2754 matches found
PT-2024-31575 · WordPress · Kkprogressbar2 Free
Name of the Vulnerable Software and Affected Versions: KKProgressbar2 Free WordPress plugin versions 1.1.4.2 and earlier Description: The issue concerns the lack of CSRF checks in certain areas and missing sanitization as well as escaping. This could allow attackers to make logged-in admins add...
CVE-2024-28188
Jupyter Scheduler is collection of extensions for programming jobs to run now or run on a schedule. The list of conda environments of jupyter-scheduler users maybe be exposed, potentially revealing information about projects that a specific user may be working on. This vulnerability has been...
DEBIAN-CVE-2023-52816
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix shift out-of-bounds issue 567.613292 shift exponent 255 is too large for 64-bit type 'long unsigned int' 567.614498 CPU: 5 PID: 238 Comm: kworker/5:1 Tainted: G OE 6.2.0-34-generic 3422.04.1-Ubuntu 567.614502...
CLSA-2024-1716271951 less: Fix of CVE-2022-48624
CVE-2022-48624: shell-quote filenames when invoking LESSCLOSE...
SUSE CVE-2024-35940
In the Linux kernel, the following vulnerability has been resolved: pstore/zone: Add a null pointer check to the pszkmsgread kasprintf returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity...
PT-2024-24848 · Unknown · Apppresser
Name of the Vulnerable Software and Affected Versions: AppPresser versions through 4.3.0 Description: The issue is related to missing authorization, which poses a high risk. It is recommended to check for signs of exploitation. Recommendations: For versions through 4.3.0, patch immediately to...
PT-2024-13316 · Linksys · Linksys Ea7500
Name of the Vulnerable Software and Affected Versions: LINKSYS EA7500 version 3.0.1.207964 Description: The issue allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP. This enables the attacker to potentially gain control over the device. Recommendations: For...
PT-2024-25119 · Unknown · Crmeb Java
Name of the Vulnerable Software and Affected Versions: crmeb java version 1.3.4 Description: The issue is related to a Server-Side Request Forgery SSRF in the mergeList method of the ImageMergeController class. This allows for potential exploitation. No information is provided about the estimated...
PT-2024-3315 · Linksys · Linksys E5600
Name of the Vulnerable Software and Affected Versions: Linksys E5600 version 1.1.0.26 Description: The issue is related to a command injection vulnerability in the /API/info endpoint of the Linksys E5600 router's firmware. This vulnerability is caused by the failure to neutralize special elements...
uwiltrijles.nl Improper Access Control vulnerability OBB-3924876
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
RHEL 5 : sudo (RHSA-2019:4191)
The remote Redhat Enterprise Linux 5 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:4191 advisory. The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged...
kartarkiv.no Improper Access Control vulnerability OBB-3922499
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
aftenlandet.no Improper Access Control vulnerability OBB-3922145
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
MGASA-2024-0149 Updated wireshark packages fix security vulnerability
T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file. CVE-2024-2955...
CVE-2024-25624 iris-web vulnerable to Server Side Template Injection in reports
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in iris-web is prone to a Server Side Template Injection SSTI. Successful exploitation of the vulnerability c...
instinctools.com Cross Site Scripting vulnerability OBB-3921856
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
SUSE CVE-2024-32662
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when WCHAR string is read with twice the size it has and converted to UTF-8, base64 decoded. The string is only used to compare against t...
CVE-2024-32660
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available...
torontojobsjournal.ca Cross Site Scripting vulnerability OBB-3920570
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2022-31394 affecting package rpm-ostree for versions less than 2022.1-7
CVE-2022-31394 affecting package rpm-ostree for versions less than 2022.1-7. A patched version of the package is available...