1234 matches found
Snowflake JDBC Security Advisory
Impacted Products Snowflake JDBC driver versions = 3.2.6 & = 3.19.1 are affected. Introduction Snowflake recently identified an issue affecting JDBC drivers that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption...
GHSA-F686-HW9C-XW9C Snowflake JDBC Security Advisory
Impacted Products Snowflake JDBC driver versions = 3.2.6 & = 3.19.1 are affected. Introduction Snowflake recently identified an issue affecting JDBC drivers that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption...
The Snowflake Connector for Python stores sensitive data in logs
Issue Snowflake recently learned about and remediated a set of vulnerabilities in the Snowflake Connector for Python. Under specific conditions, certain users credentials or portions of those credentials were logged locally by the Connector to the users own systems. The credentials were not logge...
HackerOne: Hackerone supports accounts organitation takeover
The HackerOne email change process was found to have a vulnerability where the system automatically verifies the email address if the verification link is opened in any browser, even by email scanning bots without human interaction. This allowed an attacker to verify email addresses belonging to ...
GHSA-H47H-MWP9-C6Q6 Possible ReDoS vulnerability in block_format in Action Mailer
There is a possible ReDoS vulnerability in the blockformat helper in Action Mailer. This vulnerability has been assigned the CVE identifier CVE-2024-47889. Impact ------ Carefully crafted text can cause the blockformat helper to take an unexpected amount of time, possibly resulting in a DoS...
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
There is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-41128. Impact Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibl...
GHSA-RXQ8-Q85F-M866 Prevent XSS from Confidant API call
Impact What kind of vulnerability is it? Who is impacted? Potential XSS from API calls below: GET /v1/credentials GET /v1/credentials/ GET /v1/archive/credentials/ GET /v1/archive/credentials POST /v1/credentials PUT /v1/credentials/ PUT /v1/credentials// GET /v1/services GET /v1/services/ GET...
HackerOne: Takeover of hackerone.engineering via Medium
The report describes a broken link hijacking vulnerability on the hackerone.engineering domain, which belonged to HackerOne. The domain was found to be pointing to a non-existent page on Medium, allowing the reporter to create a page with the same URL and take over the domain...
HackerOne: Bypass comment restriction
Vulnerability description not provided...
GHSA-QM2Q-9F3Q-2VCV Trix has a cross-site Scripting vulnerability on copy & paste
The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for https://github.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99. In https://github.com/basecamp/trix/pull/1149, we added sanitation for...
GHSA-RXFF-VR5R-8CJ5 Path traveral in Streamlit on windows
Impacted Products Streamilt Open Source versions before 1.37.0. 2. Introduction Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. The vulnerability was patched on Jul 25, 2024, as part of Streamlit open source version 1.37.0. The...
HackerOne: Bypassing HackerOne 2FA due to race condition
A race condition vulnerability was discovered in HackerOne's 2FA reset process. The issue allowed an attacker to initiate multiple parallel 2FA reset requests, resulting in multiple reset notification emails. When a user canceled one reset request, the remaining requests would stay active,...
HackerOne: TOTP Authenticator implementation Accepts Expired Codes
Vulnerability description not provided...
HackerOne: Private data related to program exposed via /reports/<id>.json endpoint to external user participant
Vulnerability description not provided...
HackerOne: Hackers can Invite Collaborators Without 2FA on Programs Requiring 2FA
Vulnerability description not provided...
HackerOne: Business Logic error leads to bypass 2FA requirement
Vulnerability description not provided...
HackerOne: Reports submitted by a non 2fa setupped user account can be transferred to a 2fa require submission program
Vulnerability description not provided...
Smule: Possible Subdomain Takeover For Inbound Emails
The affected URL email.smule.com pointed to sendgrid.net via a DNS CNAME record. As a result, a subdomain takeover was possible by registering the subdomain email.smule.com on Sendgrid...
ID4me does not validate signature or expiration
None...
Code injection in Nextcloud Desktop Client for macOS
None...