Poddycast is a podcast app made with Electron. Prior to version 0.8.1, an attacker can create a podcast or episode with malicious characters and execute commands on the client machine. The application does not clean the HTML characters of the podcast information obtained from the Feed, which allows the injection of HTML and JS code (cross-site scripting). Being an application made in electron, cross-site scripting can be scaled to remote code execution, making it possible to execute commands on the machine where the application is running. The vulnerability is patched in Poddycast version 0.8.1. (CVSS:0.0) (Last Update:2021-08-03)

Insufficient policy enforcement in Android intents in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious application to obtain potentially sensitive information via a crafted HTML page. (CVSS:0.0) (Last Update:2021-08-03)

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value. (CVSS:0.0) (Last Update:2021-08-02)

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. (CVSS:0.0) (Last Update:2021-08-02)

IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to obtain sensitive information through HTTP requests that could be used in further attacks against the system. (CVSS:0.0) (Last Update:2021-08-02)

crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification. (CVSS:0.0) (Last Update:2021-08-02)

common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison. (CVSS:0.0) (Last Update:2021-08-02)

Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads and indexes. It is not possible to alter the information, nor interact with any other features in the site-admin area. The issue is patched in version 3.30.0, where the information cannot be accessed by unprivileged users. There are no workarounds aside from upgrading. (CVSS:0.0) (Last Update:2021-08-02)