29026 matches found
CVE-2024-21690
This High severity Reflected XSS and CSRF Cross-Site Request Forgery vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.1, 8.8.0, and 8.9.0 of Confluence Data Center and Server. This Reflected XSS and CSRF Cross-Site Request Forgery...
CVE-2024-21690
This High severity Reflected XSS and CSRF Cross-Site Request Forgery vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.1, 8.8.0, and 8.9.0 of Confluence Data Center and Server. This Reflected XSS and CSRF Cross-Site Request Forgery...
CVE-2024-21690
This High severity Reflected XSS and CSRF Cross-Site Request Forgery vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.1, 8.8.0, and 8.9.0 of Confluence Data Center and Server. This Reflected XSS and CSRF Cross-Site Request Forgery...
gbstandards.org Cross Site Scripting vulnerability OBB-3959937
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
mail.pharmasm.com Cross Site Scripting vulnerability OBB-3959930
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry
A flaw was found in the Linux kernel’s IPC system. This flaw allows an attacker to use a specially crafted program to cause a rare race condition, leading to a denial of service...
systemcaresitsolutions.com Cross Site Scripting vulnerability OBB-3959854
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
library.dphen1.com Improper Access Control vulnerability OBB-3959812
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
smartdefine.org Improper Access Control vulnerability OBB-3959805
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Vim Memory Reference Error Vulnerability (CNVD-2024-40461)
Vim is Vim open source a cross-platform text editor . Vim suffers from a Memory Reference Error vulnerability that stems from a confusion in the instruction responsible for freeing memory in parameter list handling. An attacker can exploit the vulnerability which may result in a program crash,...
CVE-2024-7711
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was only exploitable inside a public repository. This vulnerability affected GitHub Enterprise Server...
CVE-2024-6337
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pullrequestwrite: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access...
CVE-2024-6800
An XML signature wrapping vulnerability was present in GitHub Enterprise Server GHES when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise...
CVE-2024-6800
CVE-2024-6800 is an XML signature wrapping vulnerability in GitHub Enterprise Server (GHES) affecting SAML authentication with certain IdPs that expose signed federation metadata XML. An attacker with direct network access could forge a SAML response to provision and/or gain access to a user with...
CVE-2024-6337 Incorrect Authorization allows read access to issues in GitHub Enterprise Server
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pullrequestwrite: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access...
CVE-2024-6337 Incorrect Authorization allows read access to issues in GitHub Enterprise Server
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pullrequestwrite: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access...
CVE-2024-7711
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was only exploitable inside a public repository. This vulnerability affected GitHub Enterprise Server...
CVE-2024-7711
CVE-2024-7711 is an Incorrect Authorization vulnerability in GitHub Enterprise Server that allowed an attacker to update the title, assignees, and labels of any issue inside a public repository, and was exploitable only within public repos. Affected products: GitHub Enterprise Server versions bef...
CVE-2024-21689
This High severity RCE Remote Code Execution vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.6, allows an authenticated attacker to execute...
CVE-2024-21689
CVE-2024-21689 is a high-severity RCE in Atlassian Bamboo Data Center/Server, introduced in versions 9.1.0–9.6.0. An authenticated attacker can execute arbitrary code with high confidentiality, integrity, and availability impact, requiring user interaction. Public details indicate fixed upgrades:...