Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, And Microsoft Office 2016. Security Vulnerabilities
remmed.co.nz Cross Site Scripting vulnerability OBB-3927955
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
remueramedical.co.nz Cross Site Scripting vulnerability OBB-3927954
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
elroihealthcare.com.au Cross Site Scripting vulnerability OBB-3927953
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
Hakuin - A Blazing Fast Blind SQL Injection Optimization And Automation Framework
Hakuin is a Blind SQL Injection (BSQLI) optimization and automation framework written in Python 3. It abstracts away the inference logic and allows users to easily and efficiently extract databases (DB) from vulnerable web applications. To speed up the process, Hakuin utilizes a variety of...
puc.fusioncharts.com Cross Site Scripting vulnerability OBB-3927952
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
ventanaamicomunidad.org Cross Site Scripting vulnerability OBB-3927950
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
ahmedandcoproperties.com Cross Site Scripting vulnerability OBB-3927949
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
directfreight.truckersearch.com Cross Site Scripting vulnerability OBB-3927948
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
fjscerecruitment.com Cross Site Scripting vulnerability OBB-3927947
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
directfreight.com Cross Site Scripting vulnerability OBB-3927946
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
games.iqcenter.am Cross Site Scripting vulnerability OBB-3927945
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
Summary The IBM Security Directory Integrator was vulnerable to multiple security vulnerabilities in the Eclipse Jetty component. This was addressed in version 10 of the IBM Security Directory Integrator. Vulnerability Details ** CVEID: CVE-2017-9735 DESCRIPTION: **Jetty could allow a remote...
9.8CVSS
9AI Score
0.802EPSS
jobs.atwork.com Cross Site Scripting vulnerability OBB-3927943
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target...
5.5CVSS
0.001EPSS
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a...
3.9CVSS
cem-instruments.in Cross Site Scripting vulnerability OBB-3927942
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
monetizationeasy.com Cross Site Scripting vulnerability OBB-3927941
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
(RHSA-2024:2846) Moderate: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: untrusted VMM can trigger int80 syscall handling (CVE-2024-25744) kernel: netfilter: nftables: exthdr: fix 4-byte stack OOB...
0.0004EPSS
(RHSA-2024:2845) Moderate: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: untrusted VMM can trigger int80 syscall handling (CVE-2024-25744) kernel: netfilter: nftables: exthdr: fix 4-byte stack OOB write (CVE-2023-52628) Bug Fix(es): kernel: untrusted...
0.0004EPSS
blueribbonmillwork.ca Cross Site Scripting vulnerability OBB-3927939
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
metrolaw.ca Cross Site Scripting vulnerability OBB-3927938
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
apreco.com Cross Site Scripting vulnerability OBB-3927937
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
Security Advisory Description CVE-2024-21054 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network...
4.9CVSS
0.001EPSS
Security Vulnerabilities fixed in Thunderbird 115.11 — Mozilla
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. If the browser.privatebrowsing.autostart preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by...
K000139594 : libxml2 vulnerability CVE-2022-40304
Security Advisory Description An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. (CVE-2022-40304). Impact This vulnerability allows a...
7.8CVSS
0.001EPSS
Security Advisory Description CVE-2024-21049 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols...
4.9CVSS
0.0004EPSS
K000139616 : MySQL vulnerability CVE-2024-21051
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...
4.9CVSS
0.0004EPSS
Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with git clone --no-local to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but...
8.1CVSS
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1,...
8.1CVSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 This reverts drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap. The basic problem here is that after the move the old location is simply not...
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout There is a race condition between l2cap_chan_timeout() and l2cap_chan_del(). When we use l2cap_chan_del() to delete the channel, the chan->conn will be set to null. But....
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout When the sco connection is established and then, the sco socket is releasing, timeout_work will be scheduled to judge whether the sco disconnection is timeout. The sock....
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to...
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fix Use-After-Free in gtp_dellink Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of gtp_dellink, is not part of the RCU read critical section, it is possible that the RCU grace period will pass....
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix Use-After-Free in ovs_ct_exit Since kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal of ovs_ct_limit_exit, is not part of the RCU read critical section, it is possible that the RCU grace...
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix Use-After-Free in tcp_ao_connect_init Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of tcp_ao_connect_init, is not part of the RCU read critical section, it is possible that the RCU grace...
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: aqc111: check packet for fixup for true limit If a device sends a packet that is inbetween 0 and sizeof(u64) the value passed to skb_trim() as length will wrap around ending up as some very large value. The driver will then...
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: disable sending io_uring over sockets File reference cycles have caused lots of problems for io_uring in the past, and it still doesn't work exactly right and races with unix_stream_read_generic(). The safest fix....
0.0004EPSS
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory......
9CVSS
megafoni.kulma.net Cross Site Scripting vulnerability OBB-3927935
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
app.jobmatchprofile.com Cross Site Scripting vulnerability OBB-3927934
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
ardmoremusichall.com Cross Site Scripting vulnerability OBB-3927933
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
arcona.com Cross Site Scripting vulnerability OBB-3927932
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address
Summary The way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. Details This commit added the proxy protocol listener as the only listener in sshpiper, with no option to toggle this functionality off. This means that any connection...
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address
Summary The way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. Details This commit added the proxy protocol listener as the only listener in sshpiper, with no option to toggle this functionality off. This means that any connection...
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
Summary Nokogiri v1.16.5 upgrades its dependency libxml2 to 2.12.7 from 2.12.6. libxml2 v2.12.7 addresses CVE-2024-34459: described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 patched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53 Impact There is no impact to Nokogiri...
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
Summary Nokogiri v1.16.5 upgrades its dependency libxml2 to 2.12.7 from 2.12.6. libxml2 v2.12.7 addresses CVE-2024-34459: described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 patched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53 Impact There is no impact to Nokogiri...
Grafana folders admin only permission privilege escalation
Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-36062 that affects Grafana instances which are using Grafana role-based access control (RBAC). Release 9.1.6, latest patch, also containing security fix: Download Grafana.....
3.8CVSS
0.001EPSS
Grafana folders admin only permission privilege escalation
Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-36062 that affects Grafana instances which are using Grafana role-based access control (RBAC). Release 9.1.6, latest patch, also containing security fix: Download Grafana.....
3.8CVSS
0.001EPSS
Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-39201 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...
7.5CVSS
0.001EPSS