The vulnerability of the sub-component “Attachments/File Upload” of the Oracle Application Object Library in the Oracle E-Business Suite system allows a perpetrator to access, modify, add, or delete data.

The vulnerability of the Attachments/File Upload sub-component of the Oracle Application Object Library in the Oracle E-Business Suite system related to access control deficiencies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or delete...

The vulnerability of the “Outside In” component in Oracle’s software development kit (SDK) allows a hacker to trigger a service failure.

The vulnerability of the Outside component in Oracle’s software development kit SDK is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to cause a service failure using the HTTP protocol...

The vulnerability of the Analytics Server sub-component of the Oracle Business Intelligence Enterprise Edition component of the Oracle Fusion Middleware software allows a perpetrator to access, modify, add, or delete data.

The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition software from Oracle Fusion Middleware is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add,...

The vulnerability of the Oracle Hospitality Reporting and Analytics component in the Oracle Food and Beverage Applications software package allows a perpetrator to gain unauthorized access to protected data.

The vulnerability of the Oracle Hospitality Reporting and Analytics component in the Oracle Food and Beverage Applications suite is related to access control deficiencies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected data usin...

Apache HTTP Server Denial of Service Vulnerability

Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in the HTTP/2 modhttp2 connection for httpd in Apache HTTP Server versions 2.4.17 through...

CVE-2018-17692

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

The vulnerability in the implementation of TCP sockets in Cisco IOS and Cisco IOS XE operating systems allows a hacker to trigger a device reboot and a service failure.

The vulnerability of TCP socket implementations in Cisco IOS and Cisco IOS XE systems is related to state management errors. Exploiting this vulnerability can allow a malicious actor to trigger a device reboot and a service failure by sending specially crafted HTTP packets...

The vulnerability of the Security component of the Oracle Retail Xstore Payment software allows a perpetrator to modify protected information or cause service failures.

The vulnerability of the Security component of the Oracle Retail Xstore Payment software lies in deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to modify protected information or cause service failures using the HTTP protocol...

The vulnerability of the Oracle Performance Management (Performance Management Plan) component of the Oracle E-Business Suite automation system, which allows a perpetrator to modify protected information

The vulnerability of the Oracle Performance Management component Performance Management Plan within the Oracle E-Business Suite automation system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to modify protected information using the HTT...

The vulnerability of the CORS component of Apache Tomcat servers allows attackers to access protected information.

The vulnerability of the CORS component in Apache Tomcat servers is related to insufficient access control. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected data using the HTTP protocol...

NEC Aterm WG1200HP Operating System Command Injection Vulnerability

The NEC Aterm WG1200HP is a wireless router from Nippon Electric NEC. An operating system command injection vulnerability exists in the NEC Aterm WG1200HP using firmware version 1.0.31 and earlier. An attacker can exploit this vulnerability to execute arbitrary operating system commands via HTTP...

The vulnerability of the MediaRecorder component in the Google Chrome web browser, which allows a hacker to trigger a service failure

The vulnerability of the MediaRecorder component in the Google Chrome web browser arises from an operation that goes beyond the buffer limits in memory. Exploiting this vulnerability could allow a malicious actor to cause a service failure through a specially created HTML page...

The vulnerability of the Blink web browser component in Google Chrome allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Blink web browser component of Google Chrome relates to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information through a specially created HTML...

CVE-2018-16082

An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page...

UBUNTU-CVE-2018-20067

A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page...

UBUNTU-CVE-2018-16066

A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2016-9651

A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

UBUNTU-CVE-2018-16068

Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...

Bootstrap Cross-Site Scripting Vulnerability (CNVD-2019-23270)

Bootstrap is an open source web front-end framework developed using HTML, CSS and JavaScript . A cross-site scripting vulnerability exists in affix in Bootstrap versions prior to 3.4.0, which can be exploited by remote attackers to inject arbitrary web script or HTML...

CVE-2018-19905

HTML injection exists in razorCMS 3.4.8 via the //page keywords parameter...