F-Secure Endpoint Protection Products On Windows, Mac And Linux Security Security Vulnerabilities

hoopsalytics.com Cross Site Scripting vulnerability OBB-3931942

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-5138

The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of.....

Friday Squid Blogging: Baby Colossal Squid

This video might be a juvenile colossal squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines...

CVE-2024-34009 moodle: ReCAPTCHA can be bypassed on the login page

Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is...

CVE-2024-34005 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_data backup

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file...

CVE-2024-34004 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_wiki backup

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file...

CVE-2024-34003 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_workshop backup

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file...

CVE-2024-34002 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_feedback backup

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules and direct access to the web server outside of the Moodle webroot could execute a local file...

Exploit for CVE-2024-27348

CVE-2024-27348 **For Ethical Usages only, Any harmful or...

yardmastersniagara.com Cross Site Scripting vulnerability OBB-3931941

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

summerofloveconcert.com Cross Site Scripting vulnerability OBB-3931940

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-33998 moodle: stored XSS via user's name on participants page when opening some options

Insufficient escaping of participants' names in the participants page table resulted in a stored XSS risk when interacting with some...

italianicecream.ca Cross Site Scripting vulnerability OBB-3931938

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

riverrapidsinn.com Cross Site Scripting vulnerability OBB-3931937

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

greekonportage.com Cross Site Scripting vulnerability OBB-3931936

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

daverotella.com Cross Site Scripting vulnerability OBB-3931935

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

eccdc.org Cross Site Scripting vulnerability OBB-3931934

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

yowdesign.com Cross Site Scripting vulnerability OBB-3931932

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2022-36765 affecting package edk2 for versions less than 20240223gitedc6681206c1-1

CVE-2022-36765 affecting package edk2 for versions less than 20240223gitedc6681206c1-1. An upgraded version of the package is available that resolves this...

CVE-2024-25110 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1

CVE-2024-25110 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1. An upgraded version of the package is available that resolves this...

CVE-2023-5115 affecting package ansible for versions less than 2.17.0-1

CVE-2023-5115 affecting package ansible for versions less than 2.17.0-1. An upgraded version of the package is available that resolves this...

CVE-2023-5764 affecting package ansible for versions less than 2.17.0-1

CVE-2023-5764 affecting package ansible for versions less than 2.17.0-1. An upgraded version of the package is available that resolves this...

CVE-2024-32487 affecting package less for versions less than 643-2

CVE-2024-32487 affecting package less for versions less than 643-2. A patched version of the package is...

CVE-2024-31744 affecting package jasper for versions less than 4.2.1-2

CVE-2024-31744 affecting package jasper for versions less than 4.2.1-2. A patched version of the package is...

CVE-2022-36764 affecting package edk2 for versions less than 20240223gitedc6681206c1-1

CVE-2022-36764 affecting package edk2 for versions less than 20240223gitedc6681206c1-1. An upgraded version of the package is available that resolves this...

CVE-2023-45234 affecting package edk2 for versions less than 20240223gitedc6681206c1-1

CVE-2023-45234 affecting package edk2 for versions less than 20240223gitedc6681206c1-1. An upgraded version of the package is available that resolves this...

CVE-2022-36763 affecting package edk2 for versions less than 20240223gitedc6681206c1-1

CVE-2022-36763 affecting package edk2 for versions less than 20240223gitedc6681206c1-1. An upgraded version of the package is available that resolves this...

CVE-2023-45231 affecting package edk2 for versions less than 20240223gitedc6681206c1-1

CVE-2023-45231 affecting package edk2 for versions less than 20240223gitedc6681206c1-1. An upgraded version of the package is available that resolves this...

CVE-2023-45232 affecting package edk2 for versions less than 20240223gitedc6681206c1-1

CVE-2023-45232 affecting package edk2 for versions less than 20240223gitedc6681206c1-1. An upgraded version of the package is available that resolves this...

