IBM WebSphere Application Server 资源管理错误漏洞

IBM WebSphere Application Server is an application server product from IBM in the United States. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A denial of service vulnerability exists in IBM WebSphere Application...

CVE-2021-38980

IBM Tivoli Key Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the...

CVE-2021-38980

IBM Tivoli Key Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the...

tpm2-tools security and enhancement update

4.1.1-5 - Bump nvr to trigger osci. resolves: rhbz1965981 4.1.1-4 - Fix CVE-2021-3565 resolves: rhbz1965981 4.1.1-3 - Fix resource leak. - Fix to restrict policy digest size. - Fix incompatible pointer cast. - Fix error message in filesloadname - Fix issue where execution couldnt reach function...

CVE-2021-38981

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212788...

Design/Logic Flaw

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212788...

CVE-2021-38981

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212788...

Design/Logic Flaw

A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. This vulnerability is due to an overly descriptive error message on the dashboard that appears when a user attempt...

CVE-2021-40126 Cisco Umbrella Email Enumeration Vulnerability

A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. This vulnerability is due to an overly descriptive error message on the dashboard that appears when a user attempt...

CVE-2021-40126 Cisco Umbrella Email Enumeration Vulnerability

A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. This vulnerability is due to an overly descriptive error message on the dashboard that appears when a user attempt...

Cisco Umbrella Email Enumeration Vulnerability

A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. This vulnerability is due to an overly descriptive error message on the dashboard that appears when a user attempt...

PortSwigger Web Security: Information disclosure on error message

Hai team, First of all , Thank you creating a wonderful place for learning web app pentesting : . In accessing a lab at the academy , my internet connection suddenly went down, I dont know the problem is on the lab or in academy, But the error message reveals some node codes.I attached a screensh...

Atlassian Jira 跨站脚本漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is primarily used to track and manage various types of issues and defects in the workplace. A cross-site scripting vulnerability exists in Atlassian Jira Server and Data Center that originates from a...

Reflected XSS /secure/admin/ImporterFinishedPage.jspa via error message - CVE-2021-41304

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message. The affected versions are before version 8.13.12, and from...

Reflected XSS /secure/admin/ImporterFinishedPage.jspa via error message - CVE-2021-41304

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message. The affected versions are before version 8.13.12, and from...

GSD-2021-1001750 dma-debug: prevent an error message from causing runtime problems

dma-debug: prevent an error message from causing runtime problems This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.9 by commit...

Ansible: ansible-connection module discloses sensitive info in traceback error message

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality...

OPENSUSE-SU-2021:3348-1 Security update for systemd

This update for systemd fixes the following issues: - CVE-2021-33910: Fixed use of strdupa on a path bsc1188063. - logind: terminate cleanly on SIGTERM/SIGINT bsc1188018. - Adopting BFQ to control I/O jscSLE-21032, bsc1134353. - Rules weren't applied to dm devices multipath bsc1188713. - Ignore...

CVE-2021-20552

IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170...

Information disclosure

IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170...