Lucene search
K

139 matches found

Openbugbounty
Openbugbounty
added 2022/11/01 4:35 a.m.9 views

willowandoakphotography.com Cross Site Scripting vulnerability OBB-3029376

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/06/24 5:50 a.m.14 views

oak-events.com Cross Site Scripting vulnerability OBB-2672124

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/01/30 8:39 a.m.12 views

birminghamroyaloakmedical.com Cross Site Scripting vulnerability OBB-2349274

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/01/04 9:46 a.m.11 views

uk-oak.co.uk Cross Site Scripting vulnerability OBB-2322328

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
OSV
OSV
added 2021/12/10 5:20 p.m.2 views

GHSA-3H68-WVV6-8R5H Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak

The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does n...

7.5CVSS5.9AI score0.04511EPSS
Exploits0References13
vulnersOsv
vulnersOsv
added 2021/12/10 5:20 p.m.7 views

com.adobe.cq:core.wcm.components.testing.aem-mock-plugin (>=2.22.0 <=2.31.0), com.cognifide.aem.bundle:com.cognifide.aem.bundle.gradle.plugin (=12.0.0-beta) +58 more potentially affected by CVE-2020-1940 via org.apache.jackrabbit:oak-core (>=1.12.0 <=1.22.9)

org.apache.jackrabbit:oak-core MAVEN version =1.12.0, =2.22.0, =5.0.0, =5.0.0, =5.0.0, =1.5.0, =1.0.0, =1.1.0 and more Source cves: CVE-2020-1940 Source advisory: OSV:GHSA-3H68-WVV6-8R5Hhttps://vulners.com/osv/OSV:GHSA-3H6...

7.5CVSS7.2AI score0.04511EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/12/10 5:20 p.m.8 views

io.wcm:io.wcm.testing.wcm-io-mock.caconfig (=1.2.0), org.apache.jackrabbit:oak-auth-external (>=1.10.0 <=1.10.7) +14 more potentially affected by CVE-2020-1940 via org.apache.jackrabbit:oak-core (>=1.10.0 <=1.10.7)

org.apache.jackrabbit:oak-core MAVEN version =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.7 and more Source cves: CVE-2020-1940 Source advisory: OSV:GHSA-3H68-WVV6-8R5H...

7.5CVSS7.1AI score0.04511EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2021/12/10 5:20 p.m.35 views

Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak

The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does n...

7.5CVSS7.2AI score0.04511EPSS
Exploits0References14Affected Software1
vulnersOsv
vulnersOsv
added 2021/08/03 7:0 p.m.10 views

@alex.garcia/oak (>=0.0.17 <=0.0.19), @apify/better-sqlite3-prebuilds (=7.1.1) +195 more potentially affected by CVE-2021-32803 via tar (>=4.0.1 <=4.4.13)

tar NPM version =4.0.1, =0.0.17, =0.0.1, =0.2.0, =0.2.0, =3.0.7, =3.0.6, =1.4.0, =1.0.0, =1.0.0-alpha.1, =1.10.9-beta, =1.0.0, =1.1.4, =2.1.0, =2.2.0 and more Source cves: CVE-2021-32803 Source advisory: OSV:GHSA-R628-MHMH-QJHW...

8.2CVSS6.7AI score0.07795EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/03/12 10:44 p.m.12 views

@anandsuresh/smart-stream (>=1.0.1 <=1.1.0), @anandsuresh/smart_stream (=1.0.0) +10 more potentially affected by CVE-2021-21368 via msgpack5 (>=4.0.2 <=4.4.0)

msgpack5 NPM version =4.0.2, =1.0.1, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =1.0.2, =1.2.9, =2.0.0, =0.5.6, =0.1.0, =0.1.3 Source cves: CVE-2021-21368 Source advisory: OSV:GHSA-GMJW-49P4-PCFM...

8.8CVSS7.2AI score0.01649EPSS
Exploits1
Openbugbounty
Openbugbounty
added 2020/09/08 5:31 p.m.12 views

englishoakframes.be Cross Site Scripting vulnerability OBB-1316415

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
OSV
OSV
added 2020/02/17 4:15 a.m.4 views

CVE-2020-9021

Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter...

9.8CVSS7.3AI score0.0209EPSS
Exploits1References1
NVD
NVD
added 2020/02/17 4:15 a.m.34 views

CVE-2020-9021

Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter...

10CVSS9.6AI score0.0209EPSS
Exploits1References1
Prion
Prion
added 2020/02/17 4:15 a.m.14 views

Design/Logic Flaw

Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter...

10CVSS9.4AI score0.0209EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/02/17 3:3 a.m.23 views

CVE-2020-9021

Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter...

9.6AI score0.0209EPSS
Exploits1References1
Veracode
Veracode
added 2020/01/29 3:18 a.m.21 views

Information Disclosure

oak-core is vulnerable to information disclosure. The optional initial password change and password expiration features causes the new password to be disclosed due to the credentials object being retained and not removed upon a successful password change...

7.5CVSS1.7AI score0.04511EPSS
Exploits0References24Affected Software1
OSV
OSV
added 2020/01/28 5:15 p.m.17 views

CVE-2020-1940

The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does n...

7.5CVSS6.9AI score
Exploits0References12
NVD
NVD
added 2020/01/28 5:15 p.m.45 views

CVE-2020-1940

The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does n...

7.5CVSS7.6AI score0.04511EPSS
Exploits0References12
Prion
Prion
added 2020/01/28 5:15 p.m.15 views

Information disclosure

The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does n...

5CVSS7.6AI score0.04511EPSS
Exploits0References12Affected Software1
CVE
CVE
added 2020/01/28 4:51 p.m.99 views

CVE-2020-1940

The CVE-2020-1940 vulnerability affects Apache Jackrabbit Oak, specifically version range 1.2.0 to 1.22.0. The issue arises from the optional initial password change and password expiration flow: the changed password is added to the credentials object but not removed during the first authenticati...

7.5CVSS7.5AI score0.04511EPSS
Exploits0References12Affected Software1
Rows per page
Query Builder