summacollege.nl Cross Site Scripting vulnerability OBB-3938432
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue.....
6.7AI Score
EPSS
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue.....
EPSS
Part 1: XZ backdoor story – Initial analysis Part 2: Assessing the Y, and How, of the XZ Utils incident (social engineering) In our first article on the XZ backdoor, we analyzed its code from initial infection to the function hooking it performs. As we mentioned then, its initial goal was to...
8.6AI Score
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue.....
EPSS
The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is:...
EPSS
The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. It can be used to remove the existing restrictions and disable WINSelect...
6.7AI Score
EPSS
The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is:...
6.5AI Score
EPSS
The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. It can be used to remove the existing restrictions and disable WINSelect...
EPSS
The configuration file is encrypted with a static key derived from a static five-character password which allows an attacker to decrypt this file. The application hashes this five-character password with the outdated and broken MD5 algorithm (no salt) and uses the first five bytes as the key...
EPSS
The configuration file is encrypted with a static key derived from a static five-character password which allows an attacker to decrypt this file. The application hashes this five-character password with the outdated and broken MD5 algorithm (no salt) and uses the first five bytes as the key...
6.7AI Score
EPSS
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: wazero, node-problem-detector, gobuster, gitlab-shell, dagger, secrets-store-csi-driver-provider-azure, velero, gitlab-runner, kaf, regclient, prometheus-blackbox-exporter, nri-elasticsearch, scorecard, esbuild, kubernetes-dashboard-metrics-scraper, paranoia, task,...
7.8AI Score
0.0004EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: bank-vaults, node-problem-detector, istio-pilot-agent, gitlab-shell, dagger, secrets-store-csi-driver-provider-azure, velero, gitlab-runner, kaf, rabbitmq-messaging-topology-operator, containerd, hugo, scorecard, kubernetes-dashboard-metrics-scraper, runc,...
7.5AI Score
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: bank-vaults, gobuster, gitlab-shell, secrets-store-csi-driver-provider-azure, rabbitmq-messaging-topology-operator, coredns, hugo, kubernetes-dashboard-metrics-scraper, terraform-provider-azurerm, nri-f5, prometheus-nats-exporter, dgraph, cert-manager-webhook-pdns,...
6.8AI Score
0.0004EPSS
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: bank-vaults, gobuster, gitlab-shell, secrets-store-csi-driver-provider-azure, snyk-cli, rabbitmq-messaging-topology-operator, coredns, kubernetes-dashboard-metrics-scraper, terraform-provider-azurerm, nri-f5, prometheus-nats-exporter, dgraph,...
5.5CVSS
6.1AI Score
0.0004EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: bank-vaults, node-problem-detector, istio-pilot-agent, gitlab-shell, dagger, secrets-store-csi-driver-provider-azure, velero, gitlab-runner, kaf, rabbitmq-messaging-topology-operator, containerd, hugo, scorecard, kubernetes-dashboard-metrics-scraper, runc,...
6.7AI Score
0.0004EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: wazero, node-problem-detector, gobuster, gitlab-shell, dagger, secrets-store-csi-driver-provider-azure, velero, gitlab-runner, kaf, regclient, prometheus-blackbox-exporter, nri-elasticsearch, scorecard, esbuild, kubernetes-dashboard-metrics-scraper, paranoia, task,...
7.8AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: wazero, node-problem-detector, gobuster, gitlab-shell, dagger, secrets-store-csi-driver-provider-azure, velero, gitlab-runner, kaf, regclient, prometheus-blackbox-exporter, nri-elasticsearch, scorecard, esbuild, kubernetes-dashboard-metrics-scraper, paranoia, task,...
7.5AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: wazero, node-problem-detector, gobuster, gitlab-shell, dagger, secrets-store-csi-driver-provider-azure, velero, gitlab-runner, kaf, regclient, prometheus-blackbox-exporter, nri-elasticsearch, scorecard, esbuild, kubernetes-dashboard-metrics-scraper, paranoia, task,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: wazero, node-problem-detector, gobuster, gitlab-shell, dagger, secrets-store-csi-driver-provider-azure, velero, gitlab-runner, kaf, regclient, prometheus-blackbox-exporter, nri-elasticsearch, scorecard, esbuild, kubernetes-dashboard-metrics-scraper, paranoia, task,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: wazero, node-problem-detector, gobuster, gitlab-shell, dagger, secrets-store-csi-driver-provider-azure, velero, gitlab-runner, kaf, regclient, prometheus-blackbox-exporter, nri-elasticsearch, scorecard, esbuild, kubernetes-dashboard-metrics-scraper, paranoia, task,...
7.5AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: bank-vaults, gobuster, gitlab-shell, secrets-store-csi-driver-provider-azure, rabbitmq-messaging-topology-operator, coredns, hugo, kubernetes-dashboard-metrics-scraper, terraform-provider-azurerm, nri-f5, prometheus-nats-exporter, dgraph, cert-manager-webhook-pdns,...
