jordanflowersdelivery.com Cross Site Scripting vulnerability OBB-3919412

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

vidipedia.org Cross Site Scripting vulnerability OBB-3919299

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

lyrics.com Cross Site Scripting vulnerability OBB-3919179

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

rotaryvac.com Cross Site Scripting vulnerability OBB-3919009

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

madikombucha.com Cross Site Scripting vulnerability OBB-3919004

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-2440

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13...

CVE-2024-2440

A race condition in GitHub Enterprise Server allowed an existing admin to retain permissions on a detached repository by issuing a GraphQL mutation to alter repository permissions while the repository was detached. Affected: all GitHub Enterprise Server versions prior to 3.13. Fixes are available...

CVE-2024-2440 Race Condition was identified in GitHub Enterprise Server that allowed maintaining admin permissions

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13...

CVE-2024-3684 Improper Privilege Management was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console

A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability...

CVE-2024-3646

CVE-2024-3646 : A command injection vulnerability was identified in GitHub Enterprise Server that could let an attacker with an editor role in the Management Console obtain admin SSH access to the instance during chat integration configuration. Exploitation required access to the GitHub Enterpris...

CVE-2024-3646 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the instance when configuring the chat integration. Exploitation of this vulnerability required access to the GitHub...

CVE-2024-3470

GitHub Enterprise Server suffers an Improper Privilege Management flaw that lets a repository deploy key bypass an organization’s ruleset when an attacker has a valid deploy key and repository administrator access. Affected versions are 3.11–3.12; remediation is to upgrade to 3.11.8 or 3.12.2. In...

CVE-2024-3470 Repository administrator can bypass organization's ruleset using deploy keys

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as we...

finchbarry.com Cross Site Scripting vulnerability OBB-3918828

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-1491 Electrolink FM/DAB/TV Transmitter Missing Authentication for Critical Function

The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial flash, or internal flash program memory...

CVE-2024-1491

CVE-2024-1491 affects Electrolink FM/DAB/TV Transmitters, where an unauthenticated unprotected endpoint permits MPFS2 file-system binary image uploads. The MPFS2 read-only storage can reside in external EEPROM/flash and backs the HTTP2 web server and other components; exploitation could overwrite...

peterdonders.com Cross Site Scripting vulnerability OBB-3918754

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

kernel: veth: ensure skb entering GRO are not cloned.

In the Linux kernel, the following vulnerability has been resolved: veth: ensure skb entering GRO are not cloned. After commit d3256efd8e8b "veth: allow enabling NAPI even without XDP", if GRO is enabled on a veth device and TSO is disabled on the peer device, TCP skbs will go through the NAPI...

nfe.leopoldina.mg.gov.br Cross Site Scripting vulnerability OBB-3918689

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Big Tech Says Spy Bill Turns Its Workers Into Informants

One of Silicon Valley’s most influential lobbying arms joins privacy reformers in a fight against the Biden administration–backed expansion of a major US surveillance program...