1756-EN2TXT Series A, B, C Security Vulnerabilities

acappella.com.my Cross Site Scripting vulnerability OBB-3936705

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

antipest.com.my Cross Site Scripting vulnerability OBB-3936704

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

saujanavilla.com Cross Site Scripting vulnerability OBB-3936703

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

bakeroni.com Cross Site Scripting vulnerability OBB-3936702

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

netallianz.com Cross Site Scripting vulnerability OBB-3936701

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

damas-suites.com Cross Site Scripting vulnerability OBB-3936700

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

docs.shinobi.video Cross Site Scripting vulnerability OBB-3936699

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-36115

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. As a Maven repository manager, Reposilite provides the ability to view the artifacts content in the browser, as well as perform administrative tasks via API. The problem lies in....

CVE-2024-36116

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller allows to expand the...

CVE-2024-36115

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. As a Maven repository manager, Reposilite provides the ability to view the artifacts content in the browser, as well as perform administrative tasks via API. The problem lies in....

CVE-2024-36116

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller allows to expand the...

avkrealestate.com Cross Site Scripting vulnerability OBB-3936697

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

ViLe Cybercrime Group Members Plead Guilty to Hacking DEA Portal

"ViLe" Hackers Busted! Two men plead guilty to breaching a federal law enforcement portal. Learn about the dangers of cybercrime, doxxing, and how authorities are working to combat these threats. This case highlights the importance of cybersecurity for law enforcement and the consequences for...

CVE-2024-36116 Path traversal in Reposilite javadoc file expansion

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller allows to expand the...

CVE-2024-36115 Stored Cross site scripting in Reposilite artifacts

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. As a Maven repository manager, Reposilite provides the ability to view the artifacts content in the browser, as well as perform administrative tasks via API. The problem lies in....

CVE-2024-32030

Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka UI API allows users to connect to different Kafka brokers by specifying their network address and port. As a separate feature, it also provides the ability to monitor the performance of Kafka brokers by connecting to their JMX...

CVE-2024-32030

Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka UI API allows users to connect to different Kafka brokers by specifying their network address and port. As a separate feature, it also provides the ability to monitor the performance of Kafka brokers by connecting to their JMX...

CVE-2022-23829

A flaw was found in AMD SPI. The protection features may allow a malicious attacker with Ring0 kernel mode access to bypass the native System Management Mode (SMM) ROM protections. Mitigation Platform BIOS changes are needed to enable AMD ROM Armor. Please contact OEM supplier for the BIOS...

auenland-records.com Cross Site Scripting vulnerability OBB-3936696

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw

Crypto exchange Kraken revealed that an unnamed security researcher exploited an "extremely critical" zero-day flaw in its platform to steal $3 million in digital assets and refused to return them. Details of the incident were shared by Kraken's Chief Security Officer, Nick Percoco, on X (formerly....

CVE-2024-32030 Remote code execution via JNDI resolution in JMX metrics collection in Kafka UI

Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka UI API allows users to connect to different Kafka brokers by specifying their network address and port. As a separate feature, it also provides the ability to monitor the performance of Kafka brokers by connecting to their JMX...

news.kiwistand.com Open Redirect vulnerability OBB-3936693

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Exploit for Expression Language Injection in Vmware Spring Cloud Gateway

CVE-2022-22947 A code injection attack on spring cloud...

Security Bulletin: Vulnerabilities in Apache Tomcat affect IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary Vulnerabilities in Apache Tomcat affect the product's management GUI, potentially allowing denial of service. The Command Line Interface is unaffected. CVE-2024-23672, CVE-2024-24549. Vulnerability Details ** CVEID: CVE-2024-23672 DESCRIPTION: **Apache Tomcat is vulnerable to a denial of...

Security Bulletin: Vulnerabilities in IBM Java affect IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850. Vulnerability Details **...

Security Bulletin: Vulnerabilities in Linux components affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in libssh, nginx and nghttp2 affect IBM Storage Virtualize products and could cause denial of service and bypassing of authentication. CVE-2023-44487, CVE-2023-1667, CVE-2023-2283. Vulnerability Details ** CVEID: CVE-2023-44487 DESCRIPTION: **Multiple vendors are...

CVE-2023-31130 vulnerabilities

Vulnerabilities for packages:...

CVE-2023-31147 vulnerabilities

Vulnerabilities for packages:...

CVE-2023-32067 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-25629 vulnerabilities

Vulnerabilities for packages:...

CVE-2023-31124 vulnerabilities

Vulnerabilities for packages:...

CVE-2020-1472 affecting package samba for versions less than 4.12.5-4

CVE-2020-1472 affecting package samba for versions less than 4.12.5-4. A patched version of the package is...

CVE-2023-45287 affecting package golang for versions less than 1.21.6-1

CVE-2023-45287 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

CVE-2023-7008 affecting package systemd for versions less than 123

CVE-2023-7008 affecting package systemd for versions less than 123. A patched version of the package is...

CVE-2023-48795 affecting package jsch for versions less than 0.1.55-2

CVE-2023-48795 affecting package jsch for versions less than 0.1.55-2. A patched version of the package is...

CVE-2023-45285 affecting package golang for versions less than 1.21.6-1

CVE-2023-45285 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

CVE-2023-5678 affecting package edk2 for versions less than 20230301gitf80f052277c8-38

CVE-2023-5678 affecting package edk2 for versions less than 20230301gitf80f052277c8-38. A patched version of the package is...

CVE-2023-44487 affecting package moby-cli for versions less than 20.10.25-2

CVE-2023-44487 affecting package moby-cli for versions less than 20.10.25-2. A patched version of the package is...

CVE-2023-44487 affecting package flannel for versions less than 0.14.0-18

CVE-2023-44487 affecting package flannel for versions less than 0.14.0-18. A patched version of the package is...

CVE-2023-25801 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25801 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...

CVE-2023-25660 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25660 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...

CVE-2023-25658 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25658 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...

CVE-2023-3817 affecting package rust for versions less than 1.68.2-5

CVE-2023-3817 affecting package rust for versions less than 1.68.2-5. A patched version of the package is...

CVE-2023-29406 affecting package golang for versions less than 1.20.7-1

CVE-2023-29406 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...

CVE-2023-29403 affecting package golang for versions less than 1.20.7-1

CVE-2023-29403 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...

CVE-2023-29402 affecting package golang for versions less than 1.20.7-1

CVE-2023-29402 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...

CVE-2023-24538 affecting package golang for versions less than 1.19.8-1

CVE-2023-24538 affecting package golang for versions less than 1.19.8-1. A patched version of the package is...

CVE-2022-41725 affecting package msft-golang for versions less than 1.19.6-1

CVE-2022-41725 affecting package msft-golang for versions less than 1.19.6-1. A patched version of the package is...

CVE-2023-39326 affecting package golang for versions less than 1.21.6-1

CVE-2023-39326 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

CVE-2023-24536 affecting package golang for versions less than 1.21.6-1

CVE-2023-24536 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...