Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147]()** standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. not ...
Continue Reading
June 16, 2022
Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147]()** standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. not ...
Continue Reading
June 16, 2022
### Impact **This issue only applies to applications starting authorization sessions using an explicit initial `nonce`.** When [`Context::start_auth_session`](https://docs.rs/tss-esapi/7.0.1/tss_esapi ...
Continue Reading
June 16, 2022
### Impact A [vulnerability](https://www.cve.org/CVERecord?id=CVE-2022-24785) in an upstream library means an authenticated attacker can abuse locale input to execute arbitrary commands from a file th ...
Continue Reading
June 16, 2022
### Impact The /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to be kept in the EdgeX secret st ...
Continue Reading
June 16, 2022
### Impact A path traversal issue was found in the (g *GitArtifactReader).Read() API. Read() calls into (g *GitArtifactReader).readFromRepository() that opens and reads the file that contains the trig ...
Continue Reading
June 16, 2022
### Impact Several `HandleRoute` endpoints make use of the deprecated `ioutil.ReadAll()`. `ioutil.ReadAll()` reads all the data into memory. As such, an attacker who sends a large request to the Argo ...
Continue Reading
June 16, 2022
`rdiff` performs a diff of two provided strings or files. As part of its reading code it uses the return value of a `Read` instance to set the length of its internal character vector. If the `Read` im ...
Continue Reading
June 16, 2022
Back to Main
