CVE-2021-39086

IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the...

CVE-2022-35715

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 231202...

Microsoft Azure Site Recovery 安全漏洞

Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft for cloud and hybrid cloud architectures. The vulnerability stems from a failure to properly handle incoming error messages, and can be exploited by attackers to cause a denial of service...

Splunk Enterprise < 8.1.0 Information Disclosure

According to its self-reported version number, the version of Splunk running on the remote web server is Splunk Enterprise prior to 8.1. It is, therefore, be affected by an information disclosure vulnerability where, when handling a mismatched authentication cookie, the application leaks the...

WordPress plugin WordPress Comments Fields 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

IBM Security Verify Information Queue Information Disclosure Vulnerability (CNVD-2022-55635)

IBM Security Verify Information Queue is an integration product from IBM of America, Inc. Leverages Kafka technology and a publish/subscribe model to integrate data between IBM Security products. IBM Security Verify Information Queue version 10.0.2 is vulnerable to an information disclosure...

GHSA-MXVC-FWGX-J778 Whoogle Search Cross-site Scripting via string parameter

The package whoogle-search before version 0.7.2 is vulnerable to Cross-site Scripting XSS via the query string parameter q. In the case where it does not contain the http string, it is used to build the errormessage that is then rendered in the error.html template, using the flask.rendertemplate...

CVE-2021-39018

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726...

Huawei EulerOS: Security Advisory for protobuf (EulerOS-SA-2022-2062)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PYSEC-2022-226

The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting XSS via the query string parameter q. In the case where it does not contain the http string, it is used to build the errormessage that is then rendered in the error.html template, using the flask.rendertemplate functio...

CVE-2022-25303 Cross-site Scripting (XSS)

The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting XSS via the query string parameter q. In the case where it does not contain the http string, it is used to build the errormessage that is then rendered in the error.html template, using the flask.rendertemplate functio...

IBM QRadar SIEM 输入验证错误漏洞

IBM QRadar SIEM is a U.S.-based solution from IBM that leverages security intelligence to protect assets and information from advanced threats. The solution provides monitoring of the entire scope of the IT architecture, generating detailed reports on data access and user activity, etc. A...

CVE-2022-31140 Valinor error messages leading to potential data exfiltration

Valinor is a PHP library that helps to map any input into a strongly-typed value object structure. Prior to version 0.12.0, Valinor can use ThrowablegetMessage when it should not have permission to do so. This is a problem with cases such as an SQL exception showing an SQL snippet, a database...

SUSE-SU-2022:2325-1 Security update for resource-agents

This update for resource-agents fixes the following issues: - Fixed predictable log file in /tmp in mariadb.in bsc1146691. - Allow aws-vpc-move-ip to specify an interface label to distinguish the IP address bsc1199766 - Implement options to disable DAD and to allow sending NA in the background...

Possible leak of key's raw field if declared length is incorrect

Impact If a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker able to modify the declared length of a key's sensitive field can thus expose the raw value of that field. Patches Upgrade to version 0.0.6, which...

Design/Logic Flaw

opensshkeyparser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker...

PYSEC-2022-233

opensshkeyparser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker...

CVE-2022-31124 Possible leak of key's raw field if declared length is incorrect in openssh_key_parser

opensshkeyparser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker...

Dell PowerScale OneFS Information Disclosure Vulnerability (CNVD-2022-58231)

Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling of NAS. An information disclosure vulnerability exists in Dell PowerScale OneFS versions 8.2.x through 9.2.x that originates from an error message containing sensitive...

CVE-2022-31229

Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources...