Geolocation preview links can be set to arbitrary links

None...

cleanpullcord.co.uk Improper Access Control vulnerability OBB-2414694

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Centralisation Risk: Admin Role of TokenManagerEth can Rug Pull All Eth from the Bridge

Lines of code Vulnerability details Impact There is a Centralisation risk of the bridge where the DEFAULTADMINROLE of TokenManagerEth.sol is able to modify the ERC20 token on the SChain to any arbitrary address. This would allow the admin role to change the address to one where they have infinite...

CVE-2022-24337

In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions...

CVE-2022-24337

In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions...

CVE-2022-24337

In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions...

Design/Logic Flaw

In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions...

CVE-2022-24337

In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions...

CVE-2022-24337

CVE-2022-24337 affects JetBrains TeamCity prior to 2021.2, where health items from pull requests could be exposed to users without the necessary permissions. The issue is documented across multiple sources (NVD entry, Red Hat and CNVD mirrors, and JetBrains security bulletin), all confirming the ...

JetBrains TeamCity 访问控制错误漏洞

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.A security vulnerability exists in JetBrains TeamCity, which stems from the...

Review your security vulnerabilities in GitHub with code scanning alerts

Today, for GitHub repositories, our SAST analysis provides fast, precise security feedback directly inside your pull requests. You instantly know how many vulnerabilities are detected and, until now, you would systematically go to SonarCloud to start investigating. Not anymore. From this point...

Arbitrary Code Execution in Docker

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a 1 symlink or 2 hard link attack in an image archive in a a pull or b load operation...

containerd v1.2.x can be coerced into leaking credentials during image pull

Impact If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign layer”, the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 o...

GHSA-742W-89GC-8M9C containerd v1.2.x can be coerced into leaking credentials during image pull

Impact If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign layer”, the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 o...

Zero tokenOut balance = rug pull

Lines of code Vulnerability details Impact The only time that the Badger Citadel contract checks that the balance of tokenOut is greater than or equal to totalTokenOutBought is in the finalize function, which happens at the end of the sale. A contract owner can start a token sale but never send...

Owner never calls finalize() = rug pull

Lines of code Vulnerability details Impact In order for users to claim their promised tokenOut tokens, the contract owner must call the finalize function. If the owner never calls the finalize function, no user can call the claim function to get their tokens. The owner can call the sweep function...

Seven ways in which the Owner and Proxy Admin can make users lose funds ("rug vectors")

Lines of code Vulnerability details The contest explicitly asks to analyze the contract for "Rug Vectors", so that is what this issue is about. note to reviewers This issue list maybe 7 different problems and recommends different fixes. I could have made seven separate issues for each, but it wou...

CVE-2021-46101

In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly...

ALPINE-CVE-2021-46101

In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly...

CVE-2021-46101

In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly...