83 matches found
CVE-2023-27998
A lack of custom error pages vulnerability CWE-756 in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTPs paths...
CVE-2023-27998
A lack of custom error pages vulnerability CWE-756 in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTPs paths...
Code injection
A lack of custom error pages vulnerability CWE-756 in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTPs paths...
PT-2023-21471 · Fortinet · Fortipresence
Name of the Vulnerable Software and Affected Versions: FortiPresence versions 1.0 through 1.2.1 Description: A lack of custom error pages may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTPs paths...
Fortinet FortiPresence Security Vulnerability
Fortinet FortiPresence is a comprehensive data analytics solution from Fortinet, Inc. A security vulnerability exists in Fortinet FortiPresence that stems from the lack of a custom error page, which could allow an attacker to obtain sensitive information by navigating to a specific HTTP path...
GLSA-202305-27 : Tinyproxy: Memory Disclosure
The remote host is affected by the vulnerability described in GLSA-202305-27 Tinyproxy: Memory Disclosure - Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in...
Use of revert Statement in requireOwner Function in Ownable Contract May Cause Unexpected Behavior
Lines of code Vulnerability details Summary: There is a potential issue with the error handling in the requireOwner function that may lead to unexpected behavior. Description: Description: The Ownable contract provides basic access control by defining an owner address that can be granted exclusiv...
SUSE CVE-2005-3357
modssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service application crash via a non-SSL request to an SSL port, which triggers a NULL pointer dereference...
SUSE CVE-2022-40468
Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in processrequest function...
Initialize: No access control for initializatino and possible multiple initializations
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. First of all, there is no modifier for access control, any one can call initialize and the two require statements won't provent it. Second, it is possible that the initialize function is called multiple...
ALPINE-CVE-2022-40468
Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in processrequest function...
DEBIAN-CVE-2022-40468
Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in processrequest function...
CVE-2022-40468
Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in processrequest function...
Heap overflow
Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in processrequest function...
UBUNTU-CVE-2022-40468
Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in processrequest function...
PT-2022-25392 · Tinyproxy +2 · Tinyproxy +2
Name of the Vulnerable Software and Affected Versions: Tinyproxy versions prior to commit 84f203f Description: The issue is related to a potential leak of left-over heap data when custom error page templates containing special non-standard variables are used. This occurs because Tinyproxy commit...
CVE-2022-40468
Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in processrequest function...
CVE-2022-40468
Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in processrequest function...
CVE-2022-40468
Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in processrequest function...
CVE-2022-40468
CVE-2022-40468 affects tinyproxy. The issue is a potential leak of left-over heap data when using custom error page templates with non-standard variables, caused by uninitialized buffers in process_request() and related header handling. Multiple advisories confirm risk across distros, including D...