled connections VPNs between headquarters, service technicians, and installed machines or plants.A standard security check implementation error vulnerability exists in Siemens SINEMA Remote Connect...

TYPO3 跨站脚本漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in TYPO3 that arises from the use of user-submitted content that is not properly encoded in the HTML email sent to the user, and affects the...

The vulnerability of the Lifecycle Management component of the Hyperion Infrastructure Technology management solution allows a perpetrator to gain read access to data and modify it.

The vulnerability of the Lifecycle Management component of the Hyperion Infrastructure Technology exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to read, modify, add, or delete data using the HTT...

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software lies in the copying of buffers without checking the size of the input data. This allows a malicious actor to cause malfunctions in the system.

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure through a specially crafted HT...

Mozilla Firefox 缓冲区错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a buffer overflow vulnerability that originates from a boundary error when processing HTML content. An attacker could exploit this vulnerability to execute arbitrary code o...

CVE-2022-22577

An XSS Vulnerability in Action Pack = 5.2.0 and 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses...

UBUNTU-CVE-2022-22577

An XSS Vulnerability in Action Pack = 5.2.0 and 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses...

varnish: HTTP/1 request smuggling vulnerability

A flaw was found in Varnish. This flaw allows an attacker to carry out a request smuggling attack on HTTP/1 connections on Varnish cache servers. This smuggled request goes through the usual Varnish Configuration Language VCL processing since the Varnish server treats it as an additional request...

GHSA-WJ5W-QGHH-GVQP Mattermost Server does not neutralize HTML content in an Email template field

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized...

netty: control chars in header names may lead to HTTP request smuggling

A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling...

USN-5423-1 clamav vulnerabilities

Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. CVE-2022-20770 Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote...

Moodle 跨站脚本漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A cross-site scripting vulnerability exists in Moodle versions 3.9.0 to 4.0.0, which can be exploited by a remote attacker to inject a...

ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: April 2022

...