203 matches found
Internet Bug Bounty: Electron CVE-2022-35954 Delimiter Injection Vulnerability in exportVariable
Describe the summary: The Electron Website provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write...
Upgraded Q -> M from #74 [1668688523897]
Judge has assessed an item in Issue 74 as M risk. The relevant finding follows: Low-7 EXCHANGE & SWAP are able to transfer any user funds to other addresses --- The text was updated successfully, but these errors were encountered: All reactions...
PT-2022-35341 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.15.58 through v5.15.74 Description: A memory leak issue was discovered in the hpd rx irq create workqueue function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...
JVN#76024879: PowerCMS XMLRPC API vulnerable to command injection
PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability CWE-74. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. According to the developer,...
annu.decolletage.74.free.fr Cross Site Scripting vulnerability OBB-2881688
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Ubuntu: Security Advisory (USN-74-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-74-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft Patch Tuesday for May 2022 — Snort rules and prominent vulnerabilities
By Jon Munshaw, with contributions from Jaeson Schultz. Microsoft returned to its normal monthly patching volume in May, disclosing and fixing 74 vulnerabilities as part of the company’s latest security update. This month’s Patch Tuesday includes seven critical vulnerabilities after Microsoft...
Mitsubishi Electric GT25-WLAN
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: Wireless LAN communication unit GT25-WLAN in GOT2000 Series GT25 or GT27 Vulnerabilities: Improper Removal of Sensitive Information Before Storage or Transfer, Inadequate Encryption Strength,...
[SECURITY] [DSA 5117-1] xen security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5117-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 10, 2022 https://www.debian.org/security/faq -...
Schneider Electric Modicon Injection (CVE-2020-7475)
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', reflective DLL, vulnerability exists in EcoStruxure Control Expert all versions prior to 14.1 Hot Fix, Unity Pro all versions, Modicon M340 all versions prior to V3.20, Modicon M580 all...
Honeywell Experion PKS and ACE Controllers
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: Experion Process Knowledge System PKS C200, C200E, C300 and ACE Controllers Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Relative Path Traversal, Improper...
jpr-74.fr Cross Site Scripting vulnerability OBB-1336356
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
UBUNTU-CVE-2020-6503
Inappropriate implementation in accessibility in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...
UBUNTU-CVE-2020-6504
Insufficient policy enforcement in notifications in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass notification restrictions via a crafted HTML page...
74-50-97-2.static.hvvc.us Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1180000 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
CVE-2020-6815
Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affec...
CVE-2020-6809
When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox 74...
CVE-2020-6808
When a JavaScript URL javascript: is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL as reported by the document.location property, for example was the originating javascript: URL which could lead to...
CVE-2020-6825
Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary...