HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

UBUNTU-CVE-2019-10079

Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions...

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765)

Vulnerability in the Java SE product of Oracle Java SE component: Javadoc. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

CVE-2019-3025

Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Food and Beverage Applications. The supported version that is affected is 5.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality RES 3700. While the...

CVE-2019-3012

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: BI Platform Security. Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network...

CVE-2019-2932

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Tree Manager. Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765)

Vulnerability in the Java SE product of Oracle Java SE component: Javadoc. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

WordPress Popup Maker Plugin Has Unspecified Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.Popup Maker is a popup window plugin used in it. A security vulnerability exists in WordPress Popup Maker plugin versions...

The vulnerability of Google Chrome, related to errors in inheriting security policies for new documents, allows a perpetrator to compromise the integrity of data.

The vulnerability of Google Chrome is related to errors in inheriting security policies for new documents. Exploiting this vulnerability can allow a malicious actor to compromise data integrity through a specially created HTML page...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to compromise data integrity, gain unauthorized access to protected information, and cause service failures.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine arises from an operation that occurs outside the buffer in memory. Exploiting this vulnerability can allow a remote attacker to access sensitive data, compromise its integrity, and cause service failures through a...

Oracle JDeveloper and ADF Unauthorized Access Vulnerability

Oracle JDeveloper is an integrated development environment that provides end-to-end support for modeling, developing, debugging, optimizing, and deploying Java applications and Web services.Oracle ADF is an end-to-end Java EE framework that simplifies application development by providing...

The vulnerability of syntactic analysis in HTTP/1 and the HTTP accelerator Varnish allows attackers to induce a service failure.

The vulnerability of syntactic analysis in HTTP/1 and HTTP accelerator Varnish exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...

PT-2019-3655 · Oracle +4 · Java Se +6

Name of the Vulnerable Software and Affected Versions: Java SE versions 8u221 Java SE Embedded versions 8u221 Description: The issue is related to inadequate access control in the Deployment component of Oracle Java SE and Java SE Embedded. This could allow a remote attacker to modify, add, or...

HTTP/2: flood using PRIORITY frames results in excessive resource consumption

A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability...

GHSA-P979-4MFW-53VG HTTP Request Smuggling in Netty

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers such as a "Transfer-Encoding : chunked" line, which leads to HTTP request smuggling...

vBulletin Remote Code Execution Vulnerability

vBulletin is a business forum program developed and marketed by Internet Brands and vBulletin Solutions. A remote code execution vulnerability exists in vBulletin, which can be exploited by an attacker to inject and execute arbitrary PHP code...

Cisco Firepower Management Center Path Traversal Vulnerability

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. A path traversal vulnerability exists in the web-based management interface in Cisco Firepower Management Center FMC, which can be exploited by a remote attacker to bypass the security...