25943 matches found
CVE-2022-2414
Access to external entities when parsing XML documents can lead to XML external entity XXE attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests...
CVE-2016-3709
Possible cross-site scripting vulnerability in libxml after commit 960f0e2...
westerncape.gov.za Cross Site Scripting vulnerability OBB-2818124
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| westerncape.gov.za ---|--- Open Bug...
CVE-2022-32742
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file or printer instead of client-supplied data. The client cannot control the area of the...
java-17-openjdk security, bug fix, and enhancement update
1:17.0.4.0.8-0.2.ea - Add rpminspect.yaml to turn off Java bytecode inspections - java-17-openjdk deliberately produces Java 17 bytecode, not the default Java 11 bytecode - Resolves: rhbz2109106 1:17.0.4.0.8-0.2.ea - Revert the following changes until copy-java-configs has adapted to relative...
CVE-2022-1655
An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and...
CVE-2022-34503
QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted PDF file...
All Vulnerabilities for cgb.edu.co Patched via Open Bug Bounty
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| cgb.edu.co ---|--- Open Bug Bounty...
gis.south-ayrshire.gov.uk Cross Site Scripting vulnerability OBB-2759371
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| gis.south-ayrshire.gov.uk ---|--- Open...
All Vulnerabilities for pregase.santacruz.gov.ar Patched via Open Bug Bounty
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| pregase.santacruz.gov.ar ---|--- Open B...
finep.gov.br Cross Site Scripting vulnerability OBB-2759249
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| finep.gov.br ---|--- Open Bug Bounty...
SUSE SLED15 / SLES15 Security Update : fwupd (SUSE-SU-2022:2322-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2322-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
al-ns1.ap.gov.br Cross Site Scripting vulnerability OBB-2740091
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| al-ns1.ap.gov.br ---|--- Open Bug Bount...
All Vulnerabilities for yzdpss2x.onelink.me Patched via Open Bug Bounty
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| yzdpss2x.onelink.me ---|--- Open Bug...
uczelnie.edu.pl Open Redirect vulnerability OBB-2733948
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| uczelnie.edu.pl ---|--- Open Bug Bounty...
CVE-2022-1882
A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe postonenotification after freepipeinfo that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system...
All Vulnerabilities for issm.rj.gov.br Patched via Open Bug Bounty
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| issm.rj.gov.br ---|--- Open Bug Bounty...
All Vulnerabilities for site.ajes.edu.br Patched via Open Bug Bounty
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| site.ajes.edu.br ---|--- Open Bug Bount...
CVE-2022-1116
Integer Overflow or Wraparound vulnerability in iouring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions...
GHSA-2Q4H-27M7-RJ67 python-bugzilla has improper validation of X.509 certificates
python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate...