CVE-2022-31153 OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli

OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts vanilla and ethereum flavors in the...

All Vulnerabilities for pregase.santacruz.gov.ar Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| pregase.santacruz.gov.ar ---|--- Open B...

criminaldatacheck.com Cross Site Scripting vulnerability OBB-2767389

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-24800 Race Condition in October CMS upload process

October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.476, 1.1.12, and 2.2.15, when the developer allows the user to specify their own filename in the fromData method, an unauthenticated user can perform remote co...

vautostock.co.uk Cross Site Scripting vulnerability OBB-2741334

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

gamgakdesign.com Cross Site Scripting vulnerability OBB-2724136

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

invasives.org.za Cross Site Scripting vulnerability OBB-2696233

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Design/Logic Flaw

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user...

Security update for wdiff (moderate)

openSUSE Security Update: Security update for wdiff Announcement ID: openSUSE-SU-2022:10031-1 Rating: moderate References: Cross-References: CVE-2012-3386 Affected Products: openSUSE Backports SLE-15-SP4 An update that fixes one vulnerability is now available. Description: This update for wdiff...

Insufficiently Protected Credentials via Insecure Temporary File in org.apache.nifi:nifi-single-user-utils

Impact org.apache.nifi.authentication.single.user.writer.StandardLoginCredentialsWriter contains a local information disclosure vulnerability due to writing credentials username and password to a file that is readable by all other users on unix-like systems. On unix-like systems, the system's...

GHSA-QPGX-64H2-GC3C Insecure path traversal in Git Trigger Source can lead to arbitrary file read

Impact A path traversal issue was found in the g GitArtifactReader.Read API. Read calls into g GitArtifactReader.readFromRepository that opens and reads the file that contains the trigger resource definition: go func g GitArtifactReader readFromRepositoryr git.Repository, dir string No checks are...

CVE-2022-31059 Discourse Calendar Event names susceptible to Cross-site Scripting

Discourse Calendar is a calendar plugin for Discourse, an open-source messaging app. Prior to version 1.0.1, parsing and rendering of Event names can be susceptible to cross-site scripting XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Conte...

iglookuehlboxen.de Cross Site Scripting vulnerability OBB-2645647

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

yy-machinery.com Cross Site Scripting vulnerability OBB-2644594

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

coa.tthfanfic.org Cross Site Scripting vulnerability OBB-2642544

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-31031 Potential stack buffer overflow when parsing message as a STUN client

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their...

DEBIAN-CVE-2022-31003

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, rest = record + 2 will access the memory behind \0 and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causin...

PT-2022-2722

Name of the Vulnerable Software and Affected Versions Microsoft Office versions prior to the fixed version Microsoft Windows Support Diagnostic Tool MSDT affected versions not specified Microsoft Windows Server 2012, Microsoft Windows 10, Microsoft Windows 8.1, Microsoft Windows Server 2016,...

Argo CD will blindly trust JWT claims if anonymous access is enabled

Impact A critical vulnerability has been discovered in Argo CD which would allow unauthenticated users to impersonate as any Argo CD user or role, including the admin user, by sending a specifically crafted JSON Web Token JWT along with the request. In order for this vulnerability to be exploited...

CVE-2022-29189 Buffer for inbound DTLS fragments has no limit

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could explo...