GHSA-4P46-PWFR-66X6 Some AES functions may panic when overflow checking is enabled in ring

ring::aead::quic::HeaderProtectionKey::newmask may panic when overflow checking is enabled. In the QUIC protocol, an attacker can induce this panic by sending a specially-crafted packet. Even unintentionally it is likely to occur in 1 out of every 232 packets sent and/or received. On 64-bit targe...

Some AES functions may panic when overflow checking is enabled.

ring::aead::quic::HeaderProtectionKey::newmask may panic when overflow checking is enabled. In the QUIC protocol, an attacker can induce this panic by sending a specially-crafted packet. Even unintentionally it is likely to occur in 1 out of every 232 packets sent and/or received. On 64-bit targe...

Linux Distros Unpatched Vulnerability : CVE-2019-13509

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Docker CE and EE before 18.09.8 as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10, Docker Engine in debug mode may sometimes add secret...

CVE-2025-25192

GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the install/update.php file...

Information Exposure

Overview glpi/glpi is a free Asset and IT Management Software package with ITIL Service Desk, licenses tracking and software auditing. Affected versions of this package are vulnerable to Information Exposure via the debug mode, which allows a low-privileged user to access sensitive information...

CVE-2025-25192

GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the install/update.php file...

CVE-2025-25192

GLPI prior to 10.0.18 is affected by CVE-2025-25192 where a low-privileged user can enable debug mode and access sensitive information. A patch is included in version 10.0.18; organizations should upgrade to 10.0.18 or later. A workaround mentioned is deleting install/update.php. The vulnerabilit...

CVE-2025-25192 GLPI allows unauthorized access to debug mode

GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the install/update.php file...

CVE-2025-25192 GLPI allows unauthorized access to debug mode

GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the install/update.php file...

CVE-2025-25192 GLPI allows unauthorized access to debug mode

GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the install/update.php file...

GLPI 信息泄露漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

PT-2025-7052 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.18 Description: A low-privileged user can enable debug mode and access sensitive information. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents...

Astra Linux - уязвимость в symfony

symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the registerargvargc php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by...

CVE-2021-35973

NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/minihttpd, allowing an unauthenticated attacker to invoke any action by adding the &currentsetting.htm; substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows t...

CVE-2022-20649

A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container. This vulnerability exists because the debug mode is incorrectly enabled...

Autodesk: Django Debug Mode Enabled - Information Disclosure on api.wwm-dev.autodesk.com

The domain api.wwm-dev.autodesk.com was discovered to have Django debug mode enabled, which led to information disclosure. The issue was fixed by Autodesk...

CVE-2024-56113

Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on DEBUG = True and exposing sensitive information defined in Django settings file through verbose error page...

CVE-2024-56113

Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on DEBUG = True and exposing sensitive information defined in Django settings file through verbose error page...

PT-2025-3192 · Unknown · Smart Toilet Lab - Motius

Name of the Vulnerable Software and Affected Versions: Smart Toilet Lab - Motius version 1.3.11 Description: The issue is related to the Smart Toilet Lab - Motius running with debug mode turned on, which exposes sensitive information defined in the Django settings file through a verbose error pag...

CVE-2024-56113

Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on DEBUG = True and exposing sensitive information defined in Django settings file through verbose error page...