Cross-site Scripting (XSS)

lightning-server is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute malicious script in a user's browser via an error message in the session controller's addData function...

CVE-2020-16270

OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications. Executed code can be used to steal administrator’s cookies, influence HTML content of...

Trend Micro Antivirus for Mac Error Message Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Antivirus for Mac. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

CVE-2020-15666

When trying to load a non-video in an audio/video context the exact status code 200, 302, 404, 500, 412, 403, etc. was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status ...

Information disclosure

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370...

CVE-2020-4531

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the...

Information disclosure

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the...

CVE-2020-25788

An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message...

Code injection

An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message...

CVE-2020-25788

Tiny Tiny RSS (tt-rss) before 2020-09-16 contains a vulnerability in imgproxy (plugins/af_proxy_http/init.php) where $_REQUEST["url"] is mishandled in an error message. Root cause: improper handling of the URL parameter in error output. Impact indicators in the provided data show high severity (C...

PT-2020-16208

Name of the Vulnerable Software and Affected Versions Tiny Tiny RSS versions prior to 2020-09-16 Description A problem was discovered in Tiny Tiny RSS where the imgproxy function in the plugins/af proxy http/init.php file mishandles the url variable in an error message. Recommendations For versio...

Storefront: Error adding user account in the administrative local group

An error displays during Storefront installation "There was an error adding user account in the administrative local group to the citrixstorefrontadministrator local group."...

SUSE-SU-2020:2607-1 Security update for pdsh, slurm_20_02

This update for pdsh, slurm2002 fixes the following issues: Changes in slurm2002: - Add support for openPMIx also for Leap/SLE 15.0/1 bsc1173805. - Do not run %check on SLE-12-SP2: Some incompatibility in tcl makes this fail. - Remove unneeded build dependency to postgresql-devel. - Disable build...

Citrix Gateway SSO Authentication Breaks or "Cannot Complete Your Request" Error After Upgrading to 13.0 64.35

After upgrading to 13.0-64.35 Gateway SSO authentication breaks or you encounter “Cannot Complete Your Request” error...

Improper access control

An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in information leak via an error message caused by directly accessing the website built by UCMS...

CVE-2020-24981

An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in information leak via an error message caused by directly accessing the website built by UCMS...

Published apps not launching for some users when connecting through VPN, no errors

• Users connect to the company’s network using Citrix Gateway VPN • When launching a published app, the progress popup shows up and disappears seconds later, nothing else shows app, no errors • Receiver Connection center shows a connection with the VDA but no app launched • VDA shows the user...

CVE-2020-4166

IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 174402...

IBM Security Guardium Data Encryption (GDE) Information Disclosure Vulnerability (CNVD-2020-49511)

IBM Security Guardium Data Encryption GDE provides a modular set of encryption solutions that help security teams effectively implement data-at-rest security across the organization. An information disclosure vulnerability exists in IBM Security Guardium Data Encryption GDE 3.0.0.2. An attacker...

Design/Logic Flaw

IBM Security Guardium Data Encryption GDE 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 171931...