originaldiving.com Cross Site Scripting vulnerability OBB-2832676

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Medium: kernel-livepatch-4.14.276-211.499

Issue Overview: No CVE associated with this advisory Affected Packages: kernel-livepatch-4.14.276-211.499 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-4.14.276-211.499 or yum update --advisory ALAS2LIVEPATCH-2022-091 to update your system. New...

siljansmasar.com Cross Site Scripting vulnerability OBB-2830624

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

clergyabusednetwork.org.au Cross Site Scripting vulnerability OBB-2829931

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

livestockauctions.co.za Cross Site Scripting vulnerability OBB-2828935

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

bsnx.net Cross Site Scripting vulnerability OBB-2826020

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Resolving Availability vs. Security, a Constant Conflict in IT

Conflicting business requirements is a common problem – and you find it in every corner of an organization, including in information technology. Resolving these conflicts is a must, but it isn't always easy – though sometimes there is a novel solution that helps. In IT management there is a...

williment.co.nz Cross Site Scripting vulnerability OBB-2825986

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Securing Azure middleware agents with new auto-patching capabilities

Wiz finds Azure customers remain unpatched from cloud middleware vulnerability and collaborates with Microsoft to introduce an auto-patching solution against cloud middleware security issues and make the cloud safer...

PT-2022-22648 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP versions 14.1.x through 14.1.5 BIG-IP versions 15.1.x through 15.1.6.1 BIG-IP versions 16.1.x through 16.1.2.2 Description: When the Message Routing MR Message Queuing Telemetry Transport MQTT profile is configured on a virtual server,...

librarycatalog.folsom.ca.us Cross Site Scripting vulnerability OBB-2825138

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-31197

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the java.sql.ResultRow.refreshRow method is not performing escaping of column names so a malicious column name that contain...

klingnauerstausee.ch Cross Site Scripting vulnerability OBB-2825042

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

gannlaw.com Cross Site Scripting vulnerability OBB-2824859

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-31197

PgJDBC (PostgreSQL JDBC Driver) is affected by CVE-2022-31197 due to the java.sql.ResultRow.refreshRow() not escaping column names, enabling SQL injection when a column name contains a terminator like ;. Attack requires tricking a user into running SQL against a table with malicious column names ...

Code injection

Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able ...

CVE-2022-31178 Improper Authorization in eLabFTW

eLabFTW is an electronic lab notebook manager for research teams. A vulnerability was discovered which allows a logged in user to read a template without being authorized to do so. This vulnerability has been patched in 4.3.4. Users are advised to upgrade. There are no known workarounds for this...

CVE-2022-31154 Indirect Object Access in Sourcegraph Code Monitoring

Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able ...

salonvaso.com Cross Site Scripting vulnerability OBB-2823157

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

kelmesaukuras.lt Cross Site Scripting vulnerability OBB-2821510

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...