Hi 👋
| N° | CVE | Severity | Description |
|---|---|---|---|
| 1 | CVE-2022-1993 | High | Path Traversal vulnerability on the endpoint '/info/refs' in gogs/gogs |
| 2 | CVE-2022-3607 | Medium | ZipSlip Symlink variant allows to read any file within OctoPrint Box in octoprint/octoprint |
| 3 | CVE-2022-23530 | Medium | GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package |
| 4 | CVE-2023-25804 | Medium | Limited Path Traversal in name parameter hap-wi/roxy-wi |
| 5 | CVE-2023-25803 CVE-2023-25802 | High | Directory Traversal vulnerability in hap-wi/roxy-wi |
| 6 | CVE-2022-23522 | High | Arbitrary File Write when Extracting Tarballs retrieved from a remote location using shutil.unpack_archive() |
| 7 | CVE-2023-30620 | High | Arbitrary File Write when Extracting a Remotely retrieved Tarball using Tarfile.extractall() in mindsdb/mindsdb |
| 8 | CVE-2023-31131 | Medium | Arbitrary File Write when Extracting Tarballs retrieved from a remote location using shutil.unpack_archive() in greenplum-db/gpdb |
| 9 | CVE-2023-35932 | High | Configuration Injection in tanghaibao/jcvi due to unsanitized user input |
| 10 | GHSA-373w-rj84-pv6x | Low | Hostname blocklist does not block FQDNs in IncludeSecurity/safeurl-python |
| 11 | CVE-2023-39911 | Medium | --- |
| 12 | CVE-2023-42183 | Low | A Post-Unicode Normalization Vulnerability in lockss/lockss-daemon |
| 13 | CVE-2023-41889 | Medium | Late-Unicode normalization vulnerability in shirasagi/shirasagi |
| 14 | CVE-2023-52081 | Low | Late-Unicode normalization vulnerability in ewen-lbh/ffcss |
| 15 | CVE-2024-21623 | Critical | Arbitrary Expression Injection in github workflow leads to Command execution & leaking secrets in mehah/otclient |
| 16 | CVE-2024-23343 | Medium | |
| 17 | CVE-2024-23826 | Medium | Uploading an image with a specific filename causes a server-side DoS in spbu-se/spbu_se_site |
| 18 | CVE-2024-24759 | Critical | Bypass SSRF Protection with DNS Rebinding in mindsdb/mindsdb |
| 19 | CVE-2024-0081 | High | Unicode use in a user-controlled filename may cause a server-side DoS in Nvidia/NeMo - Nvidia security acknowledgement |
| 20 | CVE-2024-32874 | Medium | Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service |
| 21 | GHSA-9gw7-hxgx-f6rv | Medium | Malicious Long Unicode filenames may cause an Application-level Denial of Service |
| 22 | CVE-2024-1211 | Medium | Require confirmation before linking JWT identity on Gitlab Blog |
| 23 | CVE-2024-35231 | High | Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter |
| 24 | CVE-2024-45412 | Medium | Potential Denial of Service due to the One Milion Unicode characters attack |
| 25 | CVE-2024-8124 | High | Denial of Service via sending a large glm_source parameter in GitLab |
| 26 | CVE-2024-47830 | Critical | Server side request forgery via /_next/image endpoint on makeplane/plane |
✨ Feel free to subscribe to my little newsletter sim4n6.beehiiv.com.
Some of the articles already published :
💬 By the way, I'm looking for a remote opportunity ...
⚡sim4n6 AT gmail.com ⚡