29035 matches found
CVE-2023-46648
An insufficient entropy vulnerability was identified in GitHub Enterprise Server GHES that allowed an attacker to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pending. This vulnerability...
Authentication flaw
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode...
Design/Logic Flaw
An insufficient entropy vulnerability was identified in GitHub Enterprise Server GHES that allowed an attacker to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pending. This vulnerability...
Path traversal
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This...
US pharmacy Rite Aid banned from operating facial recognition systems
Pharmacy chain Rite Aid has been denied the right to run facial recognition systems in its stores for five years, by a Federal Trade Commission FTC ruling. The regulator found so many flaws in the retailers surveillance program that it concluded Rite Aid had failed to implement reasonable...
CVE-2023-46645 Path traversal in GitHub Enterprise Server leading to arbitrary file reading when building a GitHub Pages site
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This...
CVE-2023-46645
CVE-2023-46645 describes a path traversal vulnerability in GitHub Enterprise Server that enables arbitrary file reading when building a GitHub Pages site. The attacker must have permission to create and build a GitHub Pages site on the affected server. Affected versions include all releases since...
gardenofedenfloral.com Cross Site Scripting vulnerability OBB-3819574
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
flowersedmontonab.com Cross Site Scripting vulnerability OBB-3819573
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
hegesztes.ktk.bme.hu Cross Site Scripting vulnerability OBB-3819391
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP
Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild. The vulnerability, assigned the CVE identifier CVE-2023-7024, has been described as a heap-based buffer overflow bug in the WebRTC framework that...
ClickHouse Number Error Vulnerability
ClickHouse is ClickHouse's fastest and most resource efficient open source database for real-time applications and analytics. ClickHouse suffers from a numeric error vulnerability that stems from the presence of a stack buffer overflow, resulting in an integer underflow and program crash...
lautern-frueher.de Improper Access Control vulnerability OBB-3819246
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
koch-tante.de Improper Access Control vulnerability OBB-3819212
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
kaleidoskop-suedpark.de Improper Access Control vulnerability OBB-3819173
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
inspiration69.de Improper Access Control vulnerability OBB-3819137
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
beershelf.com Improper Access Control vulnerability OBB-3819043
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
aqocdiitbzn.mee.nu Cross Site Scripting vulnerability OBB-3818977
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Stable Channel Update for Desktop
The Stable channel has been updated to 120.0.6099.129 for Mac,Linux and 120.0.6099.129/130 to Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the nulllog. The Extended Stable channel has been updated to 120.0.6099.129 for Mac and...
hairapartment.de Improper Access Control vulnerability OBB-3818794
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...