kubectl creating secrets from stringData leaves secret in plain text
👉 https://hackerone.com/reports/1102064
🔹 Severity: Low
🔹 Reported To: Kubernetes
🔹 Reported By: #max_lan
🔹 State: ⚪️ Informative
🔹 Disclosed: August 21, 2021, 7:32am (UTC)
👉 https://hackerone.com/reports/1102064
🔹 Severity: Low
🔹 Reported To: Kubernetes
🔹 Reported By: #max_lan
🔹 State: ⚪️ Informative
🔹 Disclosed: August 21, 2021, 7:32am (UTC)
CVE-2020-9383 Floppy OOB read
👉 https://hackerone.com/reports/891846
🔹 Severity: High | 💰 750 USD
🔹 Reported To: The Internet
🔹 Reported By: #jordyzomer
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:22am (UTC)
👉 https://hackerone.com/reports/891846
🔹 Severity: High | 💰 750 USD
🔹 Reported To: The Internet
🔹 Reported By: #jordyzomer
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:22am (UTC)
Local Privilege Escalation during execution of VeraCryptExpander.exe (UAC bypass)
👉 https://hackerone.com/reports/530292
🔹 Severity: Medium | 💰 1,250 USD
🔹 Reported To: VeraCrypt
🔹 Reported By: #penrose
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:30am (UTC)
👉 https://hackerone.com/reports/530292
🔹 Severity: Medium | 💰 1,250 USD
🔹 Reported To: VeraCrypt
🔹 Reported By: #penrose
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:30am (UTC)
Several protocol parsers in before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal()
👉 https://hackerone.com/reports/800324
🔹 Severity: Critical | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #bags
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:50am (UTC)
👉 https://hackerone.com/reports/800324
🔹 Severity: Critical | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #bags
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:50am (UTC)
CVE-2020-10938-buffer overflow/out-of-bounds write in compress.c:HuffmanDecodeImage()
👉 https://hackerone.com/reports/816637
🔹 Severity: Critical | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #nathaniellives
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:54am (UTC)
👉 https://hackerone.com/reports/816637
🔹 Severity: Critical | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #nathaniellives
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:54am (UTC)
CVE-2017-13019: The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print()
👉 https://hackerone.com/reports/802896
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #bags
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:55am (UTC)
👉 https://hackerone.com/reports/802896
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #bags
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:55am (UTC)
CVE-2017-13050: The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print()
👉 https://hackerone.com/reports/802863
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #bags
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:56am (UTC)
👉 https://hackerone.com/reports/802863
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #bags
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:56am (UTC)
The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print()
👉 https://hackerone.com/reports/802846
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #bags
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:56am (UTC)
👉 https://hackerone.com/reports/802846
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Data Processing (IBB)
🔹 Reported By: #bags
🔹 State: 🟢 Resolved
🔹 Disclosed: August 22, 2021, 3:56am (UTC)
GitHub Integration doesn't sanitize repository URLs which might be attacker-controlled
👉 https://hackerone.com/reports/1197160
🔹 Severity: Low | 💰 512 USD
🔹 Reported To: New Relic
🔹 Reported By: #dee-see
🔹 State: 🟢 Resolved
🔹 Disclosed: August 23, 2021, 7:39pm (UTC)
👉 https://hackerone.com/reports/1197160
🔹 Severity: Low | 💰 512 USD
🔹 Reported To: New Relic
🔹 Reported By: #dee-see
🔹 State: 🟢 Resolved
🔹 Disclosed: August 23, 2021, 7:39pm (UTC)
Hackers can find out the ID of private programs
👉 https://hackerone.com/reports/1129649
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #haxta4ok00
🔹 State: 🟢 Resolved
🔹 Disclosed: August 24, 2021, 3:10am (UTC)
👉 https://hackerone.com/reports/1129649
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #haxta4ok00
🔹 State: 🟢 Resolved
🔹 Disclosed: August 24, 2021, 3:10am (UTC)
The possibility of disrupting the normal operation of frontend using markdown
