CVE-2023-49312

CVE-2023-49312 affects Precision Bridge's Thick Client (PrecisionBridge.exe) prior to version 7.3.21. The root cause is an integrity violation that enables reuse of the same license key across multiple systems. Reported attack vectors involve a Process Hacker memory dump, inspecting error message...

CVE-2023-49312

Precision Bridge PrecisionBridge.exe aka the thick client before 7.3.21 allows an integrity violation in which the same license key is used on multiple systems, via vectors involving a Process Hacker memory dump, error message inspection, and modification of a MAC address...

Symfony potential Cross-site Scripting in WebhookController

Description The error message in WebhookController returns unescaped user-submitted input. Resolution WebhookController now doesn't return any user-submitted input in its response. The patch for this issue is available here for branch 6.3. Credits We would like to thank Maxime Aknin for reporting...

Input validation

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in WebhookController returns unescaped user-submitted input. As of version 6.3.8, WebhookController now doesn't return any...

Symfony Security Vulnerabilities

Symfony is a PHP framework for web and console applications and a set of reusable PHP components from Symfony, Inc. A security vulnerability exists in Symfony that stems from an error message that returns unescaped user-submitted input...

Rocky Linux 8 : protobuf (RLSA-2022:7464)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7464 advisory. - Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name...

Wrong errors degradate UX

Lines of code Vulnerability details Impact If the beneficiary of the order is address0, it will revert popping up the error InvalidAmount. This is bad as the UI will show the users they put wrong either the collateral amount or the USDe amount, when those values may be correct. Proof of Concept...

The task you are trying to do can't be completed because Remote Desktop Services is currently busy.

Users get the following error when attempting to launch a published application. "The task you are trying to do can't be completed because Remote Desktop Services is currently busy. Please try again in a few minutes. Other users should still be able to log on." The only user that can currently...

Information Disclosure

github.com/grafana/google-sheets-datasource is vulnerable to Information Disclosure. The vulnerability is due to improper error message sanitization in googlesheets.go during the client.GetSpreadsheet function call. This potentially expose the Google Sheet API-key that is configured for the data...

Credential Disclosure Through Logs

github.com/ydb-platform/ydb-go-sdk is vulnerable to Information Disclosure. The vulnerability is due to a custom implementation of the credentials interface. During logging, the credentials are directly serialized into the error message. If an application defines a custom credential interface, an...

CVE-2023-45809 Disclosure of user names via admin bulk action views in wagtail

Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any change...

Information disclosure

IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 240454...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : Ansible vulnerabilities (USN-5315-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5315-1 advisory. It was discovered that Ansible did not properly manage directory permissions when running playbooks with an...

Director - "Cannot Retrieve the Data" error shows in Logon Duration

After log into Citrix Director or Cloud Monitor, "Cannot Retrieve the Data" error is shown in Logon Duration. Error message received: "Data cannot be retrieved. Logon duration data is not available for the current session."...

Reporting: "Error retrieving data source. Return code=257. Error message=Operation not permitted."

The message "Error retrieving data source. Return code = 257. Error message = Operation not permitted" is displayed when clicking Reporting on NetScaler:...

Fail to enumerate resource with "Cannot complete your request "error after configure SAML

Fail to enumerate resource with "Cannot complete your request "error after configure SAML All users have the same issue Issue happen after click "detect Workspace" on Storefront web...

The vulnerability of quality management software for automobile manufacturers, related to the leakage of information in error messages, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the quality management software for automobile manufacturers, QMS Automotive, is related to the leakage of information in error messages. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

Siemans QMS Automotive

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Authorization Bypass

Keylime is vulnerable to an attack which allows an attacker to Bypass the Challenge-Response Protocol during agent registration. The vulnerability occurs due to the registrar disclosing the correct "authtag" in the error message. This could allow an attacker to simply record the correct expected...

Potential Out-of-Bounds Error When Modifying Ranges

Lines of code Vulnerability details The method allows for the modification of a range based on an index. However, there's no explicit check to ensure that the provided indexToModify is within the bounds of the ranges array. If an out-of-bounds index is provided, the method will throw a generic...