IKS, EDS Security Vulnerabilities

eds-pizza.de Cross Site Scripting vulnerability OBB-2653693

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2022-29224

Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold” (prevent removal)...

Null pointer dereference

Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold� (prevent removal)...

CVE-2022-29224 Segmentation fault leading to crash in Envoy

Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold” (prevent removal)...

Rockwellautomation Rslinx Unrestricted Upload of File with Dangerous Type

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and....

Advisory ROSA-SA-2021-1831

Software: evolution-data-server 3.28.5 OS: Cobalt 7.9 CVE-ID: CVE-2020-14928 CVE-Crit: MEDIUM CVE-DESC: From evolution-data-server (eds) to 3.36.3 there is an issue with STARTTLS buffering that affects SMTP and POP3. When the server sends a "start TLS" response, eds reads additional data and...

EulerOS 2.0 SP2 : evolution-data-server (EulerOS-SA-2021-1293)

According to the versions of the evolution-data-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends...

Huawei EulerOS: Security Advisory for evolution-data-server (EulerOS-SA-2021-1293)

The remote host is missing an update for the Huawei...

TLS Response Injection

evolution-data-server is vulnerable to TLS response injection. When a server sends a 'begin TLS' response, eds reads additional data and evaluates it in a TLS context, aka "response injection" causing a STARTTLS buffering issue that affects SMTP and...

EulerOS 2.0 SP5 : evolution-data-server (EulerOS-SA-2020-2243)

According to the versions of the evolution-data-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends...

eds-asia.com Cross Site Scripting vulnerability OBB-1383234

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence....

profilacheteur.meuse.fr Cross Site Scripting vulnerability OBB-1332970

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence....

Fake Stories in Real News Sites

Fireeye is reporting that a hacking group called Ghostwriter broke into the content management systems of Eastern European news sites to plant fake stories. From a Wired story: The propagandists have created and disseminated disinformation since at least March 2017, with a focus on undermining...

CVE-2020-16117

In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and...

coupleat.com Cross Site Scripting vulnerability OBB-1235459

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence....

CVE-2020-14928

evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response...

CVE-2020-14928

evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response...