1002 matches found
SUSE CVE-2019-19317
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact...
SUSE CVE-2019-19646
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integritycheck PRAGMA command in certain cases of generated columns...
SUSE CVE-2020-9327
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations...
SUSE CVE-2020-14150
GNU Bison before 3.5.4 allows attackers to cause a denial of service application crash. NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash...
SUSE CVE-2022-3287
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...
soybase.org Cross Site Scripting vulnerability OBB-3177433
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
GSD-2023-1000435 ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
ARM: 9256/1: NWFPE: avoid compiler-generated aeabiuldivmod This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.18 by commit...
Information disclosure
A randomly generated Initialization Vector IV may lead to a collision of IVs with the same key potentially resulting in information disclosure...
Duplicate Advisory: GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xg2h-wx96-xgxr. This link is maintained to preserve external references. Original Description Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and...
CVE-2021-4238
Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by...
turismo.jardinopolis.sc.gov.br Cross Site Scripting vulnerability OBB-3099018
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
laomao.website Cross Site Scripting vulnerability OBB-3069998
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
PT-2022-24064 · Maarch Rm · Maarch Rm
Name of the Vulnerable Software and Affected Versions: Maarch RM version 2.8.3 Description: The issue concerns a broken access control vulnerability. When accessing specific documents, such as PDFs or emails, from an archive, the application proposes a preview. This preview generates a URL that...
comics.vforums.co.uk Cross Site Scripting vulnerability OBB-3036587
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
LinkedIn Adds Verified Emails, Profile Creation Dates
Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect. Many LinkedIn profiles now display a creation date, and the company is expanding its domain validation...
Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn
On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in the number of LinkedIn profiles claiming employment at Amazon comes as LinkedIn is struggling to combat a...
CVE-2022-43432
Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
CVE-2022-43433
Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
Design/Logic Flaw
Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
Design/Logic Flaw
Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...