147 matches found
GSD-2023-1001480 bpf: Fix slot type check in check_stack_write_var_off
bpf: Fix slot type check in checkstackwritevaroff This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...
CVE-2022-4064 Dalli Meta Protocol request_formatter.rb self.meta_set injection
A vulnerability was found in Dalli up to 3.2.2. It has been classified as problematic. Affected is the function self.metaset of the file lib/dalli/protocol/meta/requestformatter.rb of the component Meta Protocol Handler. The manipulation of the argument cas/ttl leads to injection. It is possible ...
CVE-2022-41886 Overflow in `ImageProjectiveTransformV2` in Tensorflow
TensorFlow is an open source platform for machine learning. When tf.rawops.ImageProjectiveTransformV2 is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also...
CVE-2022-35938 OOB read in `Gather_nd` op in TensorFlow Lite Micro
TensorFlow is an open source platform for machine learning. The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. This issue has been...
CVE-2022-26453
In teei, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06664675; Issue ID: ALPS06664675...
GSD-2022-1003762 Input: stmfts - do not leave device disabled in stmfts_input_open
Input: stmfts - do not leave device disabled in stmftsinputopen This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.198 by commit...
GSD-2022-1000296 libsubcmd: Fix use-after-free for realloc(..., 0)
libsubcmd: Fix use-after-free for realloc..., 0 This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.303 by commit...
Microsoft Patch Tuesday January 2022
Hello everyone! This episode will be about Microsoft Patch Tuesday for January 2022. Traditionally, I will use my open source Vulristics tool for analysis. This time I didnt make any changes to how connectors work. The report generation worked correctly on the first try. python3.8 vulristics.py...
CVE-2022-21678 User's bio visible even if profile is restricted in Discourse
Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the tests-passed branch, version 2.8.0.beta11 in the beta branch, and version 2.7.13 in the stable branch, the bios of users who made their profiles private were still visible in the tags on their users' pages. The...
crosskhoj.com Improper Access Control vulnerability OBB-2297119
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Cross site scripting
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the network access to DNS server. See the referenced GitHub security advisory for patch details...
CVE-2021-29448 Stored DOM XSS in Pi-hole Admin Web Interface
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the network access to DNS server. See the referenced GitHub security advisory for patch details...
indianfrootland.com Cross Site Scripting vulnerability OBB-1474038
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
nissiminc.com Cross Site Scripting vulnerability OBB-1385470
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Unbreakable Enterprise kernel security update
5.4.17-2011.4.6.el8uek - Revert 'uek-rpm: Move grub boot menu update to posttrans stage.' Somasundaram Krishnasamy Orabug: 31358097 5.4.17-2011.4.5.el8uek - IB/sa: Resolv use-after-free in ibnlmakerequest Divya Indi Orabug: 31631527 - certs: Remove Oracle cert compiled into the kernel Eric Snowbe...
SUSE-SU-2020:0087-1 Security update for libsolv, libzypp, zypper
This update for libsolv, libzypp, zypper fixes the following issues: Security issue fixed: - CVE-2019-18900: Fixed assert cookie file that was world readable bsc1158763. Bug fixes - Fixed removing orphaned packages dropped by to-be-installed products bsc1155819. - Adds libzypp API to mark all...
SUSE-SU-2020:0017-1 Security update for virglrenderer
This update for virglrenderer fixes the following issues: - CVE-2019-18388: Fixed a null pointer dereference which could have led to denial of service bsc1159479. - CVE-2019-18390: Fixed an out of bound read which could have led to denial of service bsc1159478. - CVE-2019-18389: Fixed a heap buff...
doki-doki.fr XSS vulnerability
Vulnerable URL: http://www.doki-doki.fr/recherche.html?q=%3Cscript%20src=https://openbugbounty.org/1.js%3E Details: Description| Value ---|--- Patched:| Yes, at 11.08.2017 Latest check for patch:| 11.08.2017 09:07 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...
technology-solved.com XSS vulnerability
Vulnerable URL: http://www.technology-solved.com/locations/ Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:| 25.11.2017 19:39 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2689979 VIP website status:| No Check...
claravital.de XSS vulnerability
Vulnerable URL: https://www.claravital.de/newsletter.php Details: Description| Value ---|--- Patched:| Yes, at 11.04.2017 Latest check for patch:| 11.04.2017 18:52 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 367251 VIP website status:| No Check claravital.de...