cavin.li Improper Access Control vulnerability OBB-3845220

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

RHEL 9 : sqlite (RHSA-2024:0465)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0465 advisory. SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk...

PT-2024-19722 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.6.4 macOS versions prior to 14.3 Description: The issue was addressed with improved checks. An app may be able to access sensitive user data. Recommendations: For macOS versions prior to 13.6.4, update to macOS...

PT-2024-19607 · Swftools · Swftools

Name of the Vulnerable Software and Affected Versions: SWFTools version 0.9.2 Description: A stack-buffer-underflow issue was found in the function parseExpression at src/swfc.c:2602. This issue can potentially lead to a denial of service. Recommendations: For SWFTools version 0.9.2, as a tempora...

Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 2024

Cisco Talos Vulnerability Research team has disclosed dozens of vulnerabilities over the past month, including more than 30 advisories in GTKWave and a critical vulnerability in ManageEngine OpManager. Cisco ASIG also recently discovered an information disclosure vulnerability in...

CVE-2024-20963

...

EulerOS 2.0 SP9 : nghttp2 (EulerOS-SA-2023-3346)

According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon...

kanaliena.gr Improper Access Control vulnerability OBB-3833541

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2024-2760 · Mongodb +3 · Mongodb C Driver +3

Name of the Vulnerable Software and Affected Versions: MongoDB C Driver versions prior to 1.25.0 Description: The issue is related to the bson utf8 validate function in the MongoDB C Driver, which can cause an infinite loop when called with certain inputs. This may allow a remote attacker to caus...

DEBIAN-CVE-2023-49295

quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can...

CVE-2024-21638 Azure IPAM solution Elevation of Privilege Vulnerability

Azure IPAM IP Address Management is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assign...

CVE-2024-21651 XWiki Denial of Service attack through attachments

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modification times headers, which when parsed by Tika, could cause a denial of service issue via CPU...

CVE-2024-21650 XWiki Remote Code Execution vulnerability via user registration

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution RCE attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the...

CVE-2023-6738

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagelayerheadercode', 'pagelayerbodyopencode', and 'pagelayerfootercode' meta fields in all versions up to, and including, 1.7.8 due to insufficient input...

CVE-2024-21634 Ion Java StackOverflow vulnerability

Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in ion-java for applications that use ion-java to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the IonValue model and then...

gfoe-conference.de Cross Site Scripting vulnerability OBB-3827714

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-6600 OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. <= 5.7.9 - Missing Authorization to Unauthenticated Directory Deletion and Cross-Site Scripting

The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the updatesettings function hooked via admininit in all versions up to, and including, 5.7.9. Th...

special-education-degree.net Cross Site Scripting vulnerability OBB-3827308

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

serramentipvctorino.eu Improper Access Control vulnerability OBB-3825878

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

lamaisongueth.eu Improper Access Control vulnerability OBB-3824779

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...