CVE-2022-27780: percent-encoded path separator in URL host
π https://hackerone.com/reports/1553841
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #haxatron1
πΉ State: π’ Resolved
πΉ Disclosed: May 11, 2022, 3:33pm (UTC)
π https://hackerone.com/reports/1553841
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #haxatron1
πΉ State: π’ Resolved
πΉ Disclosed: May 11, 2022, 3:33pm (UTC)
π1
CVE-2022-30115: HSTS bypass via trailing dot
π https://hackerone.com/reports/1557449
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #haxatron1
πΉ State: π’ Resolved
πΉ Disclosed: May 11, 2022, 3:33pm (UTC)
π https://hackerone.com/reports/1557449
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #haxatron1
πΉ State: π’ Resolved
πΉ Disclosed: May 11, 2022, 3:33pm (UTC)
Remote kernel heap overflow
π https://hackerone.com/reports/1350653
πΉ Severity: High | π° 10,000 USD
πΉ Reported To: PlayStation
πΉ Reported By: #m00nbsd
πΉ State: π’ Resolved
πΉ Disclosed: May 11, 2022, 6:09pm (UTC)
π https://hackerone.com/reports/1350653
πΉ Severity: High | π° 10,000 USD
πΉ Reported To: PlayStation
πΉ Reported By: #m00nbsd
πΉ State: π’ Resolved
πΉ Disclosed: May 11, 2022, 6:09pm (UTC)
π2π₯2π2β€1
Storage of old passwords in plain text format
π https://hackerone.com/reports/1549217
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: Recorded Future
πΉ Reported By: #subuganz
πΉ State: π’ Resolved
πΉ Disclosed: May 12, 2022, 1:06pm (UTC)
π https://hackerone.com/reports/1549217
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: Recorded Future
πΉ Reported By: #subuganz
πΉ State: π’ Resolved
πΉ Disclosed: May 12, 2022, 1:06pm (UTC)
SQL Injection on βββββ
π https://hackerone.com/reports/277380
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #cdl
πΉ State: π’ Resolved
πΉ Disclosed: May 12, 2022, 7:57pm (UTC)
π https://hackerone.com/reports/277380
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #cdl
πΉ State: π’ Resolved
πΉ Disclosed: May 12, 2022, 7:57pm (UTC)
SQL Injection on https://ββββββββ/
π https://hackerone.com/reports/232378
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #cdl
πΉ State: π’ Resolved
πΉ Disclosed: May 12, 2022, 7:59pm (UTC)
π https://hackerone.com/reports/232378
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #cdl
πΉ State: π’ Resolved
πΉ Disclosed: May 12, 2022, 7:59pm (UTC)
CVE-2020-3187 - Unauthenticated Arbitrary File Deletion
π https://hackerone.com/reports/1555025
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #ghostxsec
πΉ State: π’ Resolved
πΉ Disclosed: May 12, 2022, 8:00pm (UTC)
π https://hackerone.com/reports/1555025
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #ghostxsec
πΉ State: π’ Resolved
πΉ Disclosed: May 12, 2022, 8:00pm (UTC)
CVE-2020-3187 - Unauthenticated Arbitrary File Deletion
π https://hackerone.com/reports/1555027
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #ghostxsec
πΉ State: π’ Resolved
πΉ Disclosed: May 12, 2022, 8:01pm (UTC)
π https://hackerone.com/reports/1555027
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #ghostxsec
πΉ State: π’ Resolved
πΉ Disclosed: May 12, 2022, 8:01pm (UTC)
[CVE-2020-3452] Unauthenticated file read in Cisco ASA
π https://hackerone.com/reports/1555021
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #ghostxsec
πΉ State: π’ Resolved
πΉ Disclosed: May 12, 2022, 8:02pm (UTC)
π https://hackerone.com/reports/1555021
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #ghostxsec
πΉ State: π’ Resolved
πΉ Disclosed: May 12, 2022, 8:02pm (UTC)
[CVE-2020-3452] Unauthenticated file read in Cisco ASA
π https://hackerone.com/reports/1555015
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #ghostxsec
πΉ State: π’ Resolved
πΉ Disclosed: May 12, 2022, 8:03pm (UTC)
π https://hackerone.com/reports/1555015
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #ghostxsec
πΉ State: π’ Resolved
πΉ Disclosed: May 12, 2022, 8:03pm (UTC)
CVE-2022-27782: TLS and SSH connection too eager reuse
π https://hackerone.com/reports/1565624
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #nyymi
πΉ State: π’ Resolved
πΉ Disclosed: May 12, 2022, 8:31pm (UTC)
π https://hackerone.com/reports/1565624
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #nyymi
πΉ State: π’ Resolved
πΉ Disclosed: May 12, 2022, 8:31pm (UTC)
