screencloud.com Open Redirect vulnerability OBB-2316139

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Cross-Site Request Forgery (CSRF) in archivy/archivy

Title Missing CSRF token validation leads to note deletion. Summary Route /dataobj/delete/ is responsible for note deletion. Instead of POST it accepts GET and DELETE methods. @app.route"/dataobj/delete/", methods="DELETE", "GET" def deletedatadataobjid: try: data.deleteitemdataobjid except...

PT-2021-8080 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 4.13 and earlier Description: The issue is related to the async free space function in the Linux kernel's binder component. It causes a leak of up to 8 bytes of async free space on every async transaction of 8 bytes or...

Cerber targeting organizations with publicly available exploits

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Cerber, ransomware that mysteriously vanished in 2019, has reappeared with a new encryption. The new cerber includes fresh source code and makes use of the new library Crypto+++, whereas the previous form made use of Windows...

news.abidjan.net Cross Site Scripting vulnerability OBB-2253330

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

UBUNTU-CVE-2021-35564

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Keytool. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

weddingsonline.ie Cross Site Scripting vulnerability OBB-2166106

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB5006762)

Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 KB5006762 Applies to: Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2...

Samsung Notes libSPenBase buffer overflow vulnerability (CNVD-2022-86540)

Samsung Notes is an application from Samsung South Korea. It is used to provide a recording function. A buffer overflow vulnerability exists in versions prior to Samsung Note 4.3.02.61, which stems from a lack of buffer bounds checking in the libSPenBase library, and can be exploited by a remote...

airportgoldentuliphotel.com Cross Site Scripting vulnerability OBB-2158377

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Python < 2.7.14, 3.4.x < 3.4.8, 3.5.x < 3.5.5 PyString_DecodeEscape integer overflow (bpo-30657) - Linux

CPython aka Python is prone to an integer overflow vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

OESA-2021-1352 libexif security update

Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. The EXIF library allows you to parse an EXIF file and read the data from those tags. Security Fixes: An issue was discovered in libexif before 0.6.22. Several buffer over-reads ...

CVE-2021-41392

static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API...

CVE-2021-41392

static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API...

Command injection

static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API...

CVE-2021-41392

static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API...

CVE-2021-41392

Boost Note

Boost Note 注入漏洞

Boost Note is an open source developer-friendly workspace with IDE-like UX. it provides the following features focusing on information management and searchability. A security vulnerability exists in Boost Note versions prior to 0.22.0 that stems from a lack of effective filtering and validation ...

location.transdev.com Cross Site Scripting vulnerability OBB-2139704

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

The vulnerability of microprogramming software in Samsung Galaxy S2, Galaxy Note 2, and Meizu MX devices stems from deficiencies in access control mechanisms, allowing attackers to escalate their privileges through specially created applications.

The vulnerability of microprogramming software in Samsung Galaxy S2, Galaxy Note 2, and Meizu MX devices is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to enhance their privileges through a specially created application...