The vulnerability of the DBI Setup component of the Oracle E-Business Intelligence application allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the DBI Setup component of the Oracle E-Business Intelligence application is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP protocol...

The vulnerability of the User Interface component of the Oracle Insurance Accounting Analyzer allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the User Interface component of the Oracle Insurance Accounting Analyzer is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to read, modify, add, or delete data using the HTTP protocol...

The vulnerability of the CRM User Management Framework component of Oracle Common Applications allows a hacker to gain access to read, modify, add, or delete data.

The vulnerability of the CRM User Management Framework component of Oracle Common Applications is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain access to read, modify, add, or delete data using the HTTP protocol...

The vulnerability of the Infrastructure component of Oracle Financial Services Analytical Applications Infrastructure, which allows a perpetrator to gain read, modify, add, or delete access to data.

The vulnerability of the Oracle Financial Services Analytical Applications Infrastructure component is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain read, modify, add, or delete access to data using the HTTP protocol...

The vulnerability in the user interface of Google Chrome’s Chromium browser allows a hacker to gain access to confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of Google Chrome’s Chromium user interface is related to errors in the use of standard permissions. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and also cause service interruptions through a specially created...

tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS

A flaw was found in Apache Tomcat, where an h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests are made, an OutOfMemoryException could occur, leading to a denial of service. The highest threat from this vulnerability i...

CVE-2020-14337

A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote attacker to retrieve pages from the default organization and verify existing usernames. The highest threat from this vulnerability is to data...

HTTP/2: flood using empty frames results in excessive resource consumption

A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

HTTP/2: flood using SETTINGS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers

A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling...

netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling

A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling...

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

The vulnerability of the Oracle Application Express component of the Oracle Database Server database management system allows attackers to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Oracle Application Express component of the Oracle Database Server management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to modify, add, or delete data, or to gain unauthorized acces...

The vulnerability of the Oracle Application Express component of the Oracle Database Server database management system allows attackers to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Oracle Application Express component of the Oracle Database Server management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to modify, add, or delete data, or to gain unauthorized acces...

The vulnerability of the Oracle Application Express component of the Oracle Database Server database management system allows attackers to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Oracle Application Express component of the Oracle Database Server management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to modify, add, or delete data, or to gain unauthorized acces...

UBUNTU-CVE-2020-7695

Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers...

Embedthis Software GoAhead Request Replay Attack Vulnerability

Embedthis Software GoAhead is an embedded Web server from Embedthis Software, USA. A request replay attack vulnerability exists in Embedthis Software GoAhead versions prior to 5.1.2, which stems from GoAhead's failure to properly handle nonce values during Digest authentication, and can be...

DEBIAN-CVE-2020-6527

Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page...

UBUNTU-CVE-2020-6512

Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...