CVE-2024-27099 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1

CVE-2024-27099 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1. An upgraded version of the package is available that resolves this...

CVE-2024-24806 affecting package libuv for versions less than 1.48.0-1

CVE-2024-24806 affecting package libuv for versions less than 1.48.0-1. An upgraded version of the package is available that resolves this...

CVE-2024-0690 affecting package ansible for versions less than 2.17.0-1

CVE-2024-0690 affecting package ansible for versions less than 2.17.0-1. An upgraded version of the package is available that resolves this...

CVE-2024-35176 affecting package rubygem-rexml for versions less than 3.2.8-1

CVE-2024-35176 affecting package rubygem-rexml for versions less than 3.2.8-1. An upgraded version of the package is available that resolves this...

CVE-2024-4317 affecting package postgresql for versions less than 16.3-1

CVE-2024-4317 affecting package postgresql for versions less than 16.3-1. An upgraded version of the package is available that resolves this...

CVE-2023-45233 affecting package edk2 for versions less than 20240223gitedc6681206c1-1

CVE-2023-45233 affecting package edk2 for versions less than 20240223gitedc6681206c1-1. An upgraded version of the package is available that resolves this...

CVE-2024-0985 affecting package postgresql for versions less than 16.3-1

CVE-2024-0985 affecting package postgresql for versions less than 16.3-1. An upgraded version of the package is available that resolves this...

CVE-2023-45229 affecting package edk2 for versions less than 20240223gitedc6681206c1-1

CVE-2023-45229 affecting package edk2 for versions less than 20240223gitedc6681206c1-1. An upgraded version of the package is available that resolves this...

CVE-2024-29195 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1

CVE-2024-29195 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1. An upgraded version of the package is available that resolves this...

CVE-2024-22017 affecting package libuv for versions less than 1.48.0-1

CVE-2024-22017 affecting package libuv for versions less than 1.48.0-1. An upgraded version of the package is available that resolves this...

CVE-2022-4304 affecting package edk2 for versions less than 20240223gitedc6681206c1-1

CVE-2022-4304 affecting package edk2 for versions less than 20240223gitedc6681206c1-1. An upgraded version of the package is available that resolves this...

CVE-2024-21646 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1

CVE-2024-21646 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1. An upgraded version of the package is available that resolves this...

CVE-2023-45235 affecting package edk2 for versions less than 20240223gitedc6681206c1-1

CVE-2023-45235 affecting package edk2 for versions less than 20240223gitedc6681206c1-1. An upgraded version of the package is available that resolves this...

CVE-2023-45230 affecting package edk2 for versions less than 20240223gitedc6681206c1-1

CVE-2023-45230 affecting package edk2 for versions less than 20240223gitedc6681206c1-1. An upgraded version of the package is available that resolves this...

CVE-2023-45236 affecting package edk2 for versions less than 20240223gitedc6681206c1-1

CVE-2023-45236 affecting package edk2 for versions less than 20240223gitedc6681206c1-1. An upgraded version of the package is available that resolves this...

CVE-2023-45237 affecting package edk2 for versions less than 20240223gitedc6681206c1-1

CVE-2023-45237 affecting package edk2 for versions less than 20240223gitedc6681206c1-1. An upgraded version of the package is available that resolves this...

CVE-2024-26455 affecting package fluent-bit for versions less than 3.0.3-1

CVE-2024-26455 affecting package fluent-bit for versions less than 3.0.3-1. An upgraded version of the package is available that resolves this...

CVE-2023-5870 affecting package postgresql for versions less than 16.3-1

CVE-2023-5870 affecting package postgresql for versions less than 16.3-1. An upgraded version of the package is available that resolves this...

excelsos.com.ar Cross Site Scripting vulnerability OBB-3931931

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

lcs-engineering.com Cross Site Scripting vulnerability OBB-3931930

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

institutchopin.com Cross Site Scripting vulnerability OBB-3931926

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...