HTTP/2: flood using SETTINGS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

HTTP/2: flood using empty frames results in excessive resource consumption

A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

Siemens Desigo PX Web Remote Denial of Service Vulnerability

Desigo-PX automation stations and operator units control and monitor building automation systems. They allow alarm signals, time-based programs and trend logging. A remote denial of service vulnerability exists in Siemens Desigo PX Web. An attacker could cause a denial of service condition on the...

The vulnerability of the Analytics Actions sub-component of the Oracle Business Intelligence Enterprise Edition software, specifically within the Oracle Fusion Middleware software platform, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Analytics Actions sub-component of the Oracle Business Intelligence Enterprise Edition software component of the Oracle Fusion Middleware platform is related to the lack of protection for operational data. Exploiting this vulnerability could allow an attacker, operating...

The vulnerability of the SOAP with Attachments API for Java application server of Oracle WebLogic Server, a software platform of Oracle Fusion Middleware, allows a malicious individual to gain unauthorized access to read, modify, add, or delete data.

The vulnerability of the SOAP with Attachments API for Java application servers on Oracle WebLogic Server, a software platform of Oracle Fusion Middleware, is related to access control deficiencies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized...

The vulnerability of the Outside In Filters component within the software development kit (SDK) of Outside In Technology allows a malicious individual to gain unauthorized access to read, modify, add, or delete data, or to cause a service failure.

The vulnerability of the Outside component in the software development toolset SDK related to Outside in Technology is linked to insufficient access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to read, modify, add, or delete data...

The vulnerability of the Oracle Hospitality Reporting and Analytics component in the Oracle Food and Beverage Applications software package allows a perpetrator to gain unauthorized access to protected data.

The vulnerability of the Oracle Hospitality Reporting and Analytics component in the Oracle Food and Beverage Applications suite is related to access control deficiencies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected data usin...

The vulnerability of the US Federal Specific sub-component of the PeopleSoft Enterprise HCM Human Resources package from Oracle PeopleSoft Products allows a perpetrator to gain unauthorized access to protected data.

The vulnerability of the US Federal Specific sub-component of the PeopleSoft Enterprise HCM Human Resources package from Oracle PeopleSoft Products is related to inadequate access control mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized...

The vulnerability of the Portal sub-component of the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Portal subcomponent of the Oracle PeopleSoft Enterprise PeopleTools business application suite relates to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data, or to unauthorizedly access...

The vulnerability of the Oracle Hospitality Reporting and Analytics component in the Oracle Food and Beverage Applications software package allows a perpetrator to gain unauthorized access to protected data.

The vulnerability of the Oracle Hospitality Reporting and Analytics component in the Oracle Food and Beverage Applications suite is related to access control deficiencies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected data usin...

The vulnerability of the Mobile Service sub-component of the BI Publisher (formerly XML Publisher) software platform from Oracle Fusion Middleware allows a malicious actor to gain unauthorized access to read, modify, add, or delete data.

The vulnerability of the Mobile Service sub-component of the BI Publisher formerly XML Publisher software platform from Oracle Fusion Middleware is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to...

The vulnerability of the ADF Faces sub-component of the Oracle JDeveloper component and the ADF software platform of Oracle Fusion Middleware allows a perpetrator to gain full control over the application.

The vulnerability of the ADF Faces sub-component of the Oracle JDeveloper component and the ADF software platform of Oracle Fusion Middleware is related to access control deficiencies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain full control over the...

PT-2020-3630 · Roundcube +4 · Roundcube Webmail +4

Name of the Vulnerable Software and Affected Versions: Roundcube Webmail versions 1.2.10 and earlier, 1.3.x before 1.3.14, and 1.4.x before 1.4.7 Description: The issue allows for cross-site scripting XSS via a crafted HTML e-mail message. This can be demonstrated by a JavaScript payload in the...

Cryptocat Input Validation Error Vulnerability (CNVD-2019-40145)

Cryptocat is an open source online cryptographic chat application. A security vulnerability exists in versions of Cryptocat prior to 2.0.22. An attacker can exploit this vulnerability to cause the application to generate invalid HTML code...

Vulnerability of Siebel Core component – DB Deployment and Configuration of Oracle Siebel CRM system for managing customer relationships. This allows attackers to gain unauthorized access to protected data.

The vulnerability of Siebel Core – DB Deployment and Configuration of the Oracle Siebel CRM system’s customer relationship management system – is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access...

The vulnerability of the Web Access component of the Oracle Primavera P6 Enterprise Project Portfolio Management application allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the Web Access component of the Oracle Primavera P6 Enterprise Project Portfolio Management application relates to deficiencies in access control. Exploiting this vulnerability may allow an attacker, operating remotely, to gain access to modify, add, or delete data using HTTP...

The vulnerability of the Web Access component of the Oracle Primavera P6 Enterprise Project Portfolio Management application allows a hacker to gain unauthorized access to protected data.

The vulnerability of the Web Access component of the Oracle Primavera P6 Enterprise Project Portfolio Management application relates to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected data using th...

The vulnerability of the Fluid Core component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a malicious actor to gain unauthorized access to protected data or compromise the integrity of protected information.

The vulnerability of the Fluid Core component in the Oracle PeopleSoft Enterprise PeopleTools business application suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected data or compromise the integrity of...

The vulnerability of the Order Tracker sub-component of the Oracle iStore component in the Oracle E-Business Suite system allows a perpetrator to access data for modification, addition, or deletion, or to gain unauthorized access to protected information.

The vulnerability of the Order Tracker sub-component of the Oracle iStore component in the Oracle E-Business Suite automation system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, or to gain...