Monthly Archive: May 2022

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. This issue could be used in a more sophisticated...

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of...

The Web Server component of TIBCO Software Inc.’s TIBCO BusinessConnect Trading Community Management contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute Cross-Site Request Forgery (CSRF) on the...

The Web Server component of TIBCO Software Inc.’s TIBCO BusinessConnect Trading Community Management contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow an unauthenticated attacker with network access to execute scripts targeting...

The Web Server component of TIBCO Software Inc.’s TIBCO BusinessConnect Trading Community Management contains easily exploitable vulnerabilities that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on...

Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV. Date published : 2022-05-18 https://huntr.dev/bounties/9c312763-41a6-4fc7-827b-269eb86efcbc https://github.com/gpac/gpac/commit/c535bad50d5812d27ee5b22b54371bddec411514

Cross-site Scripting (XSS) – Generic in GitHub repository erudika/para prior to v1.45.11. Date published : 2022-05-18 https://huntr.dev/bounties/7555693f-94e4-4183-98cb-3497da6df028 https://github.com/erudika/para/commit/9d844f31333475a0394dd14b901ea50674b281f8

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7. Date published : 2022-05-18 https://huntr.dev/bounties/6ac07c49-bb7f-47b5-b361-33e6757b8757 https://github.com/jgraph/drawio/commit/c63f3a04450f30798df47f9badbc74eb8a69fbdf

Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. Date published : 2022-05-18 https://huntr.dev/bounties/faa74175-5317-4b71-a363-dfc39094ecbb https://github.com/vim/vim/commit/51f0bfb88a3554ca2dde777d78a59880d1ee37a8

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7. Date published : 2022-05-18 https://huntr.dev/bounties/b1ce040c-9ed1-4d36-9b48-82df42310868 https://github.com/jgraph/drawio/commit/c63f3a04450f30798df47f9badbc74eb8a69fbdf

A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. Date published : 2022-05-18...

Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6. Date published : 2022-05-18 https://huntr.dev/bounties/b242e806-fc8c-41c0-aad7-e0c9c37ecdee https://github.com/jgraph/drawio/commit/4deecee18191f67e242422abf3ca304e19e49687

Cross-site Scripting (XSS) – Generic in GitHub repository octoprint/octoprint prior to 1.8.0. Date published : 2022-05-18 https://huntr.dev/bounties/cb545c63-a3c1-4d57-8f06-e4593ab389bf https://github.com/octoprint/octoprint/commit/6d259d7e6f5b0de9a1c762831537a386e53978d3

Cross-site Scripting (XSS) – DOM in GitHub repository octoprint/octoprint prior to 1.8.0. Date published : 2022-05-18 https://huntr.dev/bounties/0cd30d71-1e32-4a0b-b4c3-faaa1907b541 https://github.com/octoprint/octoprint/commit/8087528e4a7ddd15c7d95ff662deb5ef7de90045