Weblate: Privilege escalation in the user API endpoint

Impact The user patching API endpoint didn't properly limit the scope of edits. Patches https://github.com/WeblateOrg/weblate/pull/18687 References Thanks to @tikket1 and @DavidCarliez for reporting this via GitHub. We received two individual reports for this...

Linux Distros Unpatched Vulnerability : CVE-2023-53009

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdkfd: Add sync after creating vram bo There will be data corruption on vram allocated by svm if the initialization is not complete and application is...

ehefs.org Cross Site Scripting vulnerability OBB-2745101

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

flexdream.jp Cross Site Scripting vulnerability OBB-2135239

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

skk.se Cross Site Scripting vulnerability OBB-1492717

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Patch Report

Binary data patchessummary.nbin...