PT-2022-12351

Name of the Vulnerable Software and Affected Versions VirusTotal YARA affected versions not specified Description A Buffer Overflow issue exists in VirusTotal YARA, specifically via yr set configuration in yara/libyara/libyara.c, which could cause a Denial of Service. Recommendations At the momen...

PT-2022-1700 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to insecure privilege management in the browser, which could allow an attacker to elevate their privileges. Recommendations: At the moment, there ...

CVE-2022-23607 Unsafe handling of user-specified cookies in treq

treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods treq.get, treq.post, etc. and treq.client.HTTPClient constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to every domain...

GHSA-FHPF-PP6P-55QC Unsafe handling of user-specified cookies in treq

Impact Treq's request methods treq.get, treq.post, HTTPClient.request, HTTPClient.get, etc. accept cookies as a dictionary, for example: py treq.get'https://example.com/', cookies='session': '1234' Such cookies are not bound to a single domain, and are therefore sent to every domain "supercookies...

brookemeyerphotography.com Cross Site Scripting vulnerability OBB-2349546

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2022-11450 · Unknown · Calibre-Web

Name of the Vulnerable Software and Affected Versions: calibre-web affected versions not specified Description: The issue is related to Cross-Site Request Forgery CSRF, which is a type of attack that tricks a user into performing unintended actions on a web application. No information is provided...

CVE-2022-23111

A cross-site request forgery CSRF vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...

CVE-2022-20614

A missing permission check in Jenkins Mailer Plugin 391.ve4a38c1bcf4b and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname...

CVE-2022-20619

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

PT-2022-1568 · Microsoft · Windows Resilient File System +1

Name of the Vulnerable Software and Affected Versions: Windows Resilient File System ReFS affected versions not specified Description: The issue is related to errors in code generation management in the Windows Resilient File System ReFS. It can be exploited by sending a specially crafted request...

PT-2022-1683 · Microsoft · Windows Resilient File System +1

Name of the Vulnerable Software and Affected Versions: Windows Resilient File System ReFS affected versions not specified Description: The issue is related to incorrect code generation management in the Windows Resilient File System ReFS. It allows remote attackers to execute arbitrary code,...

PT-2022-1571 · Microsoft · Windows Refs +1

Name of the Vulnerable Software and Affected Versions: Windows Resilient File System ReFS affected versions not specified Description: The issue is related to errors in code generation management in the Resilient File System ReFS of Windows operating systems. It allows remote attackers to execute...

PT-2022-1503 · Microsoft · Windows Staterepository Api Server +1

Name of the Vulnerable Software and Affected Versions: Windows StateRepository API Server affected versions not specified Description: The issue is related to insecure privilege management in the Windows StateRepository API Server, which is part of the Windows operating system. This allows an...

PT-2022-1410 · Microsoft · Windows Bind Filter Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Bind Filter Driver affected versions not specified Description: The issue is related to insufficient access control in the Windows Bind Filter Driver, which can be exploited to elevate privileges. This could allow an attacker to affec...

CVE-2022-0174

CVE-2022-0174 concerns an improper validation of a specified quantity in input within the Dolibarr project (dolibarr/dolibarr). Public records identify a vulnerability in Dolibarr with a CVSS v3.1 base score of 4.3 (MEDIUM) and CVSS v2 base score of 4.0 (MEDIUM). The content available notes the a...

PT-2022-12980 · Vim +5 · Vim +5

Name of the Vulnerable Software and Affected Versions: vim affected versions not specified Description: The issue concerns an Out-of-bounds Read. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this...

PT-2021-13311 · Apusys · Apusys

Name of the Vulnerable Software and Affected Versions: apusys affected versions not specified Description: The issue is related to a possible memory corruption due to a missing bounds check in apusys. This could lead to local escalation of privilege with System execution privileges needed. User...

PT-2021-22691 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel affected versions not specified Description: The issue concerns the Android kernel. No specific details about the nature of the problem or its potential impact are provided. Recommendations: At the moment, there is no informati...

PT-2022-11300 · Shibboleth +1 · Shibboleth Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Shibboleth authentication plugin affected versions not specified Description: A session hijack risk was identified in the Shibboleth authentication plugin. Recommendations: At the moment, there is no information about a newer version that...

PT-2021-5548 · Busybox +5 · Busybox +5

Name of the Vulnerable Software and Affected Versions: BusyBox affected versions not specified Description: A use-after-free issue in BusyBox's awk applet can lead to denial of service and possibly code execution when processing a crafted awk pattern in the getvar i function. This could allow a...