Information Disclosure

github.com/ibm-messaging/mq-container is vulnerable to Information Disclosure. The vulnerability allows a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace, resulting in the disclosure of sensitive information...

IBM MQ Information Disclosure Vulnerability (CNVD-2023-41892)

IBM MQ IBM WebSphere MQ is a messaging middleware product from International Business Machines IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. An information disclosure vulnerability exists in IBM MQ versions 8.0, 9.0, and...

CVE-2023-28514

IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398...

Design/Logic Flaw

IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398...

CVE-2023-28514 IBM MQ information disclosure

IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398...

CVE-2023-28514 IBM MQ information disclosure

IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398...

IBM MQ 安全漏洞

IBM MQ IBM WebSphere MQ is a messaging middleware product from International Business Machines IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. An information disclosure vulnerability exists in IBM MQ versions 8.0, 9.0, and...

Prototype Pollution

safe-eval is vulnerable to Prototype Pollution. The vulnerability exists in safeEval in index.js due to sandbox escaping which allows an attacker to access the host error objects during the generation of a stack trace...

CVE-2023-27904

A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers...

CVE-2023-27904

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers...

CVE-2023-27904

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers...

CVE-2023-27904

CVE-2023-27904 is active in Jenkins/Jenkins-2-plugins deployments per multiple security advisories (RHSA) and Nessus findings. The issue is information disclosure: when agent connections fail, error stack traces may reveal Jenkins configuration details to an attacker. Affected environments includ...

PT-2024-14697

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a kernel warning that occurs when sending a SYN message. The warning is caused by a lack of copy direction from the iterator viewpoint, which leads to a kernel...

Dev Server XSS

Description The developer server unsafely renders the stack trace within errors. This can be manipulated by sending a specially crafted request. Root Cause The error-dev.vuetemplate, within @nuxt\ui-templates uses the v-html directive to render the stacktrace section of the error. vue This would...

Security Bulletin: Multiple security vulnerabilities addressed in IBM Sterling Secure Proxy (CVE-2013-0518, CVE-2013-0519, CVE-2013-0520)

Abstract IBM Sterling Secure Proxy is vulnerable to spoofing and information disclosure attacks. Content VULNERABILITY DETAILS CVE ID: CVE-2013-0518 DESCRIPTION: Application Pages Do Not Break Out of 3rd Party HTML Frames. IBM Sterling Secure Proxy Configuration Manager pages permit rendering...

Security Bulletin: IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser (CVE-2016-5896)

Summary IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser. Vulnerability Details CVEID: CVE-2016-5896 DESCRIPTION: IBM Maximo Asset Management could disclose sensitive information from a stack trace after...

NULL Pointer Dereference in function do_mouse

Description NULL Pointer Dereference in function domouse at vim/src/mouse.c:496 . vim version git log commit 171c683237149262665135c7d5841a89bb156f53 HEAD - master, tag: v9.0.0242, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -X -Z -e -s -S /home/fuzz/test/poc3null.dat -c :qa!...

MAL-2022-6302 Malicious code in stcak-trace (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6837210e402f7d8805450e44b65c91fb35fb3cb153047513c4da37e2f1e6176 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in stcak-trace (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6837210e402f7d8805450e44b65c91fb35fb3cb153047513c4da37e2f1e6176 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-35715

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 231202...