fieg.it Cross Site Scripting vulnerability OBB-3882443

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

serena.bookingonline.fi Cross Site Scripting vulnerability OBB-3882444

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-27936

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Starting in version 1.32.1 and prior to version 1.41.0 of the deno library, maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request...

CVE-2024-1908

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the server instance with non-default settings fo...

glentree.co.uk Cross Site Scripting vulnerability OBB-3881892

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-2748

A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 a...

apollokino.de Cross Site Scripting vulnerability OBB-3881358

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

bsoptik.cz Cross Site Scripting vulnerability OBB-3881343

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

ish-nriv.de Cross Site Scripting vulnerability OBB-3881327

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-2469

An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported...

CVE-2024-2748

CVE-2024-2748 is a Cross Site Request Forgery vulnerability affecting GitHub Enterprise Server 3.12.0 that could allow an attacker to perform unauthorized actions on behalf of a user. The underlying issue is a CSRF flaw that requires user interaction to exploit. GitHub fixed this in version 3.12....

CVE-2024-2748 CSRF vulnerability was identified in GitHub Enterprise Server that allowed performing actions on behalf of a user

A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 a...

CVE-2024-2443 Improper input validation vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to the GitHub...

CVE-2024-2443 Improper input validation vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to the GitHub...

CVE-2024-2443

GitHub Enterprise Server has a command injection vulnerability in the Management Console GeoJSON configuration that could let an attacker with an editor role gain admin SSH access. Affected: all versions before 3.13. Fixed in 3.8.17, 3.9.12, 3.10.9, 3.11.7, and 3.12.1. Remediation: upgrade to 3.1...

CVE-2024-2469 Remote Code Execution in GitHub Enterprise Server Allowed Administrators to gain SSH access to the appliance

An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported...

CVE-2024-2469 Remote Code Execution in GitHub Enterprise Server Allowed Administrators to gain SSH access to the appliance

An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported...

Dynamic Variable Evaluation in qiskit-ibm-runtime

Summary An eval method exists Options.getprograminputs. This is bad in any case, but especially bad because Options are also used server side, so this has the potential to expose arbitrary code injection in runtime containers, now or at a later time. Details...

liter.hu Cross Site Scripting vulnerability OBB-3881111

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

svetbot.cz Cross Site Scripting vulnerability OBB-3881046

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...