Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147]()** standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. not ...
Continue Reading
July 13, 2022
According to its self-reported version, the instance of GitLab running on the remote web server is 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, or 15.1 prior to 15.1.1. It is, therefore, affected by a ...
Continue Reading
July 13, 2022
Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsist ...
Continue Reading
July 13, 2022
A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: ...
Continue Reading
July 13, 2022
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. Affected Products: X80 advanced RTU Com ...
Continue Reading
July 13, 2022
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. Affected ...
Continue Reading
July 13, 2022
A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module ...
Continue Reading
July 13, 2022
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the ...
Continue Reading
July 13, 2022
Back to Main
