160 matches found
CVE-2025-5991
There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous...
CVE-2021-39873
In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response...
CVE-2020-7057
Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are...
Security Bulletin: IBM Security Verify Information Queue does not always enable HTTP Strict Transport Security when sending error responses (CVE-2021-20409)
Summary The web server in IBM Security Verify Information Queue ISIQ does not add the HTTP Strict Transport Security header in its internally generated error responses. Consequently, a remote attacker could obtain sensitive information from an insecure HTTP connection. As of v10.0.0, ISIQ is...
CVE-2024-11084
CVE-2024-11084 affects Perforce Helix ALM prior to 2025.1. The issue is that authentication returns distinct error responses, enabling an attacker to determine whether a username exists (username enumeration). The connected sources (RH Red Hat, NVD, CVE Lists, CNNVD) corroborate the same descript...
CVE-2024-11084 Potential Username Enumeration in Helix ALM
Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an attacker to determine whether a username exists...
Information Exposure
Overview api-platform/core is a builds a fully-featured hypermedia or GraphQL API in minutes. Affected versions of this package are vulnerable to Information Exposure through the JSON error response. An attacker can obtain sensitive information by exploiting the visibility of exception messages...
API Platform Core can leak exceptions message that may contain sensitive information
Summary Exception messages, that are not HTTP exceptions, are visible in the JSON error response. Details While we wanted to make our errors compatible with the JSON Problem specification, we ended up handling more exceptions then we did previously introduced at...
Oracle ISQLPlus SID Check
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle iSQLPlus SID Check', 'Description' = %q This module attempts to bruteforce the SID on the Oracle application server iSQLPlus login pages. ...
CITRIX-XML-SERVICE NetScaler Monitor Fails after Installing XenApp 6 Hotfix Rollup Pack 02
The CITRIX-XML-SERVICE NetScaler built-in monitor fails after Hotfix Rollup Pack 2 for Citrix XenApp 6 for Microsoft Windows Server 2008 R2 is installed. However, XenApp continues to work. The following message appears when you view the monitor. "Failure – TicketTag not found in the response" Wit...
Shenzhen Guoxin Synthesis image system security vulnerability
Shenzhen Guoxin Synthesis image system is an image system from Shenzhen Guoxin Synthesis, a company based in Shenzhen, China. A security vulnerability exists in the Shenzhen Guoxin Synthesis image system, version prior to 8.3.0, which stems from a discrepancy in the error response that allows...
CasaOS Username Enumeration - Bypass of CVE-2024-24766
Summary The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in CasaOS v0.4.7. Details It is observed that the attacker can enumerate the CasaOS username using the application response. If the username is incorrect the application gives t...
SUSE SLES12 Security Update : squid (SUSE-SU-2024:0296-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0296-1 advisory. - CVE-2023-50269: fixed X-Forwarded-For Stack Overflow. bsc1217654 - CVE-2024-23638: fixed Denial of Service attack against Cache...
Medium: resteasy-base
Issue Overview: A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's paramete...
Fedora 38 : python-jupyter-server (2023-8816029058)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8816029058 advisory. Security fix for CVE-2023-49080 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Beats and Elastic Agent 8.11.3 / 7.17.16 Security Update (ESA-2023-30)
Beats and Elastic Agent Insertion of Sensitive Information into Log File An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or...
PYSEC-2023-272
The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information...
CVE-2023-49080 Jupyter Server errors include tracebacks with path information
The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information...
Netflix Dispatch 安全漏洞
Netflix Dispatch is a US-based Netflix company's software that provides security event management with deep integration with Slack, GSuite, Jira, etc. tools. Netflix Dispatch suffers from a security vulnerability that stems from a server response that includes the JWT key used to sign JWT tokens ...
PT-2023-3882 · Honeywell · Honeywell Experion Pks +2
Name of the Vulnerable Software and Affected Versions: Honeywell Experion PKS affected versions not specified Honeywell Experion LX affected versions not specified Experion PlantCruise affected versions not specified Description: The issue is related to a server information leak of configuration...