Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147]()** standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. not ...
Continue Reading01 июня, 2022
chromium is vulnerable to privilege escalation. The vulnerability exists through the file system api componentRead More ...
Continue Reading01 июня, 2022
chromium is vulnerable to improper validation. The vulnerability exists due to insufficient policy enforcement in File System API which allows an attacker to gain access to the system.Read More ...
Continue Reading01 июня, 2022
### Impact One can ask for any file located in the classloader using the template API and a path with ".." in it. For example ``` {{template name="../xwiki.hbm.xml"/}} ``` To our knownledge none of t ...
Continue Reading01 июня, 2022
During an **X25519** key exchange, the clients private is generated with [**System.Random**](https://docs.microsoft.com/en-us/dotnet/api/system.random): ```cs var rnd = new Random(); _privateKey = n ...
Continue Reading01 июня, 2022
BigBlueButton is an open source web conferencing system. Starting with version 2.2 and prior to versions 2.3.9 and 2.4-beta-1, an attacker can circumvent access controls to obtain the content of publi ...
Continue Reading01 июня, 2022
BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and prior to 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service (ReDoS) attacks. ...
Continue Reading01 июня, 2022
Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147]()** standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. not ...
Continue Reading01 июня, 2022
Back to Main