365 matches found
SUSE CVE-2018-10547
An issue was discovered in ext/phar/pharobject.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an...
SUSE CVE-2019-12529
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checki...
SUSE CVE-2021-23959
An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox 85...
CakePHP vulnerable to Cross-site Scripting in some development error pages
CakePHP 3.4 prior to 3.4.14, 3.5 prior to 3.5.17, and 3.6 prior to 3.6.4 contains a cross-site-scripting XSS vulnerability in the development only missing route and duplicate named route error pages...
PT-2023-33075 · Cakephp · Cakephp
Name of the Vulnerable Software and Affected Versions: CakePHP versions 3.4 prior to 3.4.14 CakePHP versions 3.5 prior to 3.5.17 CakePHP versions 3.6 prior to 3.6.4 Description: The issue is a cross-site-scripting XSS vulnerability found in the development only missing route and duplicate named...
CVE-2022-34472
If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...
DEBIAN-CVE-2022-34472
If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...
CVE-2022-43570
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language XML external entity XXE injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error...
DEBIAN-CVE-2022-40468
Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in processrequest function...
UBUNTU-CVE-2022-40468
Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in processrequest function...
Syncovery 跨站脚本漏洞
Syncovery is a superbly versatile synchronization, copy, move, and backup tool from Syncovery Germany. A cross-site scripting vulnerability exists in Syncovery 9 for Linux prior to v9.48j, which stems from a missing output encoding in the error and status pages, and can be exploited by an attacke...
Ubuntu: Security Advisory (USN-5512-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-33930
Dell Wyse Management Suite 3.6.1 and below contains Information Disclosure in Devices error pages. An attacker could potentially exploit this vulnerability, leading to the disclosure of certain sensitive information. The attacker may be able to use the exposed information to access and further...
CVE-2022-33930
Dell Wyse Management Suite 3.6.1 and below contains Information Disclosure in Devices error pages. An attacker could potentially exploit this vulnerability, leading to the disclosure of certain sensitive information. The attacker may be able to use the exposed information to access and further...
CVE-2022-34472
If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...
UBUNTU-CVE-2022-34472
If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...
Mozilla: Unavailable PAC file resulted in OCSP requests being blocked
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that if a PAC URL was set and the server that hosts the PAC was not reachable, OCSP requests are blocked, resulting in incorrect error pages being shown...
Mozilla: Unavailable PAC file resulted in OCSP requests being blocked
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that if a PAC URL was set and the server that hosts the PAC was not reachable, OCSP requests are blocked, resulting in incorrect error pages being shown...
Mozilla: Unavailable PAC file resulted in OCSP requests being blocked
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that if a PAC URL was set and the server that hosts the PAC was not reachable, OCSP requests are blocked, resulting in incorrect error pages being shown...
Mozilla: Unavailable PAC file resulted in OCSP requests being blocked
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that if a PAC URL was set and the server that hosts the PAC was not reachable, OCSP requests are blocked, resulting in incorrect error pages being shown...