Information disclosure

Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources...

GSD-2022-1003360 char: tpm: cr50_i2c: Suppress duplicated error message in .remove()

char: tpm: cr50i2c: Suppress duplicated error message in .remove This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.46 by commit...

Dell PowerScale OneFS 安全漏洞

Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling of NAS. An information disclosure vulnerability exists in Dell PowerScale OneFS versions 8.2.x through 9.2.x that originates from an error message containing sensitive...

Information Disclosure

github.com/weaveworks/weave-gitops is vulnerable to information disclosure. An attacker can view sensitive cluster configurations through the error message logs in the UpdateNamespaces function of factory.go, including the service account tokens in plain text...

CVE-2022-31248 SUMA user enumeration via weak error message

A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java...

Username can be enumerated by password reset endpoint

Description The error message on /password/reset/1 can indicate whether the username exists in the instance. I believe this is a valid issue for the following reason: 1. /password/reset after submitting the username on this page, the server always returns success no matter whether the username...

CVE-2022-31229

Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources...

Huawei EulerOS: Security Advisory for protobuf (EulerOS-SA-2022-1875)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IBM AIX 安全漏洞

IBM AIX is an open standards-based UNIX operating system developed by IBM for the IBM Power architecture. IBM AIX versions 7.1, 7.2, 7.3 and VIOS version 3.1 have a denial-of-service vulnerability that stems from failure to properly process incoming error messages, which can be exploited by...

CVE-2022-32286

A vulnerability has been identified in Mendix SAML Module Mendix 7 compatible All versions V1.16.6, Mendix SAML Module Mendix 8 compatible All versions V2.2.2, Mendix SAML Module Mendix 9 compatible All versions V3.2.3. In certain configurations SAML module is vulnerable to Cross Site Scripting X...

CVE-2022-32286

A vulnerability has been identified in Mendix SAML Module Mendix 7 compatible All versions V1.16.6, Mendix SAML Module Mendix 8 compatible All versions V2.2.2, Mendix SAML Module Mendix 9 compatible All versions V3.2.3. In certain configurations SAML module is vulnerable to Cross Site Scripting X...

Cross site scripting

A vulnerability has been identified in Mendix SAML Module Mendix 7 compatible All versions V1.16.6, Mendix SAML Module Mendix 8 compatible All versions V2.2.2, Mendix SAML Module Mendix 9 compatible All versions V3.2.3. In certain configurations SAML module is vulnerable to Cross Site Scripting X...

CVE-2022-32286

A vulnerability has been identified in Mendix SAML Module Mendix 7 compatible All versions V1.16.6, Mendix SAML Module Mendix 8 compatible All versions V2.2.2, Mendix SAML Module Mendix 9 compatible All versions V3.2.3. In certain configurations SAML module is vulnerable to Cross Site Scripting X...

CVE-2022-2062

Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+...

CVE-2022-2062

CVE-2022-2062 affects nocodb/nocodb prior to 0.91.7+. The issue is with generation of error messages that disclose sensitive information and with the SMTP plugin lacking verification/validation, enabling potential exposure of internal data. Multiple connected sources corroborate the vulnerability...

CVE-2022-2062 Generation of Error Message Containing Sensitive Information in nocodb/nocodb

Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+...

CVE-2019-25069

A vulnerability, which was classified as problematic, has been found in Axios Italia Axios RE 1.7.0/7.0.0. This issue affects some unknown processing of the component Error Message Handler. The manipulation leads to information disclosure ASP.NET. The attack may be initiated remotely...

CVE-2019-25069 Axios Italia Axios RE Error Message ASP.NET information disclosure

A vulnerability, which was classified as problematic, has been found in Axios Italia Axios RE 1.7.0/7.0.0. This issue affects some unknown processing of the component Error Message Handler. The manipulation leads to information disclosure ASP.NET. The attack may be initiated remotely...

CVE-2019-25069 Axios Italia Axios RE Error Message ASP.NET information disclosure

A vulnerability, which was classified as problematic, has been found in Axios Italia Axios RE 1.7.0/7.0.0. This issue affects some unknown processing of the component Error Message Handler. The manipulation leads to information disclosure ASP.NET. The attack may be initiated remotely...

Axios Italia Axios RE 信息泄露漏洞

Axios Italia Axios RE is a suite of electronic enrollment software for campus management. A security vulnerability exists in Axios Italia Axios RE 1.7.0/7.0.0 that originates from a problem with the component error message handler. An attacker can exploit the vulnerability to obtain sensitive...