The vulnerability of the Java application analysis software’s report-generation component, Eclipse Memory Analyzer, allows a perpetrator to execute arbitrary code on the target system.

The vulnerability of the Java application analysis software’s report generation component, Eclipse Memory Analyzer, is related to errors in processing a specially crafted HTML request. Exploiting this vulnerability allows an attacker to execute arbitrary code on the target system remotely...

netty: HTTP request smuggling

A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF carriage return, line feed without being followed by SP space or HTAB horizontal tab, result in situations where headers can be misread. Dat...

PT-2020-18343 · Ruby +1 · Puma +1

Name of the Vulnerable Software and Affected Versions: Puma RubyGem versions prior to 4.3.3 Puma RubyGem versions prior to 3.12.4 Description: The issue allows an attacker to inject malicious content, such as additional headers or an entirely new response body, by using a carriage return characte...

The vulnerability of Google Chrome’s browser, related to integer overflow, allows attackers to compromise data integrity.

The vulnerability of Google Chrome relates to a numerical overflow issue. Exploiting this vulnerability allows an attacker to compromise data integrity by using a specially crafted HTML page...

Vulnerability of Firefox web browsers, Firefox ESR, and the Thunderbird email program, related to the lack of protection for operational data, allowing unauthorized access to confidential information

The vulnerability in web browsers Firefox, Firefox ESR, and the email processing program Thunderbird is related to the lack of protection for mission-critical data. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to confidential data through a specially creat...

netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling

A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling...

netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header

A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a...

CVE-2020-4212

IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175023...

chromium-browser: Inappropriate implementation in AppCache

Inappropriate implementation in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass AppCache security restrictions via a crafted HTML page...

chromium-browser: Inappropriate implementation in Blink

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

chromium-browser: Insufficient validation of untrusted input in Blink

Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page...

The vulnerability of the Oracle Flow Builder component in the software for testing web applications, web services, and Oracle databases within the Oracle Application Testing Suite allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Oracle Flow Builder component, a software tool for testing web applications, web services, and databases within the Oracle Application Testing Suite, is related to access control deficiencies. Exploiting this vulnerability could allow an attacker operating remotely to gai...

The vulnerability of the Message Display component of the Oracle Email Center software allows a malicious individual to gain access to modify, add, or delete data, or to gain unauthorized access to protected information.

The vulnerability of the Message Display component in the Oracle Email Center software lies in its lack of access control mechanisms. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data, or to obtain unauthorized access to protected information usin...

Google Chrome Navigation Restriction Bypass Vulnerability

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A navigation restriction bypass vulnerability exists in versions of Google Chrome prior to 80.0.3987.87. The vulnerability stems from insufficient policy enforcemen...

Google Chrome streams out-of-bounds memory access vulnerability

Google Chrome is a web browser developed by Google Inc. Google Chrome versions prior to 80.0.3987.87 contain an out-of-bounds memory access security vulnerability in the implementation of streams, which can be exploited by attackers to cause heap damage via a constructed HTML page...

DEBIAN-CVE-2020-6406

Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2020-6396

Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

The vulnerability of the Console component of Oracle WebLogic Server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Oracle WebLogic Server application server’s Console component is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

The vulnerability of the Security and Authentication component of the Oracle Business Intelligence Enterprise Edition allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Security and Authentication component of the Oracle Business Intelligence Enterprise Edition is related to deficiencies in access control. Exploitation of this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, or to gain unauthoriz...

The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition software is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...