dncc.portal.gov.bd Improper Access Control vulnerability OBB-3933820
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
rabbiscer.org Cross Site Scripting vulnerability OBB-3933817
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
qurananalysis.com Cross Site Scripting vulnerability OBB-3933816
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
quarryville.com Cross Site Scripting vulnerability OBB-3933815
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
pubs.ub.ro Cross Site Scripting vulnerability OBB-3933813
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
publikationen.ub.uni-frankfurt.de Cross Site Scripting vulnerability OBB-3933812
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
tr.ugamezone.com Cross Site Scripting vulnerability OBB-3933811
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
nl.ugamezone.com Cross Site Scripting vulnerability OBB-3933809
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
pl.ugamezone.com Cross Site Scripting vulnerability OBB-3933810
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
ar.ugamezone.com Cross Site Scripting vulnerability OBB-3933808
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
pt.ugamezone.com Cross Site Scripting vulnerability OBB-3933805
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
es.ugamezone.com Cross Site Scripting vulnerability OBB-3933807
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
de.ugamezone.com Cross Site Scripting vulnerability OBB-3933806
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
psvonline.org Cross Site Scripting vulnerability OBB-3933804
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
protestia.com Cross Site Scripting vulnerability OBB-3933802
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
project-contingency.com Cross Site Scripting vulnerability OBB-3933801
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
programming-techniques.com Cross Site Scripting vulnerability OBB-3933800
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
portal.gabbydade.com Cross Site Scripting vulnerability OBB-3933794
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
porkjerky.com Cross Site Scripting vulnerability OBB-3933793
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
pop-melissa.bookofthemonth.com Cross Site Scripting vulnerability OBB-3933792
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
pontedaboga.es Cross Site Scripting vulnerability OBB-3933791
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
platanitos.com Cross Site Scripting vulnerability OBB-3933785
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
phongkhambinhminh.com.vn Cross Site Scripting vulnerability OBB-3933782
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....
6.4CVSS
The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....
6.4CVSS
phutungmitsubishi.vn Cross Site Scripting vulnerability OBB-3933780
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
pietix.com Cross Site Scripting vulnerability OBB-3933781
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....
6.4CVSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : glib2 (SUSE-SU-2024:1950-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1950-1 advisory. Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in...
SUSE SLES12 Security Update : python-requests (SUSE-SU-2024:1946-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1946-1 advisory. - CVE-2024-35195: Fixed cert verification regardless of changes to the value of verify (bsc#1224788). Tenable has extracted the preceding...
5.6CVSS
SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2024:1949-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1949-1 advisory. - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). Tenable has extracted the preceding description block...
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 91929399-249e-11ef-9296-b42e991fc52e advisory. [email protected] reports: Kanboard is project management software that focuses on the...
8.2CVSS
Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in...
SUSE SLES12 Security Update : go1.21 (SUSE-SU-2024:1936-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1936-1 advisory. go1.21.11 release (bsc#1212475). - CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip...
Fedora 40 : nginx (2024-06e6dcbb42)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-06e6dcbb42 advisory. *) Security: when using HTTP/3, processing of a specially crafted QUIC session might cause a worker process crash, worker process...
6.5CVSS
SUSE SLES15 Security Update : python-docker (SUSE-SU-2024:1937-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1937-1 advisory. - CVE-2024-35195: Fixed missing certificate verification (bsc#1224788). Tenable has extracted the preceding description block directly from.....
5.6CVSS
fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pam_fprintd.so" for...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gstreamer-plugins-base (SUSE-SU-2024:1945-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1945-1 advisory. - CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata ...
7.8CVSS
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...
7.5CVSS
8AI Score
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...
7.5CVSS
Check Point Security Gateway Information Disclosure Vulnerability (CVE-2024-24919)
Check Point Security Gateway is a secure web gateway that is an on-premises or cloud-delivered network security service. Check Point enforces network security policies, including firewall, VPN, and intrusion prevention capabilities. Check Point published a zero-day advisory on May 28, 2024,...
8.6CVSS
linux-gke, linux-ibm, linux-intel-iotg, linux-oracle vulnerabilities
It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros...
8CVSS
It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros...
8CVSS
zfr authentication adapter did not verify validity of tokens
Previous to @2ca5bb1c2f11537be8f94ca6867d8d69789e744a (release 0.1.2), tokens weren't checked for validity/expiration. This potentially caused a security issue if expired tokens were not deleted after the expiration time was past, allowing anyone to still use invalidated authentication...
zfr authentication adapter did not verify validity of tokens
Previous to @2ca5bb1c2f11537be8f94ca6867d8d69789e744a (release 0.1.2), tokens weren't checked for validity/expiration. This potentially caused a security issue if expired tokens were not deleted after the expiration time was past, allowing anyone to still use invalidated authentication...
ZendOpenID potential security issue in login mechanism
Using the Consumer component of ZendOpenId (or Zend_OpenId in ZF1), it is possible to login using an arbitrary OpenID account (without knowing any secret information) by using a malicious OpenID Provider. That means OpenID it is possible to login using arbitrary OpenID Identity (MyOpenID, Google,.....
ZendOpenID potential security issue in login mechanism
Using the Consumer component of ZendOpenId (or Zend_OpenId in ZF1), it is possible to login using an arbitrary OpenID account (without knowing any secret information) by using a malicious OpenID Provider. That means OpenID it is possible to login using arbitrary OpenID Identity (MyOpenID, Google,.....
Zendframework1 Potential SQL injection in ORDER and GROUP functions
The implementation of ORDER BY and GROUP BY in Zend_Db_Select remained prone to SQL injection when a combination of SQL expressions and comments were used. This security patch provides a comprehensive solution that identifies and removes comments prior to checking validity of the statement to...
Zendframework1 Potential SQL injection in ORDER and GROUP functions
The implementation of ORDER BY and GROUP BY in Zend_Db_Select remained prone to SQL injection when a combination of SQL expressions and comments were used. This security patch provides a comprehensive solution that identifies and removes comments prior to checking validity of the statement to...
Zendframework Potential Information Disclosure and Insufficient Entropy vulnerability
In Zend Framework, Zend_Captcha_Word (v1) and Zend\Captcha\Word (v2) generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal array_rand() function. This function does not...