7.5AI Score
CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: bank-vaults, gobuster, gitlab-shell, secrets-store-csi-driver-provider-azure, snyk-cli, rabbitmq-messaging-topology-operator, coredns, kubernetes-dashboard-metrics-scraper, terraform-provider-azurerm, nri-f5, prometheus-nats-exporter, dgraph,...
9.8CVSS
9.7AI Score
0.001EPSS
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: wazero, node-problem-detector, gobuster, gitlab-shell, dagger, secrets-store-csi-driver-provider-azure, velero, gitlab-runner, kaf, regclient, prometheus-blackbox-exporter, nri-elasticsearch, scorecard, esbuild, kubernetes-dashboard-metrics-scraper, paranoia, task,...
7.8AI Score
0.0004EPSS
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: wazero, node-problem-detector, gobuster, gitlab-shell, dagger, secrets-store-csi-driver-provider-azure, velero, gitlab-runner, kaf, regclient, prometheus-blackbox-exporter, nri-elasticsearch, scorecard, esbuild, kubernetes-dashboard-metrics-scraper, paranoia, task,...
7.5AI Score
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: wazero, node-problem-detector, gobuster, gitlab-shell, dagger, secrets-store-csi-driver-provider-azure, velero, gitlab-runner, kaf, regclient, prometheus-blackbox-exporter, nri-elasticsearch, scorecard, esbuild, kubernetes-dashboard-metrics-scraper, paranoia, task,...
7.8AI Score
0.0004EPSS
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: bank-vaults, gobuster, gitlab-shell, secrets-store-csi-driver-provider-azure, snyk-cli, rabbitmq-messaging-topology-operator, coredns, kubernetes-dashboard-metrics-scraper, terraform-provider-azurerm, nri-f5, prometheus-nats-exporter, dgraph,...
7.5AI Score
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: bank-vaults, gobuster, gitlab-shell, secrets-store-csi-driver-provider-azure, snyk-cli, rabbitmq-messaging-topology-operator, coredns, kubernetes-dashboard-metrics-scraper, terraform-provider-azurerm, nri-f5, prometheus-nats-exporter, dgraph,...
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: wazero, node-problem-detector, gobuster, gitlab-shell, dagger, secrets-store-csi-driver-provider-azure, velero, gitlab-runner, kaf, regclient, prometheus-blackbox-exporter, nri-elasticsearch, scorecard, esbuild, kubernetes-dashboard-metrics-scraper, paranoia, task,...
6AI Score
0.0004EPSS
CVE-2023-0464 affecting package kata-containers-cc for versions less than 0.4.1-2
CVE-2023-0464 affecting package kata-containers-cc for versions less than 0.4.1-2. This CVE either no longer is or was never...
7.5CVSS
8AI Score
0.003EPSS
CVE-2023-0465 affecting package kata-containers-cc for versions less than 0.4.1-2
CVE-2023-0465 affecting package kata-containers-cc for versions less than 0.4.1-2. This CVE either no longer is or was never...
5.3CVSS
6.9AI Score
0.001EPSS
CVE-2023-2650 affecting package kata-containers-cc for versions less than 0.4.1-2
CVE-2023-2650 affecting package kata-containers-cc for versions less than 0.4.1-2. This CVE either no longer is or was never...
6.5CVSS
7.5AI Score
0.001EPSS
CVE-2023-44487 affecting package kata-containers-cc for versions less than 0.6.1-2
CVE-2023-44487 affecting package kata-containers-cc for versions less than 0.6.1-2. A patched version of the package is...
7.5CVSS
8.9AI Score
0.732EPSS
CVE-2024-36497 Unhashed Storage of Password
The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. It can be used to remove the existing restrictions and disable WINSelect...
EPSS
CVE-2024-36496 Hardcoded Credentials
The configuration file is encrypted with a static key derived from a static five-character password which allows an attacker to decrypt this file. The application hashes this five-character password with the outdated and broken MD5 algorithm (no salt) and uses the first five bytes as the key...
EPSS
x-toys.nl Cross Site Scripting vulnerability OBB-3938430
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
taxi-info.be Cross Site Scripting vulnerability OBB-3938426
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
wetlandnetwork.ca Cross Site Scripting vulnerability OBB-3938428
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
salzburg-erleben.at Cross Site Scripting vulnerability OBB-3938423
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
stemcelltherjournal.com Cross Site Scripting vulnerability OBB-3938424
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
replicawatchess.cn Cross Site Scripting vulnerability OBB-3938421
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
rtvnunspeet.nl Cross Site Scripting vulnerability OBB-3938422
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
replicawatchesbuy.com Cross Site Scripting vulnerability OBB-3938420
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
pieces-de-theatre.fr Cross Site Scripting vulnerability OBB-3938414
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
liptovskypeter.sk Cross Site Scripting vulnerability OBB-3938409
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
horsemanscorner.com Cross Site Scripting vulnerability OBB-3938405
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
freelance-informatique.fr Cross Site Scripting vulnerability OBB-3938403
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
e-primatur.com Cross Site Scripting vulnerability OBB-3938400
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
facewebsites.com Cross Site Scripting vulnerability OBB-3938401
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CVE-2024-36495 Read/Write Permissions for Everyone on Configuration File
The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is:...
EPSS