Full path of data directory exposed to users

None...

Secure view can be bypassed by using internal API endpoint

None...

User without download rights can download older version of that file

None...

Chat room membership disclosed via autocompletion when not a member yourself

None...

Insecure randomness for default password in file sharing when password policy app is disabled

None...

Scope of workflow operations is not validated

None...

App pin of the iOS app can be bypassed

None...

Reference fetch can saturate the server bandwidth for 10 seconds

None...

HackerOne: Any one can view collaborater email address via path /reports/<id>/participants

The vulnerability allowed anyone to view the email address of collaborators invited to vulnerability reports through the program's API. Access to collaborator email addresses was not properly restricted...

Internet Bug Bounty: CVE-2023-27537: HSTS double-free

A double-free vulnerability was discovered in libcurl's support for sharing HSTS data between separate handles, which could result in a use-after-free or double-free when two threads share the same HSTS data without proper mutexes or thread locks...

Internet Bug Bounty: CVE-2023-27536: GSS delegation too eager connection re-use

A vulnerability was found in libcurl versions 7.22.0 to 7.88.1 that allowed for the reuse of a previously created connection even when the GSS delegation option had been changed, potentially changing the user's permissions in a second transfer. This could affect krb5/kerberos/negotiate/GSSAPI...

Internet Bug Bounty: CVE-2023-27534: SFTP path ~ resolving discrepancy

A vulnerability was discovered in curl's SFTP implementation that allowed the tilde character to be used as a prefix in the first element of a path, resulting in the wrong path being accessed. This could be exploited to circumvent filtering or other security measures. The vulnerability was presen...

Fastly VDP: CVE-2018-6389 exploitation - using scripts loader

Vulnerability description not provided...

HackerOne: SQL Injection in CVE Discovery Search

Unsanitized user-controlled inputs in the CVE Discovery Search allowed for SQL injection, which could lead to the disclosure of data in the Analytics Database, including report, team, and asset data...

Internet Bug Bounty: Use of Cryptographically Weak Pseudo-Random Number Generator in WebCrypto keygen

A weak randomness vulnerability existed in WebCrypto keygen in Node.js 18, due to a change in EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. The vulnerability allowed for the possibility of non-cryptographically strong random data being used as keying material...

No password length restriction in reset password endpoint

None...

Download permissions can be changed by resharer

None...

Potential directory traversal in OC\Files\Node\Folder::getFullPath

None...

GHSA-5R9G-QH6M-JXFF CRLF Injection in Nodejs ‘undici’ via host

Impact undici library does not protect host HTTP header from CRLF injection vulnerabilities. Patches This issue was patched in Undici v5.19.1. Workarounds Sanitize the headers.host string before passing to undici. References Reported at https://hackerone.com/reports/1820955. Credits Thank you to...

CRLF Injection in Nodejs ‘undici’ via host

Impact undici library does not protect host HTTP header from CRLF injection vulnerabilities. Patches This issue was patched in Undici v5.19.1. Workarounds Sanitize the headers.host string before passing to undici. References Reported at https://hackerone.com/reports/1820955. Credits Thank you to...