CVE-2020-2576

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...

CVE-2020-2559

Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM component: UIF Open UI. Supported versions that are affected are 19.7 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attack...

SQL Injection Vulnerability in Wecenter of Shenzhen Weike Interactive Co.

WeCenter is a completely open source social networking program similar to Zhihu based on Q&A, based on PHP+MYSQL application architecture. WeCenter has a SQL injection vulnerability that can be exploited by attackers to obtain sensitive database information...

RICOH SP 4510SF Printer HTML Injection Vulnerability

The RICOH SP 4510SF Printer is a printer. The RICOH SP 4510SF Printer suffers from an HTML injection vulnerability. An attacker can exploit the vulnerability to execute arbitrary code...

PHP EXIF extension buffer overflow vulnerability (CNVD-2020-22810)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems.EXIF extension is one of the...

PHP Buffer Overflow Vulnerability

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A...

PHP Memory Location Double Release Vulnerability

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development, supports a variety of databases and operating systems. A...

PYSEC-2019-137

Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard Transfer-Encoding should be a comma separated list, with t...

HTTP/2: flood using empty frames results in excessive resource consumption

A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

The vulnerability of the microprogramming software used in data collection and analysis devices of FortiAnalyzer and the centralized management system FortiManager allows a malicious individual to gain unauthorized access to the IPMI web interface.

The vulnerability of the microprogramming software used in data collection and analysis devices of FortiAnalyzer and the centralized management system FortiManager is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain...

The vulnerability of the syntax analysis function for URI identifiers of HTTP-servers of TP-Link TL-R600VPN microprogramming devices allows a perpetrator to cause a service failure.

The vulnerability of the syntax analysis function for URI identifiers of HTTP-servers of TP-Link TL-R600VPN software-based routers exists due to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures by sending a specially...

chromium-browser: Incorrect security UI in sharing

Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page...

chromium-browser: Insufficient policy enforcement in payments

Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page...

Google Chrome Input Validation Error Vulnerability (CNVD-2019-46756)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an input validation error vulnerability. An attacker can exploit this vulnerability to spoof a secure user interface with the help of specially crafted HTML pages...

Google Chrome Information Disclosure Vulnerability (CNVD-2019-46754)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an information disclosure vulnerability. The vulnerability can be exploited by an attacker to disclose cross-origin data through specially crafted HTML pages...

Google Chrome Input Validation Error Vulnerability (CNVD-2019-46751)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an input validation error vulnerability. An attacker can exploit this vulnerability to cause heap corruption with the help of specially crafted HTML pages...

Google Chrome WebSockets Resource Management Error Vulnerability

Google Chrome is a web browser from Google, and WebSockets is one of the communication protocols used to exchange data between the client and the server. A resource management error vulnerability exists in Google Chrome WebSockets. An attacker can exploit this vulnerability to cause heap corrupti...

UBUNTU-CVE-2019-13756

Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page...