CVE-2023-37303

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message...

Design/Logic Flaw

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message...

phpMyFAQ Cross-site Scripting

phpMyFAQ prior to 3.2.0-beta.2 contains a cross-site scripting vulnerability. When an administrator restores a backup from a file, it's possible to trigger an error with a specially crafted file that can be displayed on the web page. Since the error message contains the invalid part of the file,...

CVAD 2203 CU2: Error: "Your OneDrive folder can't be created in the location you selected.”

On CVAD 2203 CU2, you followedhttps://docs.citrix.com/en-us/profile-management/current-release/configure/enable-the-onedrive-container.html to configure OneDrive Container with Citrix Profile Management but it does not work. The Policy was applied via Citrix Active Directory GPO...

"Cannot Complete Your Request" via Oauth after Upgrading NetScaler from 12.1 to 13.0

After ADC is upgraded from 12.1 to 13.0, the user keeps getting "Cannot Complete Your Request" when attempting to access resources through ADC with Oauth authentication. As a comparison, there is no issue accessing StoreFront directly in the intranet without Oauth...

Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error

An authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on the UI. On certain database engines this error can include the entire user row including the pbkdf2:sha256...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from an inability to clean up temporary error messages, which can be exploited by an attacker to obtain the content of arbitrary messages via...

Smart Card logon fails with error "You cannot log on using a smart card"

Cannot logon to Storefront web site using smart card. Error received: "You cannot log on using a smart card". Test.aspx page fails indicating this is a MS issue mapping client certificates to IIS...

Your account cannot be added using this server address. Make sure you entered it correctly

Error "Your account cannot be added using this server address. Make sure you entered it correctly. You may need to enter your email address instead." when trying to logon Gateway URL via Citrix Workspace...

Exploit for Path Traversal in Thruk

Thruk-CVE-2023-34096 Thruk Monitoring Web Interface versions...

Denial Of Service (DoS)

github.com/sigstore/rekor is vulnerable to Denial of Service DoS attacks. A malicious user is able to submit a malformed intoto/v0.0.2 type, resulting in a thread panic resulting in the client receiving a 500 error message and eventually recovering the thread...

Information Disclosure

libcurl.so is vulnerable to Information Disclosure. The SSH server's public key is verified with the use of a SHA 256 hash functionality provided by the library, however if the check is unsuccessful, the fingerprint's memory will be released before an error message is returned. This issue puts...

Zyxel Multiple Firewalls OS Command Injection Vulnerability

Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device...

AZL-38554 CVE-2023-28319 affecting package tensorflow for versions less than 2.16.1-1

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

AZL-26810 CVE-2023-28319 affecting package rust for versions less than 1.72.0-2

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

DEBIAN-CVE-2023-28319

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

Design/Logic Flaw

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

CVE-2023-28319

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

CVE-2023-28319

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

Information Disclosure

github.com/ibm-messaging/mq-container is vulnerable to Information Disclosure. The vulnerability allows a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace, resulting in the disclosure of sensitive information...