Complex Maintenance, Repair, And Overhaul Security Vulnerabilities
ahmedandcoproperties.com Cross Site Scripting vulnerability OBB-3927949
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
directfreight.truckersearch.com Cross Site Scripting vulnerability OBB-3927948
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
fjscerecruitment.com Cross Site Scripting vulnerability OBB-3927947
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
directfreight.com Cross Site Scripting vulnerability OBB-3927946
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
Summary The IBM Security Directory Integrator was vulnerable to multiple security vulnerabilities in the Eclipse Jetty component. This was addressed in version 10 of the IBM Security Directory Integrator. Vulnerability Details ** CVEID: CVE-2017-9735 DESCRIPTION: **Jetty could allow a remote...
9.8CVSS
9AI Score
0.802EPSS
jobs.atwork.com Cross Site Scripting vulnerability OBB-3927943
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
cem-instruments.in Cross Site Scripting vulnerability OBB-3927942
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
monetizationeasy.com Cross Site Scripting vulnerability OBB-3927941
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
blueribbonmillwork.ca Cross Site Scripting vulnerability OBB-3927939
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
metrolaw.ca Cross Site Scripting vulnerability OBB-3927938
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
apreco.com Cross Site Scripting vulnerability OBB-3927937
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
Security Advisory Description CVE-2024-21054 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network...
4.9CVSS
0.001EPSS
Security Vulnerabilities fixed in Thunderbird 115.11 — Mozilla
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. If the browser.privatebrowsing.autostart preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by...
K000139594 : libxml2 vulnerability CVE-2022-40304
Security Advisory Description An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. (CVE-2022-40304). Impact This vulnerability allows a...
7.8CVSS
0.001EPSS
Security Advisory Description CVE-2024-21049 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols...
4.9CVSS
0.0004EPSS
K000139616 : MySQL vulnerability CVE-2024-21051
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...
4.9CVSS
0.0004EPSS
Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with git clone --no-local to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but...
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1,...
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 This reverts drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap. The basic problem here is that after the move the old location is simply not...
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout There is a race condition between l2cap_chan_timeout() and l2cap_chan_del(). When we use l2cap_chan_del() to delete the channel, the chan->conn will be set to null. But....
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout When the sco connection is established and then, the sco socket is releasing, timeout_work will be scheduled to judge whether the sco disconnection is timeout. The sock....
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to...
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fix Use-After-Free in gtp_dellink Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of gtp_dellink, is not part of the RCU read critical section, it is possible that the RCU grace period will pass....
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix Use-After-Free in ovs_ct_exit Since kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal of ovs_ct_limit_exit, is not part of the RCU read critical section, it is possible that the RCU grace...
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix Use-After-Free in tcp_ao_connect_init Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of tcp_ao_connect_init, is not part of the RCU read critical section, it is possible that the RCU grace...
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: aqc111: check packet for fixup for true limit If a device sends a packet that is inbetween 0 and sizeof(u64) the value passed to skb_trim() as length will wrap around ending up as some very large value. The driver will then...
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: disable sending io_uring over sockets File reference cycles have caused lots of problems for io_uring in the past, and it still doesn't work exactly right and races with unix_stream_read_generic(). The safest fix....
0.0004EPSS
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory......
megafoni.kulma.net Cross Site Scripting vulnerability OBB-3927935
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
app.jobmatchprofile.com Cross Site Scripting vulnerability OBB-3927934
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
ardmoremusichall.com Cross Site Scripting vulnerability OBB-3927933
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
arcona.com Cross Site Scripting vulnerability OBB-3927932
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address
Summary The way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. Details This commit added the proxy protocol listener as the only listener in sshpiper, with no option to toggle this functionality off. This means that any connection...
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
Summary Nokogiri v1.16.5 upgrades its dependency libxml2 to 2.12.7 from 2.12.6. libxml2 v2.12.7 addresses CVE-2024-34459: described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 patched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53 Impact There is no impact to Nokogiri...
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
Summary Nokogiri v1.16.5 upgrades its dependency libxml2 to 2.12.7 from 2.12.6. libxml2 v2.12.7 addresses CVE-2024-34459: described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 patched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53 Impact There is no impact to Nokogiri...
Grafana folders admin only permission privilege escalation
Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-36062 that affects Grafana instances which are using Grafana role-based access control (RBAC). Release 9.1.6, latest patch, also containing security fix: Download Grafana.....
3.8CVSS
0.001EPSS
Grafana folders admin only permission privilege escalation
Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-36062 that affects Grafana instances which are using Grafana role-based access control (RBAC). Release 9.1.6, latest patch, also containing security fix: Download Grafana.....
3.8CVSS
0.001EPSS
Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-39201 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...
7.5CVSS
0.001EPSS
Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-39201 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...
7.5CVSS
0.001EPSS
Grafana when using email as a username can block other users from signing in
Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-39229 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...
4.3CVSS
0.001EPSS
Grafana when using email as a username can block other users from signing in
Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-39229 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...
4.3CVSS
0.001EPSS
Grafana Email addresses and usernames can not be trusted
Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate severity security fixes for CVE-2022-39306. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: Download...
8.1CVSS
0.002EPSS
Grafana Email addresses and usernames can not be trusted
Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate severity security fixes for CVE-2022-39306. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: Download...
8.1CVSS
0.002EPSS
Grafana User enumeration via forget password
Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate security fixes for CVE-2022-39307. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: Download Grafana...
5.3CVSS
0.001EPSS
Grafana User enumeration via forget password
Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate security fixes for CVE-2022-39307. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: Download Grafana...
5.3CVSS
0.001EPSS
Grafana Spoofing originalUrl of snapshots
To create a snapshot (and insert an arbitrary URL) the built-in role Viewer is sufficient. When a dashboard is shared as a local snapshot, the following three fields are offered in the web UI for a user to fill out: • Snapshotname • Expire • Timeout(seconds) After the user confirms creation of the....
3.5CVSS
0.001EPSS
Grafana Spoofing originalUrl of snapshots
To create a snapshot (and insert an arbitrary URL) the built-in role Viewer is sufficient. When a dashboard is shared as a local snapshot, the following three fields are offered in the web UI for a user to fill out: • Snapshotname • Expire • Timeout(seconds) After the user confirms creation of the....
3.5CVSS
0.001EPSS
Grafana Race condition allowing privilege escalation
Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes critical security fixes for CVE-2022-39328. Release 9.2.4, latest patch, also containing security fix: Download Grafana 9.2.4 Appropriate patches have been applied to Grafana Cloud and as always, we...
8.1CVSS
0.002EPSS
Grafana Race condition allowing privilege escalation
Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes critical security fixes for CVE-2022-39328. Release 9.2.4, latest patch, also containing security fix: Download Grafana 9.2.4 Appropriate patches have been applied to Grafana Cloud and as always, we...
8.1CVSS
0.002EPSS
Grafana Escalation from admin to server admin when auth proxy is used
Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-35957 that affects Grafana instances which are using Grafana Auth Proxy. Release 9.1.6, latest patch, also containing security fix: Download Grafana 9.1.6 Release notes ...
6.6CVSS
0.003EPSS