45 matches found
XWiki extension license information is public, exposing instance id and license holder details
Impact The licensor application includes the document Licenses.Code.LicenseJSON that provides information for admins regarding active licenses. This document is public and thus exposes this information publicly. The information includes the instance's id as well as first and last name and email o...
CVE-2024-26138 License information is public, exposing instance id and license holder details
The XWiki licensor application, which manages and enforce application licenses for paid extensions, includes the document Licenses.Code.LicenseJSON that provides information for admins regarding active licenses. This document is public and thus exposes this information publicly. The information...
CVE-2023-46348
SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and StUrls::getInstanceId methods...
CVE-2023-46348
SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and StUrls::getInstanceId methods...
CVE-2023-21638
Memory corruption in Video while calling APIs with different instance ID than the one received in initialization...
Memory corruption
Memory corruption in Video while calling APIs with different instance ID than the one received in initialization...
CVE-2023-21638
CVE-2023-21638 describes memory corruption in the video subsystem when APIs are invoked with an instance ID different from the one received during initialization. Several sources (NVD, Red Hat, PRION, CNNVD, Android Pixel bulletin) reference this issue as affecting Qualcomm components and list it...
CVE-2023-21638 Incorrect Type Conversion or Cast in Video
Memory corruption in Video while calling APIs with different instance ID than the one received in initialization...
CVE-2022-42129
An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the formInstanceRecordId parameter...
OpenStack Nova Router metadata queries are not restricted by tenant
Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by 1...
Moodle does not properly validate module instance id
Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors...
CVE-2019-10569
Stack buffer overflow due to instance id is misplaced inside definition of hardware accelerated effects in makefile in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, APQ8098, MDM9607, MDM9640, MSM8998, QCS605, SC8180X, SDM439, SDM630, SDM636, SDM660,...
Stack overflow
Stack buffer overflow due to instance id is misplaced inside definition of hardware accelerated effects in makefile in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, APQ8098, MDM9607, MDM9640, MSM8998, QCS605, SC8180X, SDM439, SDM630, SDM636, SDM660,...
Google Chrome < M73 - MidiManagerWin Use-After-Free Exploit
Google Chrome M73 - MidiManagerWin Use-After-Free Exploit MidiManagerWin uses a similar instanceid mechanism to the TaskService implementation to ensure that delayed tasks are only executed if the MidiManager instance that they were scheduled on is still alive. However, this instanceid is an int,...
Information Disclosure
openstack-nova is vulnerable to information disclosure attacks. The vulnerability exists as an interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive...
Authorization Bypass
phpmyfaq/phpmyfaq is vulnerable to authorization bypasses. The library does not properly handle the instance ID, allowing a malicious user with admin rights to delete a multi-site master instance...
CVE-2014-6049
phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter...
Authorization
phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter...
CVE-2014-3517
api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in...
CVE-2014-3517
OpenStack Nova metadata proxy (api/metadata/handler.py) is affected when proxying metadata requests through Neutron. The vulnerability allows timing-based brute-forcing to guess instance ID signatures. Affected ranges include OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and J...