EUVD-2001-1054

Malware in sbrugna...

CVE-2021-43206

A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL14-2024-014)

The version of postgresql installed on the remote host is prior to 14.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL14-2024-014 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL13-2024-008)

The version of postgresql installed on the remote host is prior to 13.17-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL13-2024-008 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change...

Amazon Linux 2023 : postgresql15, postgresql15-contrib, postgresql15-llvmjit (ALAS2023-2024-787)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-787 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction...

CBL Mariner 2.0 Security Update: postgresql (CVE-2024-10977)

The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10977 advisory. - Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS...

CVE-2024-10977

CVE-2024-10977 affects PostgreSQL libpq by allowing a server to send an error message that, when the client is not trusting SSL/GSS settings, can reveal arbitrary non-NUL bytes to the client (e.g., psql). Affected products/versions include PostgreSQL before the fixed point: 17.1 and older branche...

CVE-2024-10977

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...

CVE-2024-39719

An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, providing a primitive for file existence on the...

OS Command Injection in fabio286/antares

✍️ Description The application displays the connection error message returned by the server without removing the malicious tags, which leads to XSS attacks. https://imgur.com/3MhhvFp.png https://i.imgur.com/RksNgXF.png Being an application made in electron, an XSS can be scaled to RCE, making it...

SmartClient Absolute Path Information Disclosure Vulnerability

smartclient is an enterprise ajax framework , including very good UI library , tool library and client-server data binding and other features . An absolute path information disclosure vulnerability exists in SmartClient 12.0. An unauthenticated attacker can exploit this vulnerability by sending a...

sssd security, bug fix, and enhancement update

1.16.4-21 - Resolves: rhbz1714952 - sssd RHEL 7.7 Tier 0 Localization - Rebuild japanese gmo file explicitly 1.16.4-20 - Resolves: rhbz1714952 - sssd RHEL 7.7 Tier 0 Localization 1.16.4-19 - Resolves: rhbz1707959 - sssd does not properly check GSS-SPNEGO 1.16.4-18 - Resolves: rhbz1710286 - The...

Quicktime Player <= 7.3.1.70 (rtsp) Buffer Overflow Vulnerability

No description provided by source. Luigi Auriemma Application: Quicktime Player http://www.apple.com/quicktime Versions: = 7.3.1.70 Platforms: Windows and Mac Bug: buffer-overflow Exploitation: remote Date: 10 Jan 2008 Thanx to: swirl for the help during the re-testing of the bug Author: Luigi...

CVE-2001-1073

Webridge PX Application Suite allows remote attackers to obtain sensitive information via a malformed request that generates a server error message, which includes full pathname or internal IP address information in the variables 1 APPLPHYSICALPATH, 2 PATHTRANSLATED, and 3 LOCALADDR...

CVE-2001-1073

Webridge PX Application Suite allows remote attackers to obtain sensitive information via a malformed request that generates a server error message, which includes full pathname or internal IP address information in the variables 1 APPLPHYSICALPATH, 2 PATHTRANSLATED, and 3 LOCALADDR...

CURL-CVE-2000-0973 FTP Server Response Buffer Overflow

When storing an FTP server's error message on failure, there was no check for input length and thus a malicious FTP server could overflow curl's stack based buffer...

Tomcat 3.0/3.1 Snoop Servlet - Information Disclosure

source: https://www.securityfocus.com/bid/1532/info A vulnerability exists in the snoop servlet portion of the Tomcat package, version 3.1, from the Apache Software Foundation. Upon hitting an nonexistent file with the .snp extension, too much information is presented by the server as part of the...

Fastraq Mailtraq 1.1.4 - Multiple Path Vulnerabilities

source: https://www.securityfocus.com/bid/1278/info A remote user may browse any known directory on a host running Fastraq Mailtraq 1.1.4 by making a URL request that includes the '../' string. In addition, requesting a URL appended with "../" and an unusually long character string will return an...