The vulnerability of the Mobile Service component of the BI Publisher software platform from Oracle Fusion Middleware relates to insufficient validation of input data. This allows a malicious individual to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the Mobile Service component in the BI Publisher reporting tool, a software platform developed by Oracle Fusion Middleware, is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized...

The vulnerability of the Web Access component of the Oracle Primavera Portfolio Management software lies in insufficient validation of input data. This allows attackers to gain access to modify, add, or delete data.

The vulnerability of the Web Access component of Primavera Portfolio Management, a software solution for automating production process management, is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or...

The vulnerability of the Query component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a hacker to gain read, modify, add, or delete access to data.

The vulnerability of the Query component in the Oracle PeopleSoft Enterprise PeopleTools business application suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using th...

The vulnerability of the Attachments/File Upload component of the Oracle Applications Framework allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Attachments/File Upload component in the Oracle Applications Framework is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows an attacker to gain access to, modify, add, or delete data using the HTTP protocol...

The vulnerability of the Advanced User Interface component of the Oracle WebCenter Sites application allows a malicious actor to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Advanced User Interface component of the Oracle WebCenter Sites application for online user services is related to the lack of protective measures for the website structure. Exploiting this vulnerability may allow an attacker, operating remotely, to modify, add, or delete...

The vulnerability in the full-screen mode of the Google Chrome browser allows a hacker to compromise data integrity.

The vulnerability of the full-screen mode of the Google Chrome browser is related to a bug in the system’s resource management mechanism. Exploiting this vulnerability allows an attacker to manipulate data integrity through a specially created HTML page...

The vulnerability of the Logging component of the Oracle Application Object Library allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Logging component of the Oracle Application Object Library relates to the lack of protection for operational data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

The vulnerability of Google Chrome’s general access mechanism allows a perpetrator to compromise data integrity.

The vulnerability of the Google Chrome browser’s general access mechanism is related to a bug in the system’s resource management mechanism. Exploiting this vulnerability allows an attacker to influence data integrity through a specially created HTML page...

The vulnerability of the Tile Server component of the Oracle Fusion Middleware MapViewer software allows a intruder to gain access to modify, add, or delete data.

The vulnerability of the Tile Server component of the Oracle Fusion Middleware MapViewer software relates to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or delete data using the HTTP protocol...

chromium-browser: Heap buffer overflow in history

Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

chromium-browser: Type Confusion in V8

Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2020-11993

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

CloudForms: Cross Site Scripting in report menu title / HTML Code Injection

A flaw was found in the Report Menu of Red Hat CloudForms where the title field was not properly sanitized for HTML and JavaScript inputs. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Please note that Content Security Policy can...

The vulnerability of Google Chrome browser developer tools allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of Google Chrome browser developer tools is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow an attacker who operates remotely to access confidential data, compromise its integrity, and even cause service failures through a...

The vulnerability of Blink’s web page display mechanism in Google Chrome browser allows attackers to access confidential data.

The vulnerability of Blink’s web page rendering mechanism in Google Chrome browsers is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data through a specially created HTML page...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to access sensitive data, compromise its integrity, and cause service failures.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures through a specially...

The vulnerability of trusted browser types like Google Chrome, due to the lack of standard permission mechanisms, allows attackers to compromise data integrity.

The vulnerability of the trusted browser types Google Chrome is related to the lack of a mechanism for standard permissions. Exploiting this vulnerability allows an attacker to affect data integrity through a specially created HTML page...

Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack

A new research has identified four new variants of HTTP request smuggling attacks that work against various commercial off-the-shelf web servers and HTTP proxy servers. Amit Klein, VP of Security Research at SafeBreach who presented the findings today at the Black Hat security conference, said th...

The vulnerability of the Preferences component of the Oracle CRM Technical Foundation system, which allows a hacker to cause service failure.

The vulnerability of the Preferences component of the Oracle CRM Technical system exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to cause service failures using the HTTP protocol...

The vulnerability of the User Interface component of the Oracle Advanced Outbound Telephony application, which allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the User Interface component of the Oracle Advanced Outbound Telephony application is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP...