CVE-2024-6800

An XML signature wrapping vulnerability was present in GitHub Enterprise Server GHES when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise...

CVE-2024-6800

CVE-2024-6800 is an XML signature wrapping vulnerability in GitHub Enterprise Server (GHES) affecting SAML authentication with certain IdPs that expose signed federation metadata XML. An attacker with direct network access could forge a SAML response to provision and/or gain access to a user with...

CVE-2024-6337 Incorrect Authorization allows read access to issues in GitHub Enterprise Server

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pullrequestwrite: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access...

CVE-2024-6337 Incorrect Authorization allows read access to issues in GitHub Enterprise Server

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pullrequestwrite: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access...

CVE-2024-7711

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was only exploitable inside a public repository. This vulnerability affected GitHub Enterprise Server...

CVE-2024-7711

CVE-2024-7711 is an Incorrect Authorization vulnerability in GitHub Enterprise Server that allowed an attacker to update the title, assignees, and labels of any issue inside a public repository, and was exploitable only within public repos. Affected products: GitHub Enterprise Server versions bef...

CVE-2024-21689

This High severity RCE Remote Code Execution vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.6, allows an authenticated attacker to execute...

CVE-2024-21689

This High severity RCE Remote Code Execution vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.6, allows an authenticated attacker to execute...

CVE-2024-21689

This High severity RCE Remote Code Execution vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.6, allows an authenticated attacker to execute...

CVE-2024-21689

CVE-2024-21689 is a high-severity RCE in Atlassian Bamboo Data Center/Server, introduced in versions 9.1.0–9.6.0. An authenticated attacker can execute arbitrary code with high confidentiality, integrity, and availability impact, requiring user interaction. Public details indicate fixed upgrades:...

SUSE-SU-2024:2980-1 Security update for kernel-firmware

This update for kernel-firmware fixes the following issues: CVE-2023-31315: Fixed validation in a model specific register MSR that lead to modification of SMM configuration by malicious program with ring0 access bsc1229069...

schoolprograms.skirball.org Cross Site Scripting vulnerability OBB-3959166

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-43261 WordPress Compute Links plugin <= 1.2.1 - Remote File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Hamed Naderfar Compute Links allows PHP Remote File Inclusion.This issue affects Compute Links: from n/a through 1.2.1...

kitchen-cardell.com Cross Site Scripting vulnerability OBB-3958541

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

SUSE CVE-2024-43837

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix null pointer dereference in resolveprogtype for BPFPROGTYPEEXT When loading a EXT program without specifying attr-attachprogfd, the prog-aux-dstprog will be null. At this time, calling resolveprogtype anywhere will resul...

mikseri.net Cross Site Scripting vulnerability OBB-3958532

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GitLab: Removed Guest role user who dosent have access to private project in members able to view jobs

Vulnerability description not provided...

DEBIAN-CVE-2024-43837

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix null pointer dereference in resolveprogtype for BPFPROGTYPEEXT When loading a EXT program without specifying attr-attachprogfd, the prog-aux-dstprog will be null. At this time, calling resolveprogtype anywhere will resul...

UBUNTU-CVE-2024-43837

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix null pointer dereference in resolveprogtype for BPFPROGTYPEEXT When loading a EXT program without specifying attr-attachprogfd, the prog-aux-dstprog will be null. At this time, calling resolveprogtype anywhere will resul...

CVE-2024-43837

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix null pointer dereference in resolveprogtype for BPFPROGTYPEEXT When loading a EXT program without specifying attr-attachprogfd, the prog-aux-dstprog will be null. At this time, calling resolveprogtype anywhere will resul...