Oracle Hospitality OPERA 5 Property Services 安全漏洞

Oracle Hospitality OPERA 5 Property Services is a Windows-based application component developed by Oracle Corporation, used for processing payment card transactions. Vulnerabilities exist in versions 5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6, and 5.6.28 of Oracle Hospitality OPERA 5 Property Service...

CVE-2026-7853

CVE-2026-7853 affects D-Link DI-8100 with firmware 16.07.26A1. The weakness lies in the HTTP Handler’s /auto_reboot.asp, where the function sprintf mishandles the enable/time argument, causing a buffer overflow. This design flaw enables remote exploitation, and public exploit access is indicated ...

TencentOS Server 3: varnish (TSSA-2023:0259)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0259 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

SUSE-SU-2025:02993-1 Security update for jetty-minimal

This update for jetty-minimal fixes the following issues: Upgraded to version 9.4.58.v20250814: - CVE-2025-5115: Fixed MadeYouReset DoS attack via HTTP/2 protocol including DNS over HTTPS bsc1244252...

F5 Networks BIG-IP : HTTP/2 vulnerability (K000152001)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 16.1.6.1 / 17.1.3 / 17.5.1.2. It is, therefore, affected by a vulnerability as referenced in the K000152001 advisory. An HTTP/2 implementation flaw allows a denial-of-service DoS that uses malformed HTTP/2...

golang: net/http: insufficient sanitization of Host header

A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacke...

CVE-2020-2973

Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application...

ibapi code execution vulnerability

ibapi is a trading system high-speed order interface. A security vulnerability exists in ibapi that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the requested binary file with a binary file under thei...

ALPINE-CVE-2016-10002

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to prob...

CVE-2016-1469

The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service device outage via a series of malformed HTTP requests, aka Bug ID CSCut67385...

Cisco Firepower Management Center and ASA 5500-X Series with FirePOWER Services Elevation of Privilege Vulnerability

Cisco Firepower Management Center and Cisco ASA 5500-X Series with FirePOWER Services are both next-generation firewall software from Cisco. An elevation of privilege vulnerability exists in the web-based GUI in Cisco Firepower Management Center and Cisco ASA 5500-X Series with FirePOWER Services...