PYSEC-2020-242

netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing which could allow for CL:TE or TE:TE attacks...

DEBIAN-CVE-2020-6474

Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2020-6487

Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

hibernate-validator: safeHTML validator allows XSS

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack...

The vulnerability of the Print Server sub-component of the Oracle One-to-One Fulfillment component of the Oracle E-Business Suite allows a perpetrator to gain access to and modify data.

The vulnerability of the Print Server sub-component of the Oracle One-to-One Fulfillment component in the Oracle E-Business Suite exists due to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to read, modify, add,...

The vulnerability of the Accounts sub-component of the Oracle iSupplier Portal, a component of the Oracle E-Business Suite enterprise automation system, allows a perpetrator to gain access to read data.

The vulnerability of the Accounts sub-component of the Oracle iSupplier Portal, a component of the Oracle E-Business Suite enterprise automation system, is related to the lack of protection for sensitive data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain acce...

The vulnerability of the Preferences sub-component of the Oracle CRM Technical Foundation component of the Oracle E-Business Suite allows a perpetrator to gain access to and modify data.

The vulnerability of the Preferences sub-component of the Oracle CRM Technical Foundation component of the Oracle E-Business Suite system relates to the lack of protection for operational data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to read,...

The vulnerability of the Preferences component of the Oracle CRM system’s customer relationship management module. The Oracle E-Business Suite technical foundation for automating business processes, allowing attackers to access, modify, add, or delete data.

The vulnerability of the Preferences component of the Oracle CRM system’s customer relationship management module is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data using the HTTP protocol...

The vulnerability of the Outcome-Result component of the Oracle Customer Interaction History software in the Oracle E-Business Suite, a business automation system, allows a malicious individual to gain access to modify, add, or delete data.

The vulnerability of the Outcome-Result component of the Oracle Customer Interaction History software in the Oracle E-Business Suite involves deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or delete data...

The vulnerability of the Discovery Framework component (Oracle OHS) within the Enterprise Manager Base Platform allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Discovery Framework component Oracle OHS in the Enterprise Manager Base Platform is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data, or to unauthorizedly access protected...

CVE-2019-4667

IBM UrbanCode Deploy UCD 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID:...

The vulnerability of the Profile component in the Oracle iSupport web application allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Profile component in the Oracle iSupport web application is related to access control deficiencies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or unauthorizedly access protected information using the HTTP...

The vulnerability of the DBI Setup component of the Oracle E-Business Intelligence software, a business automation system within the Oracle E-Business Suite. This component allows attackers to access, modify, add, or delete data, or gain unauthorized access to protected information.

The vulnerability of the DBI Setup component of the Oracle E-Business Intelligence software, a business automation system within the Oracle E-Business Suite, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or...

The vulnerability of the KB Search component of the Oracle Email Center messaging software in the Oracle E-Business Suite, a business automation system, allows a malicious individual to access, modify, add, or delete data, or to gain unauthorized access to protected information.

The vulnerability of the KB Search component of the Oracle Email Center messaging software within the Oracle E-Business Suite system relates to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, or to gain...

The vulnerability of the DBI Setup component of the Oracle E-Business Intelligence software, a business automation system within the Oracle E-Business Suite. This component allows attackers to access, modify, add, or delete data, or gain unauthorized access to protected information.

The vulnerability of the DBI Setup component of the Oracle E-Business Intelligence software, a business automation system within the Oracle E-Business Suite, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or...

The vulnerability of the Message Display component of the Oracle Email Center messaging software in the Oracle E-Business Suite, a business automation system, allows a malicious individual to access, modify, add, or delete data, or to gain unauthorized access to protected information.

The vulnerability of the Message Display component of the Oracle Email Center messaging software in the Oracle E-Business Suite system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data, or to...

The vulnerability of the V8 component in Google Chrome browsers allows a hacker to gain unauthorized access to confidential data, cause service failures, or compromise data integrity.

The vulnerability of Google Chrome’s V8 component relates to access to data without type control. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to confidential data, cause service failures, or compromise data integrity through a specially created HTML page...

Red Hat Undertow Environment Issues Vulnerabilities

Red Hat Undertow is a U.S. Red Hat Red Hat, a Java-based embedded Web server, is the default Web server Wildfly Java application server. An environment issue vulnerability exists in versions prior to Red Hat Undertow 2.1.1.Final. An attacker could exploit this vulnerability to cause HTTP requests...

The vulnerability of many elements of the DAViCal calendar exchange server, related to deficiencies in mechanisms for combating cross-site fraud, allows attackers to gain unauthorized access to confidential data, cause service failures, and compromise data integrity.

The vulnerability of many components of the DAViCal calendar exchange server is related to deficiencies in mechanisms for combating cross-site fraud. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to confidential data, cause service failures, and compromise...