The vulnerability of the Apache Tomcat application server, related to deficiencies in HTTP request processing, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the Apache Tomcat application server is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests remotely HTTP Request Smuggling attack...

The vulnerability of the Speech Recognizer component in the Google Chrome web browser, which allows a hacker to trigger a service denial.

The vulnerability of Google Chrome’s Speech Recognizer component relates to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor to cause a service failure through a specially created HTML page...

CVE-2021-26565

Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session...

CVE-2021-22703

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 see notification for affected versions, that could cause disclosure of user credentials when a malicious actor intercepts HTT...

The vulnerability of the Tasks component in Oracle Common Applications Calendar allows attackers to modify data or gain unauthorized access to the device, due to insufficient validation of input data.

The vulnerability of the Tasks component in the Oracle Common Applications Calendar application exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to modify data or gain unauthorized access to the device through HTTP requests...

The vulnerability in the web interface for managing microprogramming software on Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W routers allows a perpetrator to execute arbitrary code.

The vulnerability of the web-based management interfaces for Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN routers is related to errors in handling HTTP requests. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

tomcat: HTTP/2 request header mix-up

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this...

The vulnerability of the Report component of the Oracle Hospitality Reporting and Analytics application allows a perpetrator to gain access to modify, add, or delete data, or to obtain unauthorized access to protected information.

The vulnerability of the Report component of the Oracle Hospitality Reporting and Analytics application is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data, or to obtain unauthorized access to protected...

The vulnerability of the Integration-Scripting component of the Siebel Core application – the Server BizLogic Script – allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Integration-Scripting component of the Siebel Core application – Server BizLogic Script – is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using th...

The vulnerability of the components of Web Services in Oracle WebLogic Server applications allows attackers to gain unauthorized access to protected information.

The vulnerability of the components of Oracle WebLogic Server’s application services is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

UBUNTU-CVE-2021-21146

Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

The vulnerability of the components of Oracle WebLogic Server’s application service servers allows a perpetrator to gain full control over the application.

The vulnerability of the components of Oracle WebLogic Server’s application services is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain full control over the application through the use of the HTTP protocol...

The vulnerability of the HTTP/2 web server implementation in Apache HTTP Server allows a attacker to cause a service failure.

The vulnerability of the HTTP/2 web server implementation in Apache HTTP Server is related to inconsistent interpretation of http requests. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

The vulnerability of the UI Servlet component of the Oracle Configurator allows a perpetrator to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the UI Servlet component of the Oracle Configurator exists due to insufficient validation of input data. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain unauthorized access to protected information or to modify, add, or delete data using...

The vulnerability of the components of Oracle Retail Customer Management and Segmentation Foundation’s software for internal operations allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability of the Internal Operations components of Oracle Retail Customer Management and Segmentation Foundation software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information or cause servi...

The vulnerability of the UI Servlet component of the Oracle Configurator allows a perpetrator to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the UI Servlet component of the Oracle Configurator exists due to insufficient validation of input data. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain unauthorized access to protected information or to modify, add, or delete data using...

The vulnerability of the Console component of the Oracle WebLogic Server application server allows a attacker to gain full control over the application.

The vulnerability of the Console component of the Oracle WebLogic Server application lies in its lack of access control mechanisms. Exploiting this vulnerability allows an attacker, operating remotely, to gain full control over the application using the HTTP protocol...

The vulnerability of the TCP Fast Open (TFO) protocol extension in the Snort intrusion detection system allows a hacker to bypass the configured file policy for HTTP.

The vulnerability of the TCP Fast Open TFO protocol extension in the Snort intrusion detection system is related to deficiencies in the data protection mechanism. Exploiting this vulnerability allows a malicious actor to bypass the configured file policy for HTTP...

The vulnerability of the Tasks component of the Oracle Common Applications Calendar allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Tasks component in Oracle Common Applications Calendar is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or delete data using the HTTP protocol...

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a malicious actor to gain read, modify, add, or delete access to data, or to cause a service failure.

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain read, modify, add, or delete access to data, or cause a service failure using the HTTP...