3856 matches found
BIT-MOODLE-2024-48896 Moodle: users' names returned in messaging error message
A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site...
CVE-2024-53072
In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Detect when STB is not available Loading the amdpmc module as: amdpmc enablestb=1 ...can result in the following messages in the kernel ring buffer: amdpmc AMDI0009:00: SMU cmd failed. err: 0xff ioremap on R...
DEBIAN-CVE-2024-53072
In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Detect when STB is not available Loading the amdpmc module as: amdpmc enablestb=1 ...can result in the following messages in the kernel ring buffer: amdpmc AMDI0009:00: SMU cmd failed. err: 0xff ioremap on R...
Moodle leaks user names
A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site...
GHSA-CQ5F-WV7P-5GFC Moodle leaks user names
A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site...
CVE-2024-48896 Moodle: users' names returned in messaging error message
A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site...
CVE-2024-10977
A flaw was found in PostgreSQL's error message handling. This vulnerability allows a Man-in-the-middle attacker to inject arbitrary non-NUL bytes into the libpq application via a server error message. Mitigation Make sure PostgreSQL is configured to use trusted SSL or GSS settings to prevent...
Moodle 安全漏洞
Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that stems from the fact that users with the Send Message feature...
Generation of Error Message Containing Sensitive Information in janeczku/calibre-web
A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they d...
CVE-2024-10977
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...
AZL-53206 CVE-2024-10977 affecting package postgresql for versions less than 16.5-1
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...
CVE-2024-10977 PostgreSQL libpq retains an error message from man-in-the-middle
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...
CVE-2024-10977 PostgreSQL libpq retains an error message from man-in-the-middle
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...
CVE-2024-10977
CVE-2024-10977 affects PostgreSQL libpq by allowing a server to send an error message that, when the client is not trusting SSL/GSS settings, can reveal arbitrary non-NUL bytes to the client (e.g., psql). Affected products/versions include PostgreSQL before the fixed point: 17.1 and older branche...
CVE-2024-10977
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...
PostgreSQL 安全漏洞
PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL that stems from...
PT-2024-8141 · Postgresql +6 · Postgresql +6
Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 17.1 PostgreSQL versions prior to 16.5 PostgreSQL versions prior to 15.9 PostgreSQL versions prior to 14.14 PostgreSQL versions prior to 13.17 PostgreSQL versions prior to 12.21 Description: The issue is related t...
PostgreSQL -- libpq retains an error message from man-in-the-middle
PostgreSQL project reports: Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or...
Vulnerability in client (CVE-2024-10977)
PostgreSQL libpq retains an error message from man-in-the-middle Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long...
GHSA-HJGC-JXJC-8V9J Moodle reflected XSS via H5P error message
A flaw was found in moodle. H5P error messages require additional sanitizing to prevent a reflected cross-site scripting XSS risk...