Lucene search
K

1234 matches found

Github Security Blog
Github Security Blog
added 2024/10/30 2:37 p.m.25 views

Snowflake JDBC Security Advisory

Impacted Products Snowflake JDBC driver versions = 3.2.6 & = 3.19.1 are affected. Introduction Snowflake recently identified an issue affecting JDBC drivers that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption...

5.9CVSS6.8AI score0.00173EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/10/30 2:37 p.m.29 views

GHSA-F686-HW9C-XW9C Snowflake JDBC Security Advisory

Impacted Products Snowflake JDBC driver versions = 3.2.6 & = 3.19.1 are affected. Introduction Snowflake recently identified an issue affecting JDBC drivers that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption...

7.4CVSS6.5AI score0.00173EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/10/24 10:42 p.m.41 views

The Snowflake Connector for Python stores sensitive data in logs

Issue Snowflake recently learned about and remediated a set of vulnerabilities in the Snowflake Connector for Python. Under specific conditions, certain users credentials or portions of those credentials were logged locally by the Connector to the users own systems. The credentials were not logge...

5.5CVSS7AI score0.00203EPSS
Exploits0References5Affected Software1
Hacker One
Hacker One
added 2024/10/23 4:48 a.m.30 views

HackerOne: Hackerone supports accounts organitation takeover

The HackerOne email change process was found to have a vulnerability where the system automatically verifies the email address if the verification link is opened in any browser, even by email scanning bots without human interaction. This allowed an attacker to verify email addresses belonging to ...

6.9AI score
Exploits0
OSV
OSV
added 2024/10/15 11:35 p.m.15 views

GHSA-H47H-MWP9-C6Q6 Possible ReDoS vulnerability in block_format in Action Mailer

There is a possible ReDoS vulnerability in the blockformat helper in Action Mailer. This vulnerability has been assigned the CVE identifier CVE-2024-47889. Impact ------ Carefully crafted text can cause the blockformat helper to take an unexpected amount of time, possibly resulting in a DoS...

8.7CVSS5.3AI score0.00944EPSS
Exploits0References3
RubySec
RubySec
added 2024/10/15 12:0 a.m.20 views

Possible ReDoS vulnerability in query parameter filtering in Action Dispatch

There is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-41128. Impact Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibl...

8.7CVSS6.9AI score0.01103EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/09/20 3:45 p.m.14 views

GHSA-RXQ8-Q85F-M866 Prevent XSS from Confidant API call

Impact What kind of vulnerability is it? Who is impacted? Potential XSS from API calls below: GET /v1/credentials GET /v1/credentials/ GET /v1/archive/credentials/ GET /v1/archive/credentials POST /v1/credentials PUT /v1/credentials/ PUT /v1/credentials// GET /v1/services GET /v1/services/ GET...

5.1CVSS4.9AI score0.00347EPSS
Exploits0References7
Hacker One
Hacker One
added 2024/09/10 1:25 a.m.5 views

HackerOne: Takeover of hackerone.engineering via Medium

The report describes a broken link hijacking vulnerability on the hackerone.engineering domain, which belonged to HackerOne. The domain was found to be pointing to a non-existent page on Medium, allowing the reporter to create a page with the same URL and take over the domain...

7AI score
Exploits0
Hacker One
Hacker One
added 2024/08/22 10:24 p.m.4 views

HackerOne: Bypass comment restriction

Vulnerability description not provided...

7.1AI score
Exploits0
OSV
OSV
added 2024/08/14 6:11 p.m.24 views

GHSA-QM2Q-9F3Q-2VCV Trix has a cross-site Scripting vulnerability on copy & paste

The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for https://github.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99. In https://github.com/basecamp/trix/pull/1149, we added sanitation for...

6.5CVSS6AI score0.00487EPSS
Exploits0References9
OSV
OSV
added 2024/08/12 6:35 p.m.15 views

GHSA-RXFF-VR5R-8CJ5 Path traveral in Streamlit on windows

Impacted Products Streamilt Open Source versions before 1.37.0. 2. Introduction Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. The vulnerability was patched on Jul 25, 2024, as part of Streamlit open source version 1.37.0. The...

6CVSS6.1AI score0.00568EPSS
Exploits0References5
Hacker One
Hacker One
added 2024/07/12 9:25 a.m.39 views

HackerOne: Bypassing HackerOne 2FA due to race condition

A race condition vulnerability was discovered in HackerOne's 2FA reset process. The issue allowed an attacker to initiate multiple parallel 2FA reset requests, resulting in multiple reset notification emails. When a user canceled one reset request, the remaining requests would stay active,...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2024/07/07 7:1 p.m.55 views

HackerOne: TOTP Authenticator implementation Accepts Expired Codes

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2024/06/28 12:22 p.m.21 views

HackerOne: Private data related to program exposed via /reports/<id>.json endpoint to external user participant

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2024/06/26 2:41 a.m.51 views

HackerOne: Hackers can Invite Collaborators Without 2FA on Programs Requiring 2FA

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2024/06/24 12:11 p.m.102 views

HackerOne: Business Logic error leads to bypass 2FA requirement

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2024/06/22 4:36 a.m.44 views

HackerOne: Reports submitted by a non 2fa setupped user account can be transferred to a 2fa require submission program

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2024/06/20 4:58 p.m.124 views

Smule: Possible Subdomain Takeover For Inbound Emails

The affected URL email.smule.com pointed to sendgrid.net via a DNS CNAME record. As a result, a subdomain takeover was possible by registering the subdomain email.smule.com on Sendgrid...

7AI score
Exploits0
Nextcloud
Nextcloud
added 2024/06/14 2:35 p.m.21 views

ID4me does not validate signature or expiration

None...

5.4CVSS5.6AI score0.0024EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
added 2024/06/14 2:34 p.m.34 views

Code injection in Nextcloud Desktop Client for macOS

None...

7.8CVSS7.5AI score0.0032EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder