2758 matches found
Path traversal
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact...
palmvale.com.au Improper Access Control vulnerability OBB-3782737
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
raysa.com.ar Improper Access Control vulnerability OBB-3781321
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Security update for jhead (moderate)
openSUSE Security Update: Security update for jhead Announcement ID: openSUSE-SU-2023:0371-1 Rating: moderate References: 1207150 Cross-References: CVE-2022-41751 CVSS scores: CVE-2022-41751 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP5 An...
CVE-2023-47630 Attacker can cause Kyverno user to unintentionally consume insecure image
Kyverno is a policy engine designed for Kubernetes. An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker to compromise the registry that the Kyverno users fetch their images from. The attacker could then...
thomasmuenz.de Improper Access Control vulnerability OBB-3780308
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
PT-2023-7370 · Adobe · After Effects
Name of the Vulnerable Software and Affected Versions: Adobe After Effects versions 24.0.2 and earlier Adobe After Effects versions 23.6 and earlier Description: The issue is related to an out-of-bounds read vulnerability in Adobe After Effects when parsing a crafted file. This could result in a...
PT-2023-6942
Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the November 2023 patch Description A security-feature bypass vulnerability in Microsoft Windows SmartScreen allows attackers to bypass security measures, potentially leading to the execution of malicious...
fernandobuscaglia.com.ar Improper Access Control vulnerability OBB-3779750
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CLSA-2023-1699908139 exim: Fix of CVE-2022-3559
CVE-2022-3559: Fix $regex use-after-free...
darrylmappin.com Cross Site Scripting vulnerability OBB-3774447
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
MGASA-2023-0310 Updated libsndfile packages fix a security vulnerability
Add upstream patch to fix CVE-2022-33065...
saarmetalgroup.de Improper Access Control vulnerability OBB-3772673
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
SUSE-SU-2023:4363-1 Security update for poppler
This update for poppler fixes the following issues: - CVE-2022-37052: Fixed a crash that could be triggered when opening a crafted file bsc1214726. - CVE-2023-34872: Fixed a remote denial-of-service in Outline.cc bsc1213888...
froh-werbung.de Improper Access Control vulnerability OBB-3770441
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
UBUNTU-CVE-2023-46239
quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node...
hireandsupplies.com Improper Access Control vulnerability OBB-3769650
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-46138 JumpServer default admin user email leak password reset
JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...
CVE-2023-46129 xkeys Seal encryption used fixed key for all encryption
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...
Unrestricted file upload
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.2 is vulnerable to unrestricted file upload, where the insertDocument API call does not validate the given file extension before saving the file, and does not remove it in case of validation failures...