The gotcha of unhandled promise rejections

Let's say you wanted to display a bunch of chapters on the page, and for whatever reason, the API only gives you a chapter at a time. You could do this: async function showChapterschapterURLs for const url of chapterURLs const response = await fetchurl; const chapterData = await response.json;...

Denial Of Service (DoS)

IBM MQ is vulnerable to denial of service.An attacker is able to exploit the vulnerability by filling up the disk space of the filesystem via the error logging service...

Errors logging off the endpoints while having active published apps - “CGPPowerNotifWndCls: wfica23.exe – Application error”

Users are reporting an error when logging off from their workstations while havingactive published app sessions The users are not closing the published app before logging off the Worksstation. Users utilize Windows 10 machines with Imprivata to badge-in/badge-out Agent 6.3. When they badge in,...

Elastic APM 安全漏洞

Elastic APM is a platform for monitoring and analyzing application performance from Elastic Netherlands. A security vulnerability exists in the Elastic APM .NET Agent that originates when the agent leaks sensitive HTTP header information while logging details during application errors. A remote...

CVE-2021-24228

The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin before 1.7.2. The WordPress login form wp-login.php is hooked by the plugin and offers to allow users to authenticate on the site using their Patreon account. Unfortunately, some of...

Cross site scripting

The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin before 1.7.2. The WordPress login form wp-login.php is hooked by the plugin and offers to allow users to authenticate on the site using their Patreon account. Unfortunately, some of...

CVE-2021-24228

Patreon WordPress Plugin

U.S. Dept Of Defense: Elmah.axd is publicly accessible leaking Error Log

Summary ELMAH Error Logging Modules and Handlers is an application-wide error logging facility that is completely pluggable. If ELMAH is not properly configured, the elmah.axd handler can be accessed without authorization. This page will list all the error messages generated by the web applicatio...

GaussDB Kernel: Configuring the Level of Error-Deriving SQL Statements to Be Logged

The logminerrorstatement parameter specifies which level of SQL statements that cause an error will be recorded into server logs. SQL statements whose levels are higher than or equal to the configured level will be recorded into server logs. The valid values include DEBUG5, DEBUG4, DEBUG3, DEBUG2...

CVE-2020-15125

In auth0 npm package versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used. The key for Authorization header is not sanitized and in certain cases the Authorization header value can be logged exposing a bearer...

The vulnerability of the /proc/$PID/ component of the Ubuntu operating system’s apport error logging service allows a malicious actor to create a publicly accessible report of a software bug for a privileged process.

The vulnerability of the /proc/$PID/ component of the Ubuntu operating system’s apport error logging service is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to create a publicly accessible report of the software bug for the privileged process...

Huawei Honor 10 Lite, Honor 8A and Huawei Y6 Information Disclosure Vulnerability

The Huawei Honor 10 Lite, among others, is a smartphone from the Chinese company Huawei Huawei. An information disclosure vulnerability exists in Huawei Honor 10 Lite prior to version 9.1.0.217 C00E215R3P1, Honor 8A prior to version 9.1.0.205 C00E97R1P9, and Huawei Y6 prior to version 9.1.0.205...

Security Bulletin: IBM MQ is vulnerable to a denial of service attack within the error logging function (CVE-2019-4049)

Summary An error was found in the error logging functionality which could allow an attacker to consume disk space on the underlying filesystem. This could cause a denial of service attack. Vulnerability Details CVEID: CVE-2019-4049 DESCRIPTION: IBM WebSphere MQ is vulnerable to a denial of servic...

Security Bulletin: IBM MQ is vulnerable to a denial of service attack within the error logging function (CVE-2019-4039)

Summary A vulnerability was found within the error logging function that meant that a local attacker could cause an overwrite of arbitrary MQ files and cause a denial of service attack against IBM MQ queue managers. Vulnerability Details CVEID: CVE-2019-4039 DESCRIPTION: IBM MQ could allow a loca...

CVE-2019-4049

IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398...

CVE-2019-4049

IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398...

Denial of service

IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398...

CVE-2019-4049

CVE-2019-4049 affects IBM MQ 9.1.x (9.1.0.0, 9.1.0.1, 9.1.1, 9.1.0.2). The issue allows a local attacker to cause a denial of service by filling the underlying filesystem disk space via the error logging service. Root cause is in the error logging functionality. Remediation: IBM advises upgrading...

CVE-2019-4049

IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398...

undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed

A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUESTLOGGER.undertowRequestFailedt, exchange...