The vulnerability of the Management Console component in the Oracle Cloud Infrastructure Storage Gateway allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Management Console component in Oracle Cloud Infrastructure Storage Gateway is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information throu...

The vulnerability of the Frameworks component of the Oracle PeopleSoft Enterprise CS Campus Community application, which allows a perpetrator to gain unauthorized access to protected information

The vulnerability of the Frameworks component in the Oracle PeopleSoft Enterprise CS Campus Community application is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information using the HTTP protocol...

PYSEC-2021-84

Plone through 5.2.4 allows stored XSS attacks by a Contributor by uploading an SVG or HTML document...

PHP Factory Telop01 跨站脚本漏洞

php factory Telop01 is a simple PHP program from Japan's PHP Factory that displays subtitles, news tickers and headlines in flowing characters on the home page and any page. A security vulnerability exists in Telop01 1.0.1, which stems from insufficient sanitization of user-supplied data in the...

The vulnerability of the TopLink Integration server component of Oracle WebLogic Server allows a hacker to gain unauthorized access to the device.

The vulnerability of the TopLink Integration component of Oracle WebLogic Server applications exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the device through HTTP requests...

The vulnerability of the Receipts sub-component of the Oracle Receivables component in the Oracle E-Business Suite system, which allows a perpetrator to gain unauthorized access to the device.

The vulnerability of the Receipts sub-component of the Oracle Receivables component in the Oracle E-Business Suite system is related to code errors. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to the device through HTTP requests...

The vulnerability of the Sites sub-component of the Oracle Site Hub component in the Oracle E-Business Suite system, which allows a malicious individual to gain unauthorized access to the device.

The vulnerability of the Sites sub-component of the Oracle Site Hub component in the Oracle E-Business Suite system for enterprise automation activities is related to code errors. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to the device...

The vulnerability of the Rules Framework component of the Oracle Financial Services Analytical Applications Infrastructure software allows a perpetrator to gain read access to data or modify data.

The vulnerability of the Rules Framework component of the Oracle Financial Services Analytical Applications Infrastructure software exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain read access to data or modify...

The vulnerability of the UI Framework component of the Enterprise Manager Base Platform allows a perpetrator to gain access to read data or modify data.

The vulnerability of the UI Framework component of the Enterprise Manager Base Platform exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read data or to modify, add, or delete data through HTTP requests...

The vulnerability of the sub-component Courseware within the Oracle Quoting component of the Oracle E-Business Suite allows a perpetrator to gain unauthorized access to the device.

The vulnerability of the Courseware sub-component of the Oracle Quoting component in the Oracle E-Business Suite system’s enterprise automation activity system is related to code errors. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to the...

python: CRLF injection via HTTP request method in httplib/http.client

A flaw was found in Python. The built-in modules httplib and http.client included in Python 2 and Python 3, respectively do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The highest threat fr...

The vulnerability of the Gateway component of the Oracle Secure Global Desktop software allows a hacker to gain full control over the application.

The vulnerability of the Oracle Secure Global Desktop software’s Gateway component is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain full control over the application using the HTTP protocol...

The vulnerability of the Message Display component of the Oracle Email Center messaging software in the Oracle E-Business Suite, a business automation system, allows a malicious individual to access, modify, add, or delete data, or gain full control over the application.

The vulnerability of the Message Display component of the Oracle Email Center messaging software, a part of the Oracle E-Business Suite for enterprise automation, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or...

The vulnerability of the Quote sub-component of the Oracle Lease and Finance Management component in the Oracle E-Business Suite system allows a malicious individual to gain unauthorized access to the device.

The vulnerability of the Quotes sub-component of the Oracle Lease and Finance Management component within the Oracle E-Business Suite automation system is related to code errors. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to the device...

The vulnerability of the sub-components “Loan Details” and “Loan Accounting Events” of the Oracle Loans component in the Oracle E-Business Suite, a business automation system, allows a malicious individual to gain unauthorized access to the device.

The vulnerability of the Loan Details and Loan Accounting Events subcomponents of the Oracle Loans component in the Oracle E-Business Suite is related to code errors. Exploitation of this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to the device through HT...

PT-2021-3092

Name of the Vulnerable Software and Affected Versions Microsoft HTTP Protocol Stack versions prior to the fixed version Description The issue is related to a memory usage problem after memory release in the HTTP Protocol Stack of Microsoft Windows operating systems. This can be exploited by a...

CVE-2021-22679

The affected product is vulnerable to an integer overflow while processing HTTP headers, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK...

CVE-2021-1516

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance SMA, Cisco Email Security Appliance ESA, and Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to access sensitive information on an affecte...

netty: Request smuggling via content-length header

A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The...

The vulnerability of the iRecruitment component of the Oracle Human Resources workforce management software allows a hacker to gain access to data for editing, adding, or deleting.

The vulnerability of the iRecruitment component of the Oracle Human Resources staffing management software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or delete data using the HTTP protocol...