28993 matches found
CVE-2024-3470 Repository administrator can bypass organization's ruleset using deploy keys
An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as we...
CVE-2024-3470
GitHub Enterprise Server suffers an Improper Privilege Management flaw that lets a repository deploy key bypass an organization’s ruleset when an attacker has a valid deploy key and repository administrator access. Affected versions are 3.11–3.12; remediation is to upgrade to 3.11.8 or 3.12.2. In...
finchbarry.com Cross Site Scripting vulnerability OBB-3918828
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2024-1491 Electrolink FM/DAB/TV Transmitter Missing Authentication for Critical Function
The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial flash, or internal flash program memory...
CVE-2024-1491
CVE-2024-1491 affects Electrolink FM/DAB/TV Transmitters, where an unauthenticated unprotected endpoint permits MPFS2 file-system binary image uploads. The MPFS2 read-only storage can reside in external EEPROM/flash and backs the HTTP2 web server and other components; exploitation could overwrite...
peterdonders.com Cross Site Scripting vulnerability OBB-3918754
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
kernel: veth: ensure skb entering GRO are not cloned.
In the Linux kernel, the following vulnerability has been resolved: veth: ensure skb entering GRO are not cloned. After commit d3256efd8e8b "veth: allow enabling NAPI even without XDP", if GRO is enabled on a veth device and TSO is disabled on the peer device, TCP skbs will go through the NAPI...
nfe.leopoldina.mg.gov.br Cross Site Scripting vulnerability OBB-3918689
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Big Tech Says Spy Bill Turns Its Workers Into Informants
One of Silicon Valley’s most influential lobbying arms joins privacy reformers in a fight against the Biden administration–backed expansion of a major US surveillance program...
CVE-2024-26906
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page read for copyfromkernelnofault When trying to use copyfromkernelnofault to read vsyscall page through a bpf program, the following oops was reported: BUG: unable to handle page fault for address:...
funkylife.in Cross Site Scripting vulnerability OBB-3918679
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2024-26906
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page read for copyfromkernelnofault When trying to use copyfromkernelnofault to read vsyscall page through a bpf program, the following oops was reported: BUG: unable to handle page fault for address:...
CVE-2024-26906
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page read for copyfromkernelnofault When trying to use copyfromkernelnofault to read vsyscall page through a bpf program, the following oops was reported: BUG: unable to handle page fault for address:...
CVE-2024-26906 x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page read for copyfromkernelnofault When trying to use copyfromkernelnofault to read vsyscall page through a bpf program, the following oops was reported: BUG: unable to handle page fault for address:...
CVE-2024-26906 x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page read for copyfromkernelnofault When trying to use copyfromkernelnofault to read vsyscall page through a bpf program, the following oops was reported: BUG: unable to handle page fault for address:...
CVE-2024-26906 x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page read for copyfromkernelnofault When trying to use copyfromkernelnofault to read vsyscall page through a bpf program, the following oops was reported: BUG: unable to handle page fault for address:...
CVE-2024-26906
CVE-2024-26906 : In the Linux kernel, x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault(). A bpf program reading the vsyscall page with bpf_probe_read_kernel() can trigger copy_from_kernel_nofault(), which calls __get_user_asm() and may fault because the vsyscall page is not readab...
US Senate to Vote on a Wiretap Bill That Critics Call ‘Stasi-Like’
A controversial bill reauthorizing the Section 702 spy program may force whole new categories of businesses to eavesdrop on the US government’s behalf, including on fellow Americans...
CVE-2024-21676
This CVE entry is rejected/not used and does not represent an active vulnerability entry.
q.commaoil.com Cross Site Scripting vulnerability OBB-3918465
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...