CVE-2022-27778: curl removes wrong file on error
π https://hackerone.com/reports/1565623
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #nyymi
πΉ State: π’ Resolved
πΉ Disclosed: May 12, 2022, 8:32pm (UTC)
π https://hackerone.com/reports/1565623
πΉ Severity: Medium | π° 2,400 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #nyymi
πΉ State: π’ Resolved
πΉ Disclosed: May 12, 2022, 8:32pm (UTC)
[Java]: CWE-321 - Query to detect hardcoded JWT secret keys
π https://hackerone.com/reports/1567588
πΉ Severity: Medium
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #not_specified
πΉ State: π’ Resolved
πΉ Disclosed: May 13, 2022, 12:30am (UTC)
π https://hackerone.com/reports/1567588
πΉ Severity: Medium
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #not_specified
πΉ State: π’ Resolved
πΉ Disclosed: May 13, 2022, 12:30am (UTC)
[CPP]: Add query for CWE-190: Integer Overflow or Wraparound when using transform after operation
π https://hackerone.com/reports/1564100
πΉ Severity: Low | π° 500 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #ihsinme
πΉ State: π’ Resolved
πΉ Disclosed: May 13, 2022, 12:31am (UTC)
π https://hackerone.com/reports/1564100
πΉ Severity: Low | π° 500 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #ihsinme
πΉ State: π’ Resolved
πΉ Disclosed: May 13, 2022, 12:31am (UTC)
[Java]: CWE-552 Add sources and sinks to detect unsafe getResource calls in Java EE applications
π https://hackerone.com/reports/1564099
πΉ Severity: Medium | π° 1,800 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #luchua
πΉ State: π’ Resolved
πΉ Disclosed: May 13, 2022, 12:31am (UTC)
π https://hackerone.com/reports/1564099
πΉ Severity: Medium | π° 1,800 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #luchua
πΉ State: π’ Resolved
πΉ Disclosed: May 13, 2022, 12:31am (UTC)
[CPP]: Add query for CWE-754: Improper Check for Unusual or Exceptional Conditions when using functions scanf
π https://hackerone.com/reports/1549073
πΉ Severity: Medium | π° 1,800 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #ihsinme
πΉ State: π’ Resolved
πΉ Disclosed: May 13, 2022, 12:31am (UTC)
π https://hackerone.com/reports/1549073
πΉ Severity: Medium | π° 1,800 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #ihsinme
πΉ State: π’ Resolved
πΉ Disclosed: May 13, 2022, 12:31am (UTC)
[Java] CWE-016: Query to detect insecure configuration of Spring Boot Actuator
π https://hackerone.com/reports/1137966
πΉ Severity: Low | π° 500 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #luchua
πΉ State: π’ Resolved
πΉ Disclosed: May 13, 2022, 12:32am (UTC)
π https://hackerone.com/reports/1137966
πΉ Severity: Low | π° 500 USD
πΉ Reported To: GitHub Security Lab
πΉ Reported By: #luchua
πΉ State: π’ Resolved
πΉ Disclosed: May 13, 2022, 12:32am (UTC)
Cookie injection from non-secure context
π https://hackerone.com/reports/1560324
πΉ Severity: High
πΉ Reported To: curl
πΉ Reported By: #nyymi
πΉ State: π΄ N/A
πΉ Disclosed: May 13, 2022, 6:44am (UTC)
π https://hackerone.com/reports/1560324
πΉ Severity: High
πΉ Reported To: curl
πΉ Reported By: #nyymi
πΉ State: π΄ N/A
πΉ Disclosed: May 13, 2022, 6:44am (UTC)
Memory leak in CURLOPT_XOAUTH2_BEARER
π https://hackerone.com/reports/1567257
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #pappacoda
πΉ State: βͺοΈ Informative
πΉ Disclosed: May 13, 2022, 7:51am (UTC)
π https://hackerone.com/reports/1567257
πΉ Severity: Medium
πΉ Reported To: curl
πΉ Reported By: #pappacoda
πΉ State: βͺοΈ Informative
πΉ Disclosed: May 13, 2022, 7:51am (UTC)
error parse uri path in curl
π https://hackerone.com/reports/1566462
πΉ Severity: High
πΉ Reported To: curl
πΉ Reported By: #iylz
πΉ State: π΄ N/A
πΉ Disclosed: May 13, 2022, 8:34pm (UTC)
π https://hackerone.com/reports/1566462
πΉ Severity: High
πΉ Reported To: curl
πΉ Reported By: #iylz
πΉ State: π΄ N/A
πΉ Disclosed: May 13, 2022, 8:34pm (UTC)
Download full backup [Mtn.co.rw]
π https://hackerone.com/reports/1516520
πΉ Severity: Critical
πΉ Reported To: MTN Group
πΉ Reported By: #ibrahimatix0x01
πΉ State: π’ Resolved
πΉ Disclosed: May 14, 2022, 9:54am (UTC)
π https://hackerone.com/reports/1516520
πΉ Severity: Critical
πΉ Reported To: MTN Group
πΉ Reported By: #ibrahimatix0x01
πΉ State: π’ Resolved
πΉ Disclosed: May 14, 2022, 9:54am (UTC)