irsa.com.ar Cross Site Scripting vulnerability OBB-2218081

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GSD-2021-1001552 phy: mdio: fix memory leak

phy: mdio: fix memory leak This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.211 by commit 2397b9e118721292429fea8807a698e71b94795f, it was...

vigc.be Improper Access Control vulnerability OBB-2162672

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Eigen NLP 安全漏洞

Eigen NLP is a natural language processing system. A security vulnerability exists in Eigen NLP 3.10.1 that stems from the lack of access control on the /auth/v1/user/user-guid/ user edition endpoint. The vulnerability could allow any logged-in user to increase their own permissions via the...

SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2021:1942-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1942-1 advisory. - Switch method of splitting off hw-s390x-virtio-gpu-ccw.so as a module to what was accepted upstream bsc1181103 - Fix OOB access in...

CVE-2021-31532

NXP LPC55S6x microcontrollers 0A and 1B, i.MX RT500 silicon rev B1 and B2, i.MX RT600 silicon rev A0, B0, LPC55S6x, LPC55S2x, LPC552x silicon rev 0A, 1B, LPC55S1x, LPC551x silicon rev 0A and LPC55S0x, LPC550x silicon rev 0A include an undocumented ROM patch peripheral that allows unsigned,...

omnya.pt Cross Site Scripting vulnerability OBB-1483753

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

lucian.site123.me Cross Site Scripting vulnerability OBB-1477942

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

PT-2020-4551

Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server versions 10.3.6.0.0 through 14.1.1.0.0 Description A vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Console allows an unauthenticated attacker with network access via HTTP to...

imvin.com Cross Site Scripting vulnerability OBB-1410720

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

There Goes The Neighborhood: Dealing With CVE-2020-16898 (and CVE-2020-1656) (aka"Bad Neighbor")

If you’re in the U.S. and were waiting for an “October surprise”, look no further than CVE-2020-16898 which is a remote code execution RCE vulnerability in the Windows TCP/IP stack, or what our own Tod Beardsley likes to call “exploiting poor implementations of core IETF RFCs”. The vulnerability...

wessexdemolition.co.uk Cross Site Scripting vulnerability OBB-1367904

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

sanchaekro.co.kr Cross Site Scripting vulnerability OBB-1362724

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

gettechnologies.net Cross Site Scripting vulnerability OBB-1274191

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

extras.sltrib.com Cross Site Scripting vulnerability OBB-1260496

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

devup-centrevaldeloire.fr Cross Site Scripting vulnerability OBB-1235129

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

CVE-2020-1048: Windows Print Spooler Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka ‘Windows Print Spooler Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1070. Recent assessments: bwatters-r7 at May 14, 2020...

Denial Of Service (DoS)

patch is vulnerable to denial of service. A NULL pointer dereference in the intuitdifftype function in pch.c allows an attacker to crash the application...

ALPINE-CVE-2019-20633

GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...

Double free

GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...