Lucene search
K

174 matches found

OSV
OSV
added 2022/05/17 1:17 a.m.20 views

GHSA-FX92-WH72-8G9Q Apache Atlas produces Stack trace in error response

Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information...

8.7CVSS7.5AI score0.02053EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/17 1:17 a.m.23 views

Apache Atlas produces Stack trace in error response

Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information...

7.5CVSS7.6AI score0.02053EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2022/04/20 7:15 a.m.27 views

CVE-2022-29266 apisix/jwt-auth may leak secrets in error response

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information...

7.7AI score0.0783EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/01/17 9:33 p.m.5 views

resteasy: Error message exposes endpoint class information

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The...

5.3CVSS7AI score0.01439EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/01/17 9:33 p.m.3 views

resteasy: Error message exposes endpoint class information

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The...

5.3CVSS7AI score0.01439EPSS
Exploits0References4
OSV
OSV
added 2021/11/15 10:15 p.m.20 views

CVE-2021-41271

Discourse is a platform for community discussion. In affected versions a maliciously crafted request could cause an error response to be cached by intermediate proxies. This could cause a loss of confidentiality for some content. This issue is patched in the latest stable, beta and tests-passed...

5.3CVSS6.6AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/11/15 5:5 p.m.1 views

resteasy: Error message exposes endpoint class information

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The...

5.3CVSS7AI score0.01439EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/10/20 11:29 a.m.7 views

resteasy: Error message exposes endpoint class information

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The...

5.3CVSS7AI score0.01439EPSS
Exploits0References4
NVD
NVD
added 2021/10/04 5:15 p.m.14 views

CVE-2021-39873

In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response...

4.3CVSS0.00876EPSS
Exploits0References3
Prion
Prion
added 2021/10/04 5:15 p.m.13 views

Spoofing

In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response...

4.3CVSS4.5AI score0.00876EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2021/10/04 5:15 p.m.16 views

CVE-2021-39873

In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response...

4.3CVSS5.8AI score0.00876EPSS
Exploits0References4
OSV
OSV
added 2021/10/04 5:15 p.m.1 views

UBUNTU-CVE-2021-39873

In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response...

4.3CVSS5.8AI score0.00876EPSS
Exploits0References5
Cvelist
Cvelist
added 2021/10/04 4:43 p.m.20 views

CVE-2021-39873

In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response...

4.3CVSS5AI score0.00876EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2021/10/04 4:43 p.m.21 views

CVE-2021-39873

Removed by vendor...

4.3CVSS5.8AI score0.00876EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2021/10/04 12:0 a.m.2 views

PT-2021-22720 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE affected versions not specified Description: The issue allows attackers to trick users into visiting a malicious website by spoofing the content in an error response. This is achieved through a content spoofing vulnerability...

4.3CVSS4.2AI score0.00876EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2021/09/30 9:57 a.m.5 views

resteasy: Error message exposes endpoint class information

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The...

5.3CVSS7AI score0.01439EPSS
Exploits0References4
Prion
Prion
added 2021/07/09 2:15 p.m.28 views

Design/Logic Flaw

The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. When this XML is processed external entities are insecurely processed and fetched by the system and returned to the attacker. Detailed description Given the following request: POST /vsaWS/KaseyaWS.asmx HTTP/1.1 Content-Type:...

5CVSS7.4AI score0.25256EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2021/03/17 5:15 p.m.18 views

CVE-2020-17457

Fujitsu ServerView Suite iRMC before 9.62F allows XSS. An authenticated attacker can store an XSS payload in the PSCUFILEINIT field of a Save Configuration XML document. The payload is triggered in the HTTP error response pages...

5.4CVSS0.00505EPSS
Exploits0References2
Prion
Prion
added 2021/03/17 5:15 p.m.25 views

Cross site scripting

Fujitsu ServerView Suite iRMC before 9.62F allows XSS. An authenticated attacker can store an XSS payload in the PSCUFILEINIT field of a Save Configuration XML document. The payload is triggered in the HTTP error response pages...

3.5CVSS5.2AI score0.00505EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/03/17 3:8 p.m.28 views

CVE-2020-17457

Fujitsu ServerView Suite iRMC before 9.62F allows XSS. An authenticated attacker can store an XSS payload in the PSCUFILEINIT field of a Save Configuration XML document. The payload is triggered in the HTTP error response pages...

5.2AI score0.00505EPSS
Exploits0References2
Rows per page
Query Builder