CVE-2017-15113

ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to...

Design/Logic Flaw

ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to...

CVE-2017-15113

CVE-2017-15113 affects ovirt-engine (Red Hat Virtualization Manager) prior to version 4.1.7.6, where DEBUG logging exposes passwords in plaintext in log files. The issue arises because log level DEBUG can reveal sensitive credentials, and only admins can change log level/access logs; this creates...

CVE-2017-15113

ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to...

Xen Project x86 Debug Exception Handling Local DoS (XSA-265)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a local denial of service vulnerability. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or if...

Cross site scripting

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...

IBM Sterling B2B Integrator Information Disclosure Vulnerability (CNVD-2018-14085)

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. An information disclosure vulnerability exists in IBM Sterlin...

Cross-site Scripting (XSS)

symfony/debug is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize an array key in the debugger during an exception, allowing a malicious user to inject and execute arbitrary code...

Design/Logic Flaw

DISPUTED The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /debugbar/open?op=get URI. NOTE: the vendor's position is that this is no...

CVE-2017-18343

The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a...

DEBIAN-CVE-2017-18343

The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a...

CVE-2017-18343

The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a...

UBUNTU-CVE-2017-18343

DISPUTED The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /debugbar/open?op=get URI. NOTE: the vendor's position is that this is no...

PT-2018-6840 · Symfony +1 · Symfony +1

Name of the Vulnerable Software and Affected Versions: Symfony versions 2.7.x through 2.7.32 Symfony versions 2.8.x through 2.8.25 Symfony versions 3.x through 3.2.12 Symfony versions 3.3.x through 3.3.5 Description: The issue concerns a problem with the debug handler in Symfony, where there is a...

CVE-2017-18343

The CVE-2017-18343 issue concerns Symfony Debug component (symfony/debug) with an XSS in the debug/exception pretty printing path. Affected versions are Symfony 2.x/3.x prior to the listed fixed points (2.7.33, 2.8.26, 3.2.13, 3.3.6). The vulnerability arises in the debug handler via an array key...

CVE-2017-18343

The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a...

CVE-2017-18343

The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a...

The vulnerability of the Qualcomm Trusted Execution Environment component in the Android operating system allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of Qualcomm Trusted Execution Environment in the Android operating system is related to access control deficiencies. Exploiting this vulnerability could allow a malicious actor to bypass debug policy restrictions and compromise the confidentiality, integrity, and accessibility o...

umka.in.ua XSS vulnerability

Open Bug Bounty ID: OBB-649427 Description| Value ---|--- Affected Website:| umka.in.ua Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-3652

Existing UEFI setting restrictions for DCI Direct Connect Interface in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets via debug interfaces...