CVE-2024-40644

The CVE-2024-40644 issue affects gitoxide’s gix-path on Windows. Affected code path allows a limited user to place a malicious git.exe in hard-coded fallback locations (C:/Program Files/Git/mingw64/bin or C:/Program Files (x86)/Git/mingw32/bin). gix-path’s env logic may directly execute that git....

CVE-2024-40644 gitoxide's gix-path can use a fake program files location

gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gix-path can be tricked into running another git.exe placed in an untrusted location by a limited user account on Windows systems. Windows permits limited user accounts without administrative privileges to create new...

CVE-2024-40644

gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gix-path can be tricked into running another git.exe placed in an untrusted location by a limited user account on Windows systems. Windows permits limited user accounts without administrative privileges to create new...

gix-path can use a fake program files location

Summary When looking for Git for Windows so it can run it to report its paths, gix-path can be tricked into running another git.exe placed in an untrusted location by a limited user account. Details Windows permits limited user accounts without administrative privileges to create new directories ...

argentdata.com Cross Site Scripting vulnerability OBB-3947598

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

medicalcenterclinic.com Cross Site Scripting vulnerability OBB-3947424

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

lirs.basnet.by.xx3.kz Cross Site Scripting vulnerability OBB-3947261

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

nfbtx.org Cross Site Scripting vulnerability OBB-3947156

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

roadstarraider.com Open Redirect vulnerability OBB-3947153

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

keepdomain.com Cross Site Scripting vulnerability OBB-3946930

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

webpanel.es Cross Site Scripting vulnerability OBB-3946863

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-41009

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overrunning reservations in ringbuf The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters: consumerpos is the consumer counter to show which...

ongsbrasil.com.br Cross Site Scripting vulnerability OBB-3946537

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-5816

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token. This was only exploitable in public repositories while private repositories were not impacted. This...

CVE-2024-5817

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via GitHub Projects. This was only exploitable in internal repositories and required the attacker to have access to the corresponding project board. This vulnerability...

CVE-2024-5815

A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit...

CVE-2024-6395

CVE-2024-6395 (GitHub Enterprise Server) exposes a sensitive-information issue that allows an attacker to enumerate the names of private repositories using deploy keys, but does not disclose repository contents. Affected: GitHub Enterprise Server versions prior to 3.14. The root cause, per multip...

CVE-2024-6395 GitHub Enterprise Server Information Disclosure Vulnerability Exposes Private Repository Names via Deploy Keys

An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability...

CVE-2024-6336 Security misconfiguration was identified in GitHub Enterprise Server that allowed sensitive data exposure

A Security Misconfiguration vulnerability in GitHub Enterprise Server allowed sensitive information disclosure to unauthorized users in GitHub Enterprise Server by exploiting organization ruleset feature. This attack required an organization member to explicitly change the visibility of a depende...

CVE-2024-6336 Security misconfiguration was identified in GitHub Enterprise Server that allowed sensitive data exposure

A Security Misconfiguration vulnerability in GitHub Enterprise Server allowed sensitive information disclosure to unauthorized users in GitHub Enterprise Server by exploiting organization ruleset feature. This attack required an organization member to explicitly change the visibility of a depende...