6 matches found
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the orderscontroller parameter. An attacker can access sensitive personal information of guest users, such as names, addresses, and phone numbers, by supplying a valid order ID for a...
CVE-2026-25757
Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 5.0.8, 5.1.10, 5.2.7, and 5.3.2, unauthenticated users can view completed guest orders by Order ID. This issue may lead to disclosure of PII of guest users including names, addresses and phone numbers. This...
Linux Distros Unpatched Vulnerability : CVE-2020-11740
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users without active profiling to obtain sensitive information about other guests...
SUSE CVE-2020-12966
AMD EPYCtm Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State SEV-ES and Secure Encrypted Virtualization with Secure Nested Paging SEV-SNP. A local authenticated attacker could potentially exploit this vulnerability leading to...
DEBIAN-CVE-2017-15589
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS or an arbitrary guest OS because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory...
DEBIAN-CVE-2015-8555
Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors...