eds-pizza.de Cross Site Scripting vulnerability OBB-2653693
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.1AI Score
Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold” (prevent removal)...
5.9CVSS
5.9AI Score
0.001EPSS
Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold� (prevent removal)...
5.9CVSS
6AI Score
0.001EPSS
CVE-2022-29224 Segmentation fault leading to crash in Envoy
Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold” (prevent removal)...
5.9CVSS
7.5AI Score
0.001EPSS
Rockwellautomation Rslinx Unrestricted Upload of File with Dangerous Type
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and....
2.8AI Score
0.006EPSS
Software: evolution-data-server 3.28.5 OS: Cobalt 7.9 CVE-ID: CVE-2020-14928 CVE-Crit: MEDIUM CVE-DESC: From evolution-data-server (eds) to 3.36.3 there is an issue with STARTTLS buffering that affects SMTP and POP3. When the server sends a "start TLS" response, eds reads additional data and...
5.9CVSS
6.8AI Score
0.004EPSS
Huawei EulerOS: Security Advisory for evolution-data-server (EulerOS-SA-2021-1293)
The remote host is missing an update for the Huawei...
5.9CVSS
6.2AI Score
0.004EPSS
EulerOS 2.0 SP2 : evolution-data-server (EulerOS-SA-2021-1293)
According to the versions of the evolution-data-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends...
5.9CVSS
6.6AI Score
0.004EPSS
evolution-data-server is vulnerable to TLS response injection. When a server sends a 'begin TLS' response, eds reads additional data and evaluates it in a TLS context, aka "response injection" causing a STARTTLS buffering issue that affects SMTP and...
5.9CVSS
1.9AI Score
0.004EPSS
EulerOS 2.0 SP5 : evolution-data-server (EulerOS-SA-2020-2243)
According to the versions of the evolution-data-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends...
5.9CVSS
6AI Score
0.004EPSS
eds-asia.com Cross Site Scripting vulnerability OBB-1383234
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence....
-0.1AI Score
profilacheteur.meuse.fr Cross Site Scripting vulnerability OBB-1332970
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence....
6.3AI Score
Fake Stories in Real News Sites
Fireeye is reporting that a hacking group called Ghostwriter broke into the content management systems of Eastern European news sites to plant fake stories. From a Wired story: The propagandists have created and disseminated disinformation since at least March 2017, with a focus on undermining...
1.2AI Score
In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and...
5.9CVSS
6.6AI Score
0.003EPSS
coupleat.com Cross Site Scripting vulnerability OBB-1235459
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence....
-0.1AI Score
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response...
5.9CVSS
5.4AI Score
0.004EPSS