280 matches found
GSD-2022-1000479 scsi: ufs: Fix a deadlock in the error handler
scsi: ufs: Fix a deadlock in the error handler This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.25 by commit...
Denial Of Service (DoS)
mercurius is vulnerable to denial of service. an attacker can crash the application by sending a malformed JSON to /graphql using a custom error handler...
Uncaught Exception in mercurius
Impact Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to /graphql unless they are using a custom error handler. Patches The vulnerability has been fixed in https://github.com/mercurius-js/mercurius/pull/678 and shipped as v8.11.2...
GHSA-273R-RM8G-7F3X Uncaught Exception in mercurius
Impact Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to /graphql unless they are using a custom error handler. Patches The vulnerability has been fixed in https://github.com/mercurius-js/mercurius/pull/678 and shipped as v8.11.2...
CVE-2021-43801
Mercurius is a GraphQL adapter for Fastify. Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to /graphql unless they are using a custom error handler. The vulnerability has been fixed in...
Code injection
Mercurius is a GraphQL adapter for Fastify. Any users from email protected to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to /graphql unless they are using a custom error handler. The vulnerability has been fixed in...
CVE-2021-43801
Mercurius (GraphQL adapter for Fastify) versions 8.10.0–8.11.1 are vulnerable to a denial-of-service caused by sending a malformed JSON to /graphql. The issue is fixed in v8.11.2 (pull 678); a workaround is to use a custom error handler. No exploitation details are provided in the available docum...
CVE-2021-43801 Uncaught Exception in mercurius
Mercurius is a GraphQL adapter for Fastify. Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to /graphql unless they are using a custom error handler. The vulnerability has been fixed in...
Fortinet FortiWeb Cross-Site Scripting Vulnerability (CNVD-2021-99662)
Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A cross-site scripting vulnerability exists,...
CVE-2021-36188
A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted GET parameters in requests to login and error handlers...
Fortinet FortiWeb 跨站脚本漏洞
Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A cross-site scripting vulnerability exists,...
GSD-2021-1002319 net/mlx5: Update error handler for UCTX and UMEM
net/mlx5: Update error handler for UCTX and UMEM This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.5 by commit...
UVI-2021-1002319 net/mlx5: Update error handler for UCTX and UMEM
net/mlx5: Update error handler for UCTX and UMEM This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.5 by commit...
CVE-2021-32712 Information leakage in Error Handler
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview...
Shopware 信息泄露漏洞
Shopware is an open source e-commerce platform. A sensitive information disclosure vulnerability exists in versions of Shopware prior to 5.6.10. An attacker can exploit this vulnerability to obtain leaked system information via Error Handler...
Information leakage in Error Handler
Impact Information leakage in Error Handler Patches We recommend updating to the current version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview. For older versions you can use the Security Plugin:...
GHSA-9VXV-WPV4-F52P Information leakage in Error Handler
Impact Information leakage in Error Handler Patches We recommend updating to the current version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview. For older versions you can use the Security Plugin:...
Buffer overflow
Arm Compiler 5 through 5.06u6 has an error in a stack protection feature designed to help spot stack-based buffer overflows in local arrays. When this feature is enabled, a protected function writes a guard value to the stack prior to above any vulnerable arrays in the stack. The guard value is...
CVE-2020-35554
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. There is a WebView SSL error-handler vulnerability. The LG ID is LVE-SMP-200026 December 2020...
CVE-2020-35554
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. There is a WebView SSL error-handler vulnerability. The LG ID is LVE-SMP-200026 December 2020...