Mozilla Firefox 信息泄露漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. An information disclosure vulnerability exists in Mozilla Firefox that originates from a sensitive feature in the display error message in a cross-origin response when the product imports resources usi...

CVE-2022-0473

OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions...

Code injection

OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions...

Wordpress Plugin Store Toolkit for WooCommerce 跨站脚本漏洞

WooCommerce is the world's most popular open source, free and flexible e-commerce plugin for WordPress, and one of the most mature open source e-commerce solutions for building foreign trade malls. cross-site scripting vulnerability exists in versions prior to WordPress Store Toolkit for...

OTRS 跨站脚本漏洞

OTRS is an open source defect tracking and management system software. OTRS suffers from a cross-site scripting vulnerability that originates in a dynamic field that can be configured by OTRS administrators, where malicious JavaScript code can be injected in the error message of a regular...

The vulnerability of the command-line interface (CLI) of Juniper Networks Junos OS allows a hacker to gain unauthorized access to protected information.

The vulnerability of the command-line interface CLI of Juniper Networks Junos OS is related to the leakage of information in error messages. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

laminas-form 跨站脚本漏洞

laminas-form is an open source library , mainly used as a bridge between the domain model and the view layer . It consists of a thin object layer representing form elements, an InputFilter, and a handful of methods for binding data to the form and attaching objects. A security vulnerability exist...

Withdrawn Advisory: NULL Pointer Dereference in Protocol Buffers

Withdrawn Advisory This advisory has been withdrawn because the protobuf vulnerability comes from the compiler rather that the code. This link is maintained to preserve external references. Original Description Nullptr dereference when a null char is present in a proto symbol. The symbol is parse...

CVE-2021-22570

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to...

Design/Logic Flaw

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to...

CVE-2021-22570

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to...

UBUNTU-CVE-2021-22570

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to...

PYSEC-2022-48

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to...

PYSEC-2022-48

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to...

Google protobuf 代码问题漏洞

Google protobuf is a data interchange format from Google, Inc. A code issue vulnerability exists in Google protobuf that stems from Nullptr dereferencing when null characters are present in the original symbol. The symbols are parsed incorrectly, resulting in an unchecked call to the name of the...

CVE-2021-22570

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to...

MGASA-2022-0036 Updated phpmyadmin packages fix security vulnerability

A flaw was identified in how phpMyAdmin processes two factor authentication; a user could potentially manipulate their account to bypass two factor authentication in subsequent authentication sessions PMASA-2022-1. A series of weaknesses was identified allowing a malicious user to submit maliciou...

User enumeration in livehelperchat

livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information. There is an observable discrepancy between errors generated for users that exist and those that do not...

GHSA-4XWW-6H7V-29JG User enumeration in livehelperchat

livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information. There is an observable discrepancy between errors generated for users that exist and those that do not...

IBM Security Verify Information Disclosure Vulnerability (CNVD-2022-08045)

IBM Security Verify Access is a service from IBM USA that improves user access security. The service enables secure and simple access to platforms such as Web, mobile, IoT, and cloud technologies through the use of risk-based access, single sign-on, integrated access management controls, identity...