K17449: Apache Struts 2 vulnerability CVE-2015-5169

Security Advisory Description Cross-site scripting XSS vulnerability in Apache Struts before 2.3.20. CVE-2015-5169 When debug mode is switched on in Apache Struts, under certain conditions, an arbitrary script may be executed in the 'Problem Report' screen. Affected versions are Struts 2.0.0 -...

SUSE CVE-2009-3462

Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug mode is enabled, allow attackers to execute arbitrary code via unspecified vectors, related to a "format bug."...

SUSE CVE-2010-1167

fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service memory consumption and application crash via a crafted 1 message header or 2 POP3 UIDL list...

SUSE CVE-2011-2924

foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileg...

SUSE CVE-2011-2923

foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges ...

SUSE CVE-2011-3657

Multiple cross-site scripting XSS vulnerabilities in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when debug mode is used, allow remote attackers to inject arbitrary web script or HTML via vectors involving a 1 tabular...

SUSE CVE-2016-9014

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWEDHOSTS...

SUSE CVE-2016-9535

tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."...

SUSE CVE-2018-19960

The debugmode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshareserver.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname...

SUSE CVE-2018-1999007

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...

SUSE CVE-2019-13509

In Docker CE and EE before 18.09.8 as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10, Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes non external secrets. I...

CVE-2022-34364

Dell BSAFE SSL-J contains a vulnerability where a debug message may disclose unnecessary information to a locally privileged user. Affected products are Dell BSAFE SSL-J prior to 6.5 and version 7.0. Root cause is exposure of debug information; impact is confidentiality loss (C:H) with no integri...

Dell BSAFE 安全漏洞

Dell BSAFE is a security software product from Dell Inc. that supports cryptographic algorithms, certificate chain validation, and Transport Layer Security TLS encryption suites, among other things, to help users achieve a variety of security goals for their applications. A security vulnerability...

Concrete CMS vulnerable to Cleartext Transmission of Sensitive Information

Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information secrets in environment variables and server information when Debug Mode is left on in production...

GHSA-Q3HQ-HM5H-QRX3 Concrete CMS vulnerable to Cleartext Transmission of Sensitive Information

Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information secrets in environment variables and server information when Debug Mode is left on in production...

CVE-2022-43691

Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information secrets in environment variables and server information when Debug Mode is left on in production...

CVE-2022-43691

Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information secrets in environment variables and server information when Debug Mode is left on in production...

Information disclosure

Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information secrets in environment variables and server information when Debug Mode is left on in production...

PortlandLabs Concrete CMS 安全漏洞

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. A security vulnerability exists in Concrete CMS concrete5 versions prior to 8.5.10 and 9.0.0 through 9.1.2, which stems from an inadvertent disclosure of sensitive...

PT-2022-27007 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS formerly concrete5 versions below 8.5.10 Concrete CMS formerly concrete5 versions between 9.0.0 and 9.1.2 Description: The issue inadvertently discloses server-side sensitive information, including secrets in environment variable...