ALPINE-CVE-2018-1000005

libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported https://github.com/curl/curl/pull/2231 that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the...

CVE-2018-2683

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications subcomponent: POS. Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitalit...

CVE-2018-2671

Vulnerability in the PeopleSoft Enterprise SCM Purchasing component of Oracle PeopleSoft Products subcomponent: Supplier Registration. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSo...

CVE-2018-2660

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications subcomponent: Core. Supported versions that are affected are 7.3.5.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network...

CVE-2017-10301

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products subcomponent: Enterprise Portal. The supported version that is affected is 9.1.00. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

PHP GD Graphics Library Denial of Service Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community.GD Graphics Library also known as libgd or libgd2 is an open source library for dynamically creating images developed by American software...

PT-2018-2503 · Live555 +2 · Live555 Rtsp Server Library +2

Name of the Vulnerable Software and Affected Versions: LIVE555 RTSP server library version 0.92 Description: The issue is related to a buffer overflow error in the HTTP packet parser implementation of the LIVE555 RTSP server library. This can be exploited by a remote attacker using a specially...

Red Hat CloudForms HTML Injection Vulnerability

Red Hat CloudForms is a suite of IaaS Infrastructure as a Service cloud service solutions from Red Hat, Inc. The solution creates and manages private and public clouds and has the ability to manage the application lifecycle. An HTML injection vulnerability exists in Red Hat CloudForms, which stem...

The vulnerability in the JavaScript V8 engine of Google Chrome’s browser allows a hacker to execute arbitrary code in an isolated environment.

The vulnerability of Google Chrome’s JavaScript V8 engine is related to a type conversion error. Exploiting this vulnerability allows an attacker to execute arbitrary code in a isolated environment using a specially crafted HTML page...

The vulnerability of Google Chrome’s Skia graphics library allows a hacker to perform memory-reading operations beyond the limits of the application’s memory.

The vulnerability of Google Chrome’s Skia graphics library exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to perform memory-walking attacks using a specially crafted HTML page...

The vulnerability in the JavaScript V8 engine of Google Chrome’s browser allows a hacker to execute read-out operations beyond the memory limit.

The vulnerability in the JavaScript V8 engine of Google Chrome browsers exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to perform out-of-memory reading through a specially crafted HTML page...

The vulnerability of Google Chrome’s Blink rendering module allows a hacker to read data beyond the memory limit of the application.

The vulnerability of Google Chrome’s Blink engine is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to read data beyond the application’s memory boundary using a specially crafted HTML page...

H2O Denial of Service Vulnerability (CNVD-2018-01617)

H2O is a set of open source Web server software . A denial of service vulnerability exists in H2O 2.2.2 and earlier versions. A remote attacker can exploit this vulnerability to cause a denial of service with a specially crafted HTTP/1 packet header...

H2O Denial of Service Vulnerability (CNVD-2018-01620)

H2O is a set of open source Web server software . A denial of service vulnerability exists in H2O 2.2.3 and earlier versions. A remote attacker can exploit this vulnerability to cause a denial of service with a specially crafted HTTP/2 packet header...

httpd: mod_ssl NULL pointer dereference

A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...

The vulnerability of Google Chrome browsers, related to the use of memory after it is freed, allows a hacker to perform reading beyond the buffer limit.

The vulnerability of Google Chrome relates to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to perform reading beyond the buffer limit using a specially crafted HTML page...

undertow: HTTP Request smuggling vulnerability due to permitting invalid characters in HTTP requests

It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP...

Cisco Data Center Network Manager Software HTTP Injection Vulnerability

Cisco Data Center Network Manager DCNM Software is a data center management system from Cisco USA. The system works with Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting. An HTTP injection vulnerability exists in the web interface in Cisco...

DEBIAN-CVE-2017-2891

An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request...

CVE-2017-12083

An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the...