kanaliena.gr Improper Access Control vulnerability OBB-3833541

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2024-2760 · Mongodb +3 · Mongodb C Driver +3

Name of the Vulnerable Software and Affected Versions: MongoDB C Driver versions prior to 1.25.0 Description: The issue is related to the bson utf8 validate function in the MongoDB C Driver, which can cause an infinite loop when called with certain inputs. This may allow a remote attacker to caus...

DEBIAN-CVE-2023-49295

quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can...

CVE-2024-21638 Azure IPAM solution Elevation of Privilege Vulnerability

Azure IPAM IP Address Management is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assign...

CVE-2024-21651 XWiki Denial of Service attack through attachments

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modification times headers, which when parsed by Tika, could cause a denial of service issue via CPU...

CVE-2024-21650 XWiki Remote Code Execution vulnerability via user registration

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution RCE attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the...

CVE-2023-6738

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagelayerheadercode', 'pagelayerbodyopencode', and 'pagelayerfootercode' meta fields in all versions up to, and including, 1.7.8 due to insufficient input...

CVE-2024-21634 Ion Java StackOverflow vulnerability

Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in ion-java for applications that use ion-java to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the IonValue model and then...

gfoe-conference.de Cross Site Scripting vulnerability OBB-3827714

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-6600 OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. <= 5.7.9 - Missing Authorization to Unauthenticated Directory Deletion and Cross-Site Scripting

The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the updatesettings function hooked via admininit in all versions up to, and including, 5.7.9. Th...

special-education-degree.net Cross Site Scripting vulnerability OBB-3827308

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

serramentipvctorino.eu Improper Access Control vulnerability OBB-3825878

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

lamaisongueth.eu Improper Access Control vulnerability OBB-3824779

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

gecoo.eu Improper Access Control vulnerability OBB-3824548

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-51449 Make the `/file` secure against file traversal attacks

Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of gradio prior to 4.11.0 contained a vulnerability in the /file route which made them susceptible to file traversal...

kgv-klingenberg.de Improper Access Control vulnerability OBB-3819191

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

rossopuro.com Improper Access Control vulnerability OBB-3809401

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

rextrack.com Cross Site Scripting vulnerability OBB-3809261

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

restauranteelparral.com Improper Access Control vulnerability OBB-3809046

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Updated vim packages fix security vulnerabilities

The updated packages fix security vulnerabilities When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. CVE-2023-48231 A floating point exception may occur when calculating the line offset for...