The vulnerability of the WebConnect component of the Oracle Hospitality Suite8 software, which allows a malicious individual to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the WebConnect component of the Oracle Hospitality Suite8 software for managing hotel resources is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information o...

CVE-2020-15951

Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. An attacker could leverage this to redirect application users to a phishing website in an attempt to steal...

chromium-browser: Use after free in WebRTC

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

The vulnerability of the User Interface component of the Oracle Trade Management application, a part of the Oracle E-Business Suite, allows an attacker to modify, add, or delete data.

The vulnerability of the User Interface component of the Oracle Trade Management application, a part of the Oracle E-Business Suite, relates to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to modify, add, or delete data using the HTTP network protoc...

The vulnerability of the Oracle Applications Manager component, a tool for application management in the Oracle E-Business Suite, allows an attacker to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the Oracle Applications Manager component, a tool for application management in the Oracle E-Business Suite, is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information or to...

The vulnerability of the Page Request component in the Oracle Applications Framework software platform of the Oracle E-Business Suite allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Page Request component in the Oracle Applications Framework software platform of the Oracle E-Business Suite relates to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to modify, add, or delete data using the HTTP...

httpd: mod_http2: DoS via slow, unneeded request bodies

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...

DEBIAN-CVE-2020-15979

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2020-15982

Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

DEBIAN-CVE-2020-15985

Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page...

DEBIAN-CVE-2020-15968

Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2020-15988

Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page...

CVE-2020-14750

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP...

The vulnerability of the Oracle Application Express Data Reporter component of the Oracle Database Server database management system allows attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the Oracle Application Express Data Reporter component of the Oracle Database Server management system exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality and integrity of the protected...

The vulnerability of the Oracle Application Express Quick Poll component of the Oracle Database Server database management system allows attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the Oracle Application Express Quick Poll component of the Oracle Database Server management system exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality and integrity of the protected informati...

The vulnerability of the Oracle Application Express Group Calendar component of the Oracle Database Server database management system allows attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the Oracle Application Express Group Calendar component of the Oracle Database Server management system exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality and integrity of the protected...

The vulnerability of the Database Filesystem component of the Oracle Database Server system allows a attacker to cause a service failure.

The vulnerability of the Database Filesystem component of the Oracle Database Server management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures using the HTTP network protocol...

CVE-2020-27651

Synology Router Manager SRM before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...

VulnCheck KEV: CVE-2020-16009

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft...

Unspecified Vulnerability in Oracle Hospitality OPERA Property Services

Oracle Hospitality OPERA 5 Property Services is a Windows-based application component of Oracle Corporation for processing payment card payments. A security vulnerability in Oracle Hospitality OPERA 5 Property Services Logging version 5.5, 5.6 allows a highly privileged attacker to compromise...