22 matches found
CVE-2025-64749 Directus Vulnerable to Information Leakage in Existing Collections
Directus is a real-time API and App dashboard for managing SQL database content. An observable difference in error messaging was found in the Directus REST API in versions of Directus prior to version 11.13.0. The /items/collection API returns different error messages for two cases: when a user...
EUVD-2021-13770
Malware in sbrugna...
EUVD-2022-34766
Malicious code in bioql PyPI...
CVE-2022-2508
In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging...
CVE-2021-26997
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover information via error messaging which may aid in crafting more complex attacks...
CVE-2025-0513
In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could control any part of the error message they could embed code which may impact the user viewing the error message...
GHSA-VR5F-PHP7-RG24 Pimcore Admin Classic Bundle allows user enumeration
pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to user enumeration on the target via "Forgot password" function. No generic error message has been implemented. This issue has been addressed in version...
PT-2025-20013 · Git +1 · Tarantool
Name of the Vulnerable Software and Affected Versions: LuaJIT affected versions not specified Description: The LuaJIT software contains a heap-buffer-overflow vulnerability. The crash occurs within the lj strfmt pushvf function, which is called by err msgv and lj err msg. Recommendations: At the...
UBUNTU-CVE-2022-48854
In the Linux kernel, the following vulnerability has been resolved: net: arcemac: Fix use after free in arcmdioprobe If bus-state is equal to MDIOBUSALLOCATED, mdiobusfreebus will free the "bus". But bus-name is still used in the next line, which will lead to a use after free. We can fix it by...
shim: Out-of-bounds read printing error messages
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a cras...
CVE-2022-47952
lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates...
CVE-2022-2508
In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging...
Code injection
In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging...
CVE-2022-2508
CVE-2022-2508 affects Octopus Server. Multiple connected sources describe a vulnerability where verbose error messages may reveal the existence of resources in spaces the user should not access, constituting an information disclosure risk. The issue is tied to Octopus Server’s error handling in a...
PT-2022-17069 · Unknown · Octopus Server
Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue allows an attacker to discover the existence of resources in a space that the user does not have access to, due to verbose error messaging. Recommendations: At the moment,...
CVE-2022-2508
In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging...
CVE-2022-2508
In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging...
Hotfix XS82E031 - For Citrix Hypervisor 8.2
Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. Information About this Hotfix Component| Details ---|--- Prerequisite| None Post-update tasks| Restart the XAPI Toolstack Content live patchable| No Baselines for Live Patch| N/A Revision History|...
Code injection
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover information via error messaging which may aid in crafting more complex attacks...
CVE-2021-26997
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover information via error messaging which may aid in crafting more complex attacks...