Unspecified Vulnerability in Oracle Financial Services Analytical Applications Infrastructure

Oracle Financial Services Analytical Applications is a financial services analytics software from Oracle. A security vulnerability exists in Oracle Financial Services Analytical Applications that could be exploited by an attacker to compromise the Oracle Financial Services Analytical Applications...

chromium-browser: Inappropriate implementation in Blink

Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

chromium-browser: Use after free in WebRTC

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

USN-4600-1 netty-3.9 vulnerabilities

It was discovered that Netty had HTTP request smuggling vulnerabilities. A remote attacker could used it to extract sensitive information. CVE-2019-16869, CVE-2019-20444, CVE-2019-20445, CVE-2020-7238...

Oracle Retail Customer Management and Segmentation Foundation Promotions Unauthorized Access Vulnerability

Oracle Retail Customer Management and Segmentation Foundation is a retail customer management component from Oracle. This component is responsible for customer management and segmentation. An unauthorized access vulnerability exists in Oracle Retail Customer Management and Segmentation Foundation...

CVE-2020-3299

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. The vulnerability is due to incorrect detection of modified HTTP packets used in chunked responses. An attacker...

VulnCheck KEV: CVE-2020-2555

Multiple Oracle products contain a remote code execution vulnerability that allows an unauthenticated attacker with network access via T3 or HTTP to takeover the affected system. Impacted Oracle products: Oracle Coherence in Fusion Middleware, Oracle Utilities Framework, Oracle Retail...

chromium-browser: Use after free in payments

Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...

chromium-browser: Inappropriate implementation in V8

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2020-4740

IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 188150...

chromium-browser: Out of bounds read in storage

Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page...

The vulnerability of the Google Chrome and Sailfish Browser rendering process allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the Google Chrome and Sailfish Browser rendering process is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure or execute arbitrary code by deleting the current embedded HTML obje...

SQL Injection Vulnerability in PHP Version of Nettie CMS

OTCMS Nettie CMS is an article-based web content management system CMS. A SQL injection vulnerability exists in the PHP version of OTCMS, which can be exploited by attackers to obtain sensitive information from the database...

The vulnerability of the Apache Tomcat application server, related to the inconsistent interpretation of HTTP requests, allows attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the Apache Tomcat application server is related to the inconsistent interpretation of HTTP requests. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality and integrity of the protected information...

DEBIAN-CVE-2020-10687

A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

IBM DataPower Gateway Denial of Service Vulnerability (CNVD-2020-54936)

IBM DataPower Gateway is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and optimizes access across...

Google Chrome Serial Policy Validation Insufficiency Vulnerability

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A serial policy validation insufficiency vulnerability exists in Google Chrome versions prior to 85.0.4183.121. A remote attacker can exploit this vulnerability to...

DEBIAN-CVE-2020-6573

Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

UBUNTU-CVE-2020-15964

Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

The vulnerability of the Data, Domain & Function Security component of the Oracle Transportation Management software allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Data, Domain, and Function Security component of the Oracle Transportation Management software lies in the lack of protection for operational data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected...