Security Bulletin: Information Disclosure Vulnerability Affects IBM Sterling File Gateway (CVE-2020-4476)

Summary IBM Sterling File Gateway has addressed a information dislcoure vulnerability. Vulnerability Details CVEID: CVE-2020-4476 DESCRIPTION: IBM Sterling File Gateway could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser...

Security Bulletin: Information Disclosure Vulnerability Affects EBICS Client of IBM Sterling B2B Integrator (CVE-2020-4475)

Summary IBM Sterling B2B Integrator has addressed the information disclosure vulnerability affecting EBICS Client. Vulnerability Details CVEID: CVE-2020-4475 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information when a detailed...

DEBIAN-CVE-2020-25706

A cross-site scripting XSS vulnerability exists in templatesimport.php Cacti 1.2.13 due to Improper escaping of error message during template import preview in the xmlpath field...

CVE-2020-25706

A cross-site scripting XSS vulnerability exists in templatesimport.php Cacti 1.2.13 due to Improper escaping of error message during template import preview in the xmlpath field...

CVE-2020-25706

A cross-site scripting XSS vulnerability exists in templatesimport.php Cacti 1.2.13 due to Improper escaping of error message during template import preview in the xmlpath field...

Cross site scripting

A cross-site scripting XSS vulnerability exists in templatesimport.php Cacti 1.2.13 due to Improper escaping of error message during template import preview in the xmlpath field...

UBUNTU-CVE-2020-25706

A cross-site scripting XSS vulnerability exists in templatesimport.php Cacti 1.2.13 due to Improper escaping of error message during template import preview in the xmlpath field...

CVE-2020-25706

A cross-site scripting XSS vulnerability exists in templatesimport.php Cacti 1.2.13 due to Improper escaping of error message during template import preview in the xmlpath field...

CVE-2020-16121

PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own...

CVE-2020-4483

IBM UrbanCode Deploy UCD 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181857...

CVE-2020-4483

IBM UrbanCode Deploy UCD 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181857...

Security Bulletin: IBM Security Directory Server vulnerable to multiple issues (CVE-2019-4563, CVE-2019-4547)

Summary Multiple security vulnerabilities have been fixed and delivered in IBM Security Directory Server. Vulnerability Details CVEID: CVE-2019-4563 DESCRIPTION: IBM Security Directory Server does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to ge...

CVE-2020-15703

CVE-2020-15703 affects aptdaemon: there is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, letting aptd read a file as root; with a symlink, an error is produced if the file exists, otherwise no error, enabling...

Information disclosure

IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184574...

CVE-2020-4584

The CVE-2020-4584 issue affects IBM i2 iBase 8.9.13. A remote attacker could obtain sensitive information via a detailed technical error message returned in the browser, enabling information disclosure that could be used for further attacks. The underlying cause is that detailed error messages ar...

CVE-2020-27015

Trend Micro Antivirus for Mac 2020 Consumer contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order...

Code injection

IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949...

CVE-2019-4547

IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949...

Trend Micro Antivirus for Mac Error Message Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Antivirus for Mac. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

Cross site request forgery (csrf)

WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal box...