Monthly Archive: March 2022

The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.’s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code...

In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is...

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2. Date published : 2022-03-30 https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60 https://github.com/openemr/openemr/commit/2835cc397610fc28037302dad948c38fda032022

Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Date published : 2022-03-30 https://huntr.dev/bounties/0e281ea2-70f7-4ed7-8814-74502eff9dd5 https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c

Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Date published : 2022-03-30 https://huntr.dev/bounties/8025e31f-7dcf-4db9-ab07-06c1e055ab42 https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Date published : 2022-03-30 https://huntr.dev/bounties/5813bd1f-b3aa-44f3-a5c0-aeeee2bf6fa4 https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c

Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0. Date published : 2022-03-30 https://huntr.dev/bounties/0bb2979b-9643-4cdf-ab58-4354976b481b https://github.com/openemr/openemr/commit/a2e918abcf15f9fc1f7cb4a1f2b09ff019021175

Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV. Date published : 2022-03-30 https://huntr.dev/bounties/a26cb79c-9257-4fbf-98c5-a5a331efa264 https://github.com/gpac/gpac/commit/55a183e6b8602369c04ea3836e05436a79fbc7f8

Cross-site Scripting (XSS) – Stored in GitHub repository mineweb/minewebcms prior to next. Date published : 2022-03-30 https://huntr.dev/bounties/44d40f34-c391-40c0-a517-12a2c0258149 https://github.com/mineweb/minewebcms/commit/06ce52c20f208b0bbf24c6480d60332c9dd19428

heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. Date published : 2022-03-30 https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db

Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10. Date published : 2022-03-30 https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1 https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d

Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. Date published : 2022-03-30 https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425 https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5

An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate...

In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an...