Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: hamradio: improve the incomplete fix to avoid NPD The previous commit 3e0588c291d6 "hamradio: defer ax25 kfree after unregisternetdev" reorder the kfree operations and unregisternetdev operation to prevent UAF. This commit improv...

CVE-2021-47085

Removed by vendor...

CVE-2021-46958

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between transaction aborts and fsyncs leading to use-after-free There is a race between a task aborting a transaction during a commit, a task doing an fsync and the transaction kthread, which leads to an...

CVE-2021-46958

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between transaction aborts and fsyncs leading to use-after-free There is a race between a task aborting a transaction during a commit, a task doing an fsync and the transaction kthread, which leads to an...

CVE-2021-46958 btrfs: fix race between transaction aborts and fsyncs leading to use-after-free

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between transaction aborts and fsyncs leading to use-after-free There is a race between a task aborting a transaction during a commit, a task doing an fsync and the transaction kthread, which leads to an...

CVE-2023-47152

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions...

Information disclosure

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. IBM X-Force ID: 270730...

CVE-2023-47152

CVE-2023-47152 affects IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) 11.5. The description notes an insecure cryptographic algorithm and information disclosure in a stack trace under exceptional conditions. IBM has published security bulletins referencing this CVE; these advi...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM DB2 which is shipped with IBM Intelligent Operations Center.

Summary Multiple security vulnerabilities have been identified in IBM DB2 shipped with IBM Intelligent Operations Center. Information about security vulnerabilities affecting IBM DB2 has been published in a security bulletin CVE-2023-47158, CVE-2023-47145, CVE-2023-47747, CVE-2023-27859,...

IBM Db2 Security Vulnerabilities

IBM Db2 is a relational database management system from International Business Machines IBM. The system is implemented on UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a security vulnerability that stems from susceptibility to attacks with insecure encryption algorith...

CVE-2023-41365

SAP Business One B1i - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. After successful exploitation, an attacker can cause limited impact on the confidentiality and no...

Sql injection

SAP Business One B1i - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. After successful exploitation, an attacker can cause limited impact on the confidentiality and no...

CVE-2023-41365

The CVE-2023-41365 issue affects SAP Business One (B1i) 10.0. An authorized attacker can retrieve the fault message stack trace to perform an XML External Entity (XXE) injection, causing information disclosure. The documented impact is limited to confidentiality with no impact to integrity or ava...

Apache Superset Information Disclosure Vulnerability (CNVD-2023-70276)

Apache Superset is an open source data visualization tool based on Python. A security vulnerability in the Apache Superset stack trace error handling can be exploited by a remote attacker to submit a special request that can obtain sensitive information...

CVE-2023-39264

By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0...

Apache Superset 安全漏洞

Apache Superset is an open source data visualization tool based on Python. A security vulnerability in the Apache Superset stack trace error handling can be exploited by a remote attacker to submit a special request that can obtain sensitive information...

Cross Site Scripting (XSS)

Keycloak is vulnerable to Cross Site Scripting XSS. The vulnerability is due to not sanitizing the username field when the same field is displayed back to the user on the user interface through browser. The attacker can include a malicious script in the username field and make that username field...

Azure MCS catalog update fails with FailedToStartImagePreparationVm - CreateUpdateVm-1 timed out

Unable to update a machine catalog for an Azure hosted MCS deployment. The MCS process fails early about 15% into the update The error message shows "Error - Terminated", and the action name is "MCUpdateMachineCatalog" The full stack trace is similar to this : TerminatedStack Trace: at...

Jenkins: Information disclosure through error stack traces related to agents

A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers...

CVE-2023-33181 Sensitive Information Disclosure abusing Stack Trace in Xibo CMS

Xibo is a content management system CMS. Starting in version 3.0.0 and prior to version 3.3.5, some API routes will print a stack trace when called with missing or invalid parameters revealing sensitive information about the locations of paths that the server is using. Users should upgrade to...