👉 https://hackerone.com/reports/1138668
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #haxta4ok00
🔹 State: 🟢 Resolved
🔹 Disclosed: August 24, 2021, 3:19am (UTC)
👉 https://hackerone.com/reports/1138668
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #haxta4ok00
🔹 State: 🟢 Resolved
🔹 Disclosed: August 24, 2021, 3:19am (UTC)
Hackers can reveal the names of private programs that have an external link
👉 https://hackerone.com/reports/1127455
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #haxta4ok00
🔹 State: ⚪️ Informative
🔹 Disclosed: August 24, 2021, 3:20am (UTC)
👉 https://hackerone.com/reports/1127455
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #haxta4ok00
🔹 State: ⚪️ Informative
🔹 Disclosed: August 24, 2021, 3:20am (UTC)
Hackers can reveal the names of private programs that have an external link and Enterprise Product Edition
👉 https://hackerone.com/reports/1130235
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #haxta4ok00
🔹 State: 🟢 Resolved
🔹 Disclosed: August 24, 2021, 4:13am (UTC)
👉 https://hackerone.com/reports/1130235
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #haxta4ok00
🔹 State: 🟢 Resolved
🔹 Disclosed: August 24, 2021, 4:13am (UTC)
Attachment object in GraphQL continues to grant access to files, even if they are removed from rendering
👉 https://hackerone.com/reports/1132606
🔹 Severity: Medium
🔹 Reported To: HackerOne
🔹 Reported By: #haxta4ok00
🔹 State: 🟢 Resolved
🔹 Disclosed: August 24, 2021, 4:15am (UTC)
👉 https://hackerone.com/reports/1132606
🔹 Severity: Medium
🔹 Reported To: HackerOne
🔹 Reported By: #haxta4ok00
🔹 State: 🟢 Resolved
🔹 Disclosed: August 24, 2021, 4:15am (UTC)
Disclosure handle private program with external link
👉 https://hackerone.com/reports/1276992
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #haxta4ok00
🔹 State: 🟢 Resolved
🔹 Disclosed: August 24, 2021, 4:48pm (UTC)
👉 https://hackerone.com/reports/1276992
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #haxta4ok00
🔹 State: 🟢 Resolved
🔹 Disclosed: August 24, 2021, 4:48pm (UTC)
Enumerating HackerOne Pentests
👉 https://hackerone.com/reports/1139541
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #whhackersbr
🔹 State: ⚪️ Informative
🔹 Disclosed: August 25, 2021, 3:40am (UTC)
👉 https://hackerone.com/reports/1139541
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #whhackersbr
🔹 State: ⚪️ Informative
🔹 Disclosed: August 25, 2021, 3:40am (UTC)
[Python] CWE-943: Add NoSQL Injection Query
👉 https://hackerone.com/reports/1319271
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: August 25, 2021, 8:01pm (UTC)
👉 https://hackerone.com/reports/1319271
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: August 25, 2021, 8:01pm (UTC)
[C#]: Deserialization sinks
👉 https://hackerone.com/reports/1319270
🔹 Severity: High
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: August 25, 2021, 8:01pm (UTC)
👉 https://hackerone.com/reports/1319270
🔹 Severity: High
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: August 25, 2021, 8:01pm (UTC)
Buffer overflow in PyCArg_repr in _ctypes/callproc.c for Python 3.x to 3.9.1
👉 https://hackerone.com/reports/1084342
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Python (IBB)
🔹 Reported By: #jordyzomer
🔹 State: 🟢 Resolved
🔹 Disclosed: August 25, 2021, 8:32pm (UTC)
👉 https://hackerone.com/reports/1084342
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Python (IBB)
🔹 Reported By: #jordyzomer
🔹 State: 🟢 Resolved
🔹 Disclosed: August 25, 2021, 8:32pm (UTC)
Two out-of-bounds array reads in Python AST builder (Re-opening 520612 with CVEs)
👉 https://hackerone.com/reports/746766
🔹 Severity: Medium | 💰 2,000 USD
🔹 Reported To: Python (IBB)
🔹 Reported By: #blarsen
🔹 State: 🟢 Resolved
🔹 Disclosed: August 25, 2021, 8:51pm (UTC)
👉 https://hackerone.com/reports/746766
🔹 Severity: Medium | 💰 2,000 USD
🔹 Reported To: Python (IBB)
🔹 Reported By: #blarsen
🔹 State: 🟢 Resolved
🔹 Disclosed: August 25, 2021, 8:51pm (UTC)
[CVE-2021-29156] LDAP Injection at https://██████
👉 https://hackerone.com/reports/1278891
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #whoisbinit
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:33pm (UTC)
👉 https://hackerone.com/reports/1278891
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #whoisbinit
🔹 State: 🟢 Resolved
🔹 Disclosed: August 26, 2021, 7:33pm (UTC)