HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

The vulnerability of the Enterprise Manager for Oracle Database (Target Management) component of the Oracle Enterprise Manager software platform allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability of the Enterprise Manager for Oracle Database Target Management software component of the Oracle Enterprise Manager is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information or...

The vulnerability of the Enterprise Manager Base Platform (Job System) component of the Oracle Enterprise Manager software allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability of the Enterprise Manager Base Platform Job System component of the Oracle Enterprise Manager software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information or...

The vulnerability of the Enterprise Manager Base Platform (Host Management) component of the Oracle Enterprise Manager software allows a malicious individual to gain unauthorized access to protected information or cause service failures.

The vulnerability of the Enterprise Manager Base Platform Host Management component of the Oracle Enterprise Manager software is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected...

The vulnerability of the Oracle iSupport web application allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Oracle iSupport web application relates to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or delete data, or to unauthorizedly access protected information using the HTTPS protocol...

The vulnerability of the Core component of the real-time payment processing software in Oracle Banking Payments allows a perpetrator to gain unauthorized access and modify data.

The vulnerability of the Core component of the real-time payment processing software in Oracle Banking Payments is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to read, modify, add, or delet...

The vulnerability of the Infrastructure component of the Oracle FLEXCUBE Investor Servicing financial management software allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Infrastructure component of the Oracle FLEXCUBE Investor Servicing financial management software lies in its lack of access control mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Core component of the real-time payment processing software in Oracle Banking Payments allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Core component of the real-time payment processing software in Oracle Banking Payments is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information using...

The vulnerability of the Learner Pages component in Oracle iLearning’s corporate learning management system allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the Learner Pages component in Oracle iLearning’s corporate learning management system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data using the HTTP protocol...

The vulnerability of the Core component of the Oracle Banking Corporate Lending software allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Core component of the Oracle Banking Corporate Lending software lies in its lack of access control mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

The vulnerability of the Core component of the real-time payment processing software in Oracle Banking Payments allows a perpetrator to gain unauthorized access to read, modify, add, or delete data.

The vulnerability of the Core component of the real-time payment processing software in Oracle Banking Payments is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to read, modify, add, or delet...

The vulnerability of the Core component of the Oracle Banking Corporate Lending software allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Core component of the Oracle Banking Corporate Lending software lies in its lack of access control mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

Vulnerability of the Server component: The Information Schema of the MySQL Server database management system, which allows attackers to gain unauthorized access to protected information.

Vulnerability of the MySQL Server component: The information schema of the MySQL Server database management system is vulnerable due to lack of access control mechanisms. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information using the HTTP protoc...

The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analysis system, a simulation-based financial services application, allows a perpetrator to disclose protected information.

The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system, a simulation-based application, relates to the lack of protection for operational data. Exploiting this vulnerability could allow an attacker, operating remotely, to disclose...

The vulnerability of the File Upload component of Oracle Financial Services Revenue Management and Billing system allows a hacker to compromise data integrity or expose confidential information.

The vulnerability of the File Upload component in Oracle Financial Services Revenue Management and Billing system relates to unlimited uploading of sensitive files. Exploiting this vulnerability could allow a malicious actor to compromise data integrity or disclose confidential information using...

The vulnerability of the Web Container (JavaServer Faces) component of the Oracle WebLogic Server application server allows a attacker to disclose sensitive information that is protected by security measures.

The vulnerability of the Web Container JavaServer Faces component of the Oracle WebLogic Server application server is related to the lack of protection for operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose sensitive information using the HTTP...

undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS

A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL...

hibernate-validator: safeHTML validator allows XSS

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack...

undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS

A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL...

CVE-2020-2684

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTT...