CVE-2023-48308

CVE-2023-48308 affects the Nextcloud Calendar app. The authenticated user can trigger an error while editing a calendar appointment that exposes the server’s stacktrace and internal paths. Affected software: Nextcloud Calendar prior to version 4.5.3. Root cause: error handling leaks internal debu...

CVE-2023-48308 Calendar app returns full stacktrace when an error happens while editing appointment

Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3...

PT-2023-30770 · Nextcloud · Nextcloud Calendar

Name of the Vulnerable Software and Affected Versions: Nextcloud Calendar app versions prior to 4.5.3 Description: An issue exists where an attacker can gain access to the stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. Recommendation...

Calendar app returns full stacktrace when an error happens while editing appointment

None...

GSD-2023-1002364 riscv: stacktrace: Fix missing the first frame

riscv: stacktrace: Fix missing the first frame This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.94 by commit...

GSD-2023-1002333 riscv: stacktrace: Fix missing the first frame

riscv: stacktrace: Fix missing the first frame This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.12 by commit...

PT-2023-35408 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.12 Description: The issue is related to a missing frame in the stacktrace. It was introduced in version v5.17 and fixed in version v6.1.12. The actual impact and attack plausibility have not yet been proven...

PT-2023-35439 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.94 Description: The issue is related to a missing frame in the stacktrace. It was introduced in version v5.15.24 and fixed in version v5.15.94. The actual impact and attack plausibility have not yet been...

SUSE CVE-2009-4071

Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting XSS attacks via unspecified vectors...

GSD-2022-1005340 arm64: stacktrace: use non-atomic __set_bit

arm64: stacktrace: use non-atomic setbit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.2 by commit...

CVE-2022-35111

SWFTools commit 772e55a2 was discovered to contain a stack overflow via sanitizer::StackDepotNode::hashsanitizer::StackTrace const& at /sanitizercommon/sanitizerstackdepot.cpp...

CVE-2022-35111

SWFTools commit 772e55a2 was discovered to contain a stack overflow via sanitizer::StackDepotNode::hashsanitizer::StackTrace const& at /sanitizercommon/sanitizerstackdepot.cpp...

UBUNTU-CVE-2022-35111

SWFTools commit 772e55a2 was discovered to contain a stack overflow via sanitizer::StackDepotNode::hashsanitizer::StackTrace const& at /sanitizercommon/sanitizerstackdepot.cpp...

CVE-2022-35111

SWFTools (commit 772e55a2) ontains a stack overflow in sanitizer_stackdepot.cpp: __sanitizer::StackDepotNode::hash(__sanitizer::StackTrace const&). The CVE-2022-35111 entry reflects a stack overflow vulnerability in SWFTools, with exploitation described as LOCAL vector, HIGH availability impact ...

Path Traversal in io.hawt:project

hawtio before versions 2.0-beta-1, 2.0-beta-2, 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 are vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root...

GHSA-6PW2-5HJV-9PF7 Sandbox bypass in vm2

The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine...

PT-2025-37622

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.0.0-rc3+ 490 Description: The Linux kernel contained a flaw in the ACPI subsystem where calling acpi os map memory on an invalid physical address could lead to a warning and potentially an oops/stacktrace. Thi...

golang:fuzzer-gzip: Segv on unknown address with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=6198139272560640 Project: golang Fuzzing Engine: libFuzzer Fuzz Target: fuzzer-gzip Job Type: libfuzzerasangolang Platform Id: linux Crash Type: Segv on unknown address Crash Address: Crash State: NULL Sanitizer: address ASAN Crash Revision:...

cascadia:fuzz: Crash with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=6491831037329408 Project: cascadia Fuzzing Engine: libFuzzer Fuzz Target: fuzz Job Type: libfuzzerasancascadia Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000260f110 Crash State: NULL Sanitizer: address ASAN Recommended Securit...

fasthttp:fuzz_request: Crash with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=5745696710590464 Project: fasthttp Fuzzing Engine: libFuzzer Fuzz Target: fuzzrequest Job Type: libfuzzerasanfasthttp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000555d7b8 Crash State: NULL Sanitizer: address ASAN Recommended...