Mozilla: Symlinks may resolve to partially uninitialized buffers

The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer...

Mozilla: Symlinks may resolve to partially uninitialized buffers

The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer...

Mozilla Firefox backlink vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. A backlink vulnerability exists in Mozila Firefox, which stems from an error message generated when resolving symbolic links such as file:///proc/self/fd/1, where the symbolic link resolves to a buffer containin...

SUSE: Security Advisory (SUSE-SU-2022:4077-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:4077-1 Security update for sudo

This update for sudo fixes the following issues: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a passwor dof seven characters or fewer and using the crypt password backend bsc1204986. - Fix wrong information output in the error message bsc1190818. - Make sure SIGCH...

Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2022-320-02)

The version of mozilla-firefox installed on the remote host is prior to 102.5.0esr / 107.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-320-02 advisory. - Service Workers should not be able to infer information about opaque cross-origin responses; but timi...

Mozilla Firefox 后置链接漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. A backlink vulnerability exists in Mozila Firefox, which stems from an error message generated when resolving symbolic links such as file:///proc/self/fd/1, where the symbolic link resolves to a buffer containin...

ansible-freeipa bug fix and enhancement update

An update is available for ansible-freeipa. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The ansible-freeipa package provides Ansible roles and playbooks to...

PT-2022-25192 · Opencrx · Opencrx

Name of the Vulnerable Software and Affected Versions: OpenCRX versions prior to 5.2.2 Description: The issue allows an attacker to determine if a username, email, or ID is valid due to the difference in error messages received during a password reset. This is a result of password enumeration...

CVE-2022-38107

Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details...

CVE-2022-38107 Sensitive Data Disclosure Vulnerability

Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details...

CVE-2022-38107

CVE-2022-38107 affects SolarWinds SQL Sentry (v2021.10.18 and earlier per CNNVD). The issue arises from the ability to display sensitive information when a detailed technical error message is posted, potentially disclosing environmental details. Public documents do not confirm exploit code or act...

Microsoft Windows Local Security Authority Subsystem Service (LSASS) 安全漏洞

Microsoft Windows Local Security Authority Subsystem Service is an internal program of Microsoft Corporation USA that runs Windows system security policies. It verifies user identity, manages user password changes, and generates access characters when a user logs on to a computer standalone or...

kkFileView 跨站脚本漏洞

Keking kkFileView is a Spring-Boot project from Keking Technology Keking, a Chinese company that builds online previews of files and documents. A security vulnerability exists in kkFileView v4.1.0, which stems from the errorMsg parameter being vulnerable to cross-site scripting...

CVE-2022-2760

In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space...

ZZCMS index php information leakage vulnerability

ZZCMS is a content management system CMS by the ZZCMS team in China. An information disclosure vulnerability exists in ZZCMS 2022, which stems from the program's inadequate protection of sensitive information, and can be exploited by an attacker to send a request to "/admin/index php?Server" to...

CVE-2022-2760

CVE-2022-2760 describes an information-disclosure issue in Octopus Deploy: when a resource is part of another Space, an error message can reveal the Space ID of spaces the user is not authorized to view. The available connected documents do not specify affected versions, exact root-cause details ...

PT-2022-18510 · Unknown · Octopus Deploy

Name of the Vulnerable Software and Affected Versions: Octopus Deploy affected versions not specified Description: The issue allows revealing the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space. Recommendations: At the...

CVE-2022-2760

In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space...

编号撤回

Hyperledger Fabric is an enterprise licensed distributed ledger framework. It is used to develop solutions and applications. A denial of service vulnerability exists in versions of Hyperledger Fabric prior to 2.4.0 that stems from not properly handling incoming error messages, which can be...