CVE-2022-22373

An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain non-sensitive debugging information like stack traces. IBM X-Force ID: 221323...

PT-2022-20485 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 7.6.57 ELTS TYPO3 versions prior to 8.7.47 ELTS TYPO3 versions prior to 9.5.34 ELTS TYPO3 versions prior to 10.4.29 TYPO3 versions prior to 11.5.11 Description: System internal credentials or keys, such as database...

IBM MQ for HPE NonStop Information Disclosure Vulnerability

IBM MQ IBM WebSphere MQ is a messaging middleware product from IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. An information disclosure vulnerability exists in IBM MQ for HPE NonStop version 8.1.0, which can be exploited b...

The vulnerability of the libsndfile library for reading and writing audio files involves a numerical overflow with empty stack traces, allowing an attacker to execute arbitrary code in the target system.

The vulnerability of the libsndfile library for reading and writing audio files is related to a numerical overflow with empty stack traces. Exploiting this vulnerability could allow an attacker to execute arbitrary code on the target system...

Sandbox Bypass

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of...

Uber: Exposed Golang Pprof debugger at https://cn-geo1.uber.com/

The Golang pprof debug interface was exposed on an Uber endpoint. This allowed introspection of stack traces, application timing, command line parameters and memory usage...

OWASP Top 10 Deep Dive: Injection and Stack Traces From a Hacker's Perspective

In case you missed it, injection claimed the number 3 spot in OWASP's updated Top 10 application security risks for 2021. Today, I'm going to highlight some of the reasons why injection is such a formidable threat, despite it falling two spaces from the number 1 slot on OWASP's 2017 list. But...

IBM Planning Analytics 安全漏洞

IBM Planning Analytics, a planning, budgeting, forecasting and analysis solution, is vulnerable to an information disclosure vulnerability in IBM Planning Analytics version 2.0. An attacker could exploit the vulnerability to obtain sensitive information when returning a stack trace in a browser...

IBM Planning Analytics 安全漏洞

IBM Planning Analytics is a business planning and analysis solution from IBM Corporation. The solution supports automated execution of business planning, budgeting, and analysis processes.A security vulnerability exists in the Planning Analytics spreadsheet service component of IBM Planning...

Security Bulletin: Potential information leakages vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology

Summary Multiple vulnerabilities in the IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational Team Concert RTC, Rational Quality Manager RQM, Rational...

openSUSE Security Update : viewvc (openSUSE-2021-84)

This update for viewvc fixes the following issues : - update to 1.1.28 boo1167974, CVE-2020-5283 : - security fix: escape subdir lastmod file name 211 - fix standalone.py first request failure 195 - suppress stack traces with option to show 140 - distinguish text/binary/image files by icons 166,...

openSUSE Security Update : viewvc (openSUSE-2021-123)

This update for viewvc fixes the following issues : - update to 1.1.28 boo1167974, CVE-2020-5283 : - security fix: escape subdir lastmod file name 211 - fix standalone.py first request failure 195 - suppress stack traces with option to show 140 - distinguish text/binary/image files by icons 166,...

Security update for viewvc (moderate)

openSUSE Security Update: Security update for viewvc Announcement ID: openSUSE-SU-2021:0119-1 Rating: moderate References: 1167974 Cross-References: CVE-2020-5283 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description: This update for...

Security update for viewvc (moderate)

openSUSE Security Update: Security update for viewvc Announcement ID: openSUSE-SU-2021:0084-1 Rating: moderate References: 1167974 Cross-References: CVE-2020-5283 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for viewvc fix...

Mozilla: Potential leak of redirect targets when loading scripts in a worker

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox 79, Firefox ESR 68.11, Firefox ESR 78.1, Thunderbird 68.11, and Thunderbi...

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2020-44563)

Mozilla Firefox and others are products of the Mozilla Foundation in the U.S.A. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser.Mozilla Thunderbird is a suite of e-mail client software separate from the Mozilla Application...

Fedora 30 : viewvc (2020-c952520959)

Fix for CVE-2020-5283. ViewVC 1.1.28 ChangeLog - security fix: escape subdir lastmod file name 211 - fix standalone.py first request failure 195 ViewVC 1.1.27 ChangeLog : - suppress stack traces with option to show 140 - distinguish text/binary/image files by icons 166, 175 - colorize alternating...

CVE-2019-12864

SolarWinds Orion Platform 2018.4 HF3 NPM 12.4, NetPath 1.1.4 is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query...

Design/Logic Flaw

SolarWinds Orion Platform 2018.4 HF3 NPM 12.4, NetPath 1.1.4 is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query...

CVE-2019-12864

SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is affected by an Information Leakage vulnerability caused by improper error handling that exposes stack traces and a full pathname on a 500 Internal Server Error. The issue is demonstrated via the api2/swis/query?lang=en-us&swAlertOn...