CVE-2024-23734

Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP keys for arbitrary users via crafted link...

CVE-2024-23734

Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP keys for arbitrary users via crafted link...

PT-2024-20044 · S/Notify · S/Notify

Name of the Vulnerable Software and Affected Versions: S/Notify versions prior to 4.0.0 for Confluence Description: A Cross Site Scripting XSS issue exists in the S/MIME certificate upload functionality of the User Profile pages, allowing attackers to manipulate user data via specially crafted...

CVE-2024-23734

Savignano S/Notify for Bitbucket versions prior to 2.0.1 is affected by a Cross Site Request Forgery in the User Profile upload function. The flaw allows an attacker to replace a user’s S/MIME certificate or PGP key via a crafted link, enabling account-wide impact on affected users.Root cause: CS...

savignano S/Notify 安全漏洞

savignano S/Notify is savignano's most versatile email encryption solution for Jira, Confluence and Bitbucket. A security vulnerability exists in savignano S/Notify versions prior to 4.0.0 that stems from the presence of a cross-site scripting XSS vulnerability that allows an attacker to manipula...

CVE-2024-23735

Cross Site Scripting XSS vulnerability in in the S/MIME certificate upload functionality of the User Profile pages in savignano S/Notify before 4.0.0 for Confluence allows attackers to manipulate user data via specially crafted certificate...

CVE-2024-23735

Cross Site Scripting XSS vulnerability in in the S/MIME certificate upload functionality of the User Profile pages in savignano S/Notify before 4.0.0 for Confluence allows attackers to manipulate user data via specially crafted certificate...

CVE-2024-23734

Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP keys for arbitrary users via crafted link...

CVE-2024-23734

Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP keys for arbitrary users via crafted link...

CVE-2024-23735

CVE-2024-23735 describes a Cross Site Scripting (XSS) vulnerability in the S/MIME certificate upload feature on the Savignano S/Notify User Profile pages for Confluence. Affected: Savignano S/Notify versions prior to 4.0.0 (Confluence integration). Nature: XSS via specially crafted certificates i...

PT-2024-20043 · Savignano · S/Notify

Name of the Vulnerable Software and Affected Versions: savignano S/Notify versions prior to 2.0.1 for Bitbucket Description: The issue allows attackers to replace S/MIME certificate or PGP keys for arbitrary users via a crafted link, exploiting a Cross Site Request Forgery vulnerability in the...

CVE-2024-30565

An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php...

SeaCMS 安全漏洞

SeaCMS is a free, open source web content management system written in PHP. The system is primarily designed to manage video-on-demand resources. A security vulnerability exists in SeaCMS version 12.9, which stems from allowing remote attackers to execute arbitrary code via admin notify.php...

PT-2024-23493 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS version 12.9 Description: An issue was discovered that allows remote attackers to execute arbitrary code via the admin notify.php endpoint. Recommendations: For SeaCMS version 12.9, consider disabling access to the admin notify.php...

XZ utils: Backdoor in release tarballs

Background XZ Utils is free general-purpose data compression software with a high compression ratio. Description A backdoor has been discovered in XZ utils. Please review the CVE identifier referenced below for details. Impact Our current understanding of the backdoor is that is does not affect...

DEBIAN-CVE-2023-52625

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Refactor DMCUB enter/exit idle interface Why We can hang in place trying to send commands when the DMCUB isn't powered on. How We need to exit out of the idle state prior to sending a command, but the process tha...

UBUNTU-CVE-2023-52625

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Refactor DMCUB enter/exit idle interface Why We can hang in place trying to send commands when the DMCUB isn't powered on. How We need to exit out of the idle state prior to sending a command, but the process tha...

melings.no Cross Site Scripting vulnerability OBB-3883666

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

SUSE CVE-2021-47122

In the Linux kernel, the following vulnerability has been resolved: net: caif: fix memory leak in caifdevicenotify In case of caifenrolldev fail, allocated linksupport won't be assigned to the corresponding structure. So simply free allocated pointer in case of error...

tls: fix race between async notify and socket close

...