28 matches found
CVE-2020-4164
IBM Security Information Queue ISIQ 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could expose sensitive information from applicatino errors which could be used in further attacks against the system. IBM X-Force ID: 174400...
Security Bulletin: IBM Security Information Queue could reveal sensitive data in application error messages (CVE-2020-4164)
Summary In response to certain application errors, IBM Security Information Queue ISIQ could output messages that contain sensitve data, which could then be used to gain unauthorized system access. As of v1.0.6, ISIQ no longer includes sensitve data when outputting error messages. Vulnerability...
Denial of Service
Overview Versions of @hapi/accept prior to 3.2.4 or 5.0.1 are vulnerable to Denial of Service. The Accept-Encoding HTTP header parser has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. Because hapi rethrows system errors as oppose...
CVE-2020-5217 Directive injection when using dynamic overrides with user input in RubyGems secure_headers
In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a semicolon could be injected leading to directive injection. This could be us...
secure_headers directive injection using semicolon
If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a semicolon could be injected leading to directive injection. This could be used to e.g. override a script-src directive. Duplicate directives are ignored and the first one wins. The directives in secureheaders...
August 13, 2019—KB4512506 (Monthly Rollup)
August 13, 2019—KB4512506 Monthly Rollup IMPORTANT Verify that you have installed the updates listed in the How to get this update section before installing this update. For all updates starting with August 13, 2019, we strongly recommend that you install these updates to prevent any issues...
App Layering: Upgrading to 4.6 Fails to Complete, or Shows Database Errors, or Shows No Layers or Icons
While upgrading to version 4.6, the upgrade does not complete after several hours. If it does complete, after logging in, you see no layers or imag templates. And you will see errors like: "System Error - ComponentActivator: could not instantiate Uni.Appliance.PersistenceLayer.Session.SessionScop...
mx_injection
This plugin will find MX injections. This kind of web application errors are mostly seen in webmail software. The tests are simple, for every injectable parameter a string with special meaning in the mail server is sent, and if in the response I find a mail server error, a vulnerability was found...