2758 matches found
PT-2021-5685 · Adobe · Premiere Rush
Name of the Vulnerable Software and Affected Versions: Adobe Premiere Rush versions 1.5.16 and earlier Description: The issue is related to the parsing of MP4 files and results from the lack of proper initialization of memory prior to accessing it. This allows remote attackers to disclose arbitra...
All Vulnerabilities for lms.aub.edu.lb Patched via Open Bug Bounty
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| lms.aub.edu.lb ---|--- Open Bug Bounty...
RCE vulnerability affecting v1beta3 templates in @backstage/plugin-scaffolder-backend
The templating library used by the scaffolder backend assumes that templates are trusted which is an undesired property of the scaffolder-backend. This has now been mitigated by sandboxing the template code execution. Impact A malicious actor with write access to a registered scaffolder template...
GHSA-F34M-X9PJ-62VQ Cross-Site Scripting Vulnerability in @joeattardi/emoji-button
Impact There are two vectors for XSS attacks with versions of @joeattardi/emoji-button before 4.6.2: - A URL for a custom emoji - An i18n string In both of these cases, a value can be crafted such that it can insert a script tag into the page and execute malicious code. Patches This vulnerability...
CVE-2021-43786 API token verification can be bypassed
Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as possible...
PT-2021-7057 · Anker · Anker Eufy Homebase 2
Name of the Vulnerable Software and Affected Versions: Anker Eufy Homebase 2 version 2.1.6.9h Description: An authentication bypass issue exists in the get aes key info by packetid function of the home security binary. This is due to a limited number of possible random values. An attacker can...
Windows Installer vulnerability becomes actively exploited zero-day
Sometimes the ways in which malicious code gets in the hands of cybercriminals is frustrating for those in the industry, and incomprehensible to those on the outside. A quick summary of the events in the history of this exploit: A researcher found a flaw in Windows Installer that would allow an...
All Vulnerabilities for qpl.dot.ga.gov Patched via Open Bug Bounty
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| qpl.dot.ga.gov ---|--- Open Bug Bounty...
All Vulnerabilities for partnerweb16dev.usda.gov Patched via Open Bug Bounty
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
PT-2021-5121
Name of the Vulnerable Software and Affected Versions Microsoft Windows Server versions prior to the patchday that contains the fix for the vulnerability Description The issue is related to an elevation-of-privilege vulnerability in Microsoft Active Directory Domain Services. This vulnerability i...
thewilsonfoundation.org.uk Improper Access Control vulnerability OBB-2227898
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
OPENSUSE-SU-2021:1439-1 Security update for transfig
This update for transfig fixes the following issues: Update to fig2dev version 3.2.8 Patchlevel 8b Aug 2021 - bsc1190618, CVE-2020-21529: stack buffer overflow in the bezierspline function in genepic.c. - bsc1190615, CVE-2020-21530: segmentation fault in the readobjects function in read.c. -...
mytraffictickets.com Improper Access Control vulnerability OBB-2220396
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CLSA-2021-1635459139 Fix CVE(s): CVE-2018-6323, CVE-2017-8421, CVE-2017-15024, CVE-2017-15025, CVE-2017-15022, CVE-2017-15020, CVE-2017-15021, CVE-2017-15225, CVE-2018-18483, CVE-2017-15996, CVE-2018-18484, CVE-2017-12799, CVE-2017-16831, CVE-2017-16832, CVE-2018-1000876, CVE-2018-7208, CVE-2019-14250, CVE-2017-12967, CVE-2019-9075, CVE-2017-17080, CVE-2019-9074, CVE-2018-17794, CVE-2017-17125, CVE-2017-17124, CVE-2017-17121, CVE-2017-6969, CVE-2017-17123, CVE-2018-17358, CVE-2017-6965, CVE-2017-6966, CVE-2018-12641, CVE-2018-8945, CVE-2017-7299, CVE-2018-12699, CVE-2018-10372, CVE-2018-10373, CVE-2019-17451, CVE-2019-17450, CVE-2018-18701, CVE-2018-18700, CVE-2017-7210, CVE-2018-20623, CVE-2017-15938, CVE-2017-15939, CVE-2017-9039, CVE-2017-9038, CVE-2017-14940, CVE-2018-17985, CVE-2018-12700, CVE-2017-9742, CVE-2017-9745, CVE-2017-9744, CVE-2017-9747, CVE-2017-7209, CVE-2017-9749, CVE-2017-9748, CVE-2018-9138, CVE-2017-16828, CVE-2017-16827, CVE-2017-16826, CVE-2017-7614, CVE-2018-6759, CVE-2016-4491, CVE-2017-9044, CVE-2017-9746, CVE-2017-9042, CVE-2017-9040, CVE-2017-9041, CVE-2017-9752, CVE-2017-9753, CVE-2017-9750, CVE-2017-9751, CVE-2017-9756, CVE-2016-4493, CVE-2017-9754, CVE-2017-9755, CVE-2016-4492, CVE-2018-19932, CVE-2017-12458, CVE-2017-12459, CVE-2018-18606, CVE-2018-18607, CVE-2018-18605, CVE-2017-12452, CVE-2017-12453, CVE-2017-12450, CVE-2017-12451, CVE-2017-12456, CVE-2016-4490, CVE-2017-12454, CVE-2017-12455, CVE-2019-14444, CVE-2016-2226, CVE-2017-7224, CVE-2017-7225, CVE-2017-7226, CVE-2017-7227, CVE-2018-18309, CVE-2017-7223, CVE-2017-12449, CVE-2017-12448, CVE-2016-4488, CVE-2016-4489, CVE-2018-17359, CVE-2016-4487, CVE-2018-20671, CVE-2018-20002, CVE-2017-14128, CVE-2017-14129, CVE-2018-7568, CVE-2018-7569, CVE-2017-7302, CVE-2017-7301, CVE-2017-7300, CVE-2018-12934, CVE-2017-8394, CVE-2018-7643, CVE-2018-7642, CVE-2018-17360, CVE-2019-12972, CVE-2018-13033, CVE-2018-19931, CVE-2018-10534, CVE-2018-10535, CVE-2019-9077, CVE-2019-9071, CVE-2019-9070, CVE-2019-9073, CVE-2017-14333, CVE-2018-12698, CVE-2017-14130, CVE-2018-12697, CVE-2018-6543, CVE-2017-9954, CVE-2017-12457, CVE-2017-14939, CVE-2017-14938, CVE-2017-14932, CVE-2017-14930, CVE-2017-8398, CVE-2017-8393, CVE-2017-8395, CVE-2017-14529, CVE-2017-8397, CVE-2017-8396, CVE-2017-13710, CVE-2016-6131
SECURITY UPDATE: - CVE-.patch: backported many upstream patches to fix security issues. - CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131, CVE-2016-4491, CVE-2017-6965, CVE-2017-6966, CVE-2017-6969, CVE-2017-7209, CVE-2017-721...
redistributioncenter.org Improper Access Control vulnerability OBB-2209240
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
All Vulnerabilities for carscoops.com Patched via Open Bug Bounty
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| carscoops.com ---|--- Open Bug Bounty...
tabletcim.com Improper Access Control vulnerability OBB-2202172
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
onlineunlocks.com Improper Access Control vulnerability OBB-2198702
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CLSA-2021-1634922397 Fixed CVE-2020-8284 in curl
trusting FTP PASV responses CVE-2020-8284...
PT-2021-7628 · Ncurses +8 · Ncurses +8
Name of the Vulnerable Software and Affected Versions: ncurses versions 6.3 through 6.3 before patch 20220416 Description: The issue is related to an out-of-bounds read and segmentation violation in the convert strings function in tinfo/read entry.c within the terminfo library. This can allow an...