Skip to content

Sim4n6/Sim4n6

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 

Repository files navigation

Hi 👋

CVE Severity Description
1 CVE-2022-1993 High Path Traversal vulnerability on the endpoint '/info/refs' in gogs/gogs
2 CVE-2022-3607 Medium ZipSlip Symlink variant allows to read any file within OctoPrint Box in octoprint/octoprint
3 CVE-2022-23530 Medium GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package
4 CVE-2023-25804 Medium Limited Path Traversal in name parameter hap-wi/roxy-wi
5 CVE-2023-25803 CVE-2023-25802 High Directory Traversal vulnerability in hap-wi/roxy-wi
6 CVE-2022-23522 High Arbitrary File Write when Extracting Tarballs retrieved from a remote location using shutil.unpack_archive()
7 CVE-2023-30620 High Arbitrary File Write when Extracting a Remotely retrieved Tarball using Tarfile.extractall() in mindsdb/mindsdb
8 CVE-2023-31131 Medium Arbitrary File Write when Extracting Tarballs retrieved from a remote location using shutil.unpack_archive() in greenplum-db/gpdb
9 CVE-2023-35932 High Configuration Injection in tanghaibao/jcvi due to unsanitized user input
10 GHSA-373w-rj84-pv6x Low Hostname blocklist does not block FQDNs in IncludeSecurity/safeurl-python
11 CVE-2023-39911 Medium ---
12 CVE-2023-42183 Low A Post-Unicode Normalization Vulnerability in lockss/lockss-daemon
13 CVE-2023-41889 Medium Late-Unicode normalization vulnerability in shirasagi/shirasagi
14 CVE-2023-52081 Low Late-Unicode normalization vulnerability in ewen-lbh/ffcss
15 CVE-2024-21623 Critical Arbitrary Expression Injection in github workflow leads to Command execution & leaking secrets in mehah/otclient
16 CVE-2024-23343 Medium
17 CVE-2024-23826 Medium Uploading an image with a specific filename causes a server-side DoS in spbu-se/spbu_se_site
18 CVE-2024-24759 Critical Bypass SSRF Protection with DNS Rebinding in mindsdb/mindsdb
19 CVE-2024-0081 High Unicode use in a user-controlled filename may cause a server-side DoS in Nvidia/NeMo - Nvidia security acknowledgement
20 CVE-2024-32874 Medium Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
21 GHSA-9gw7-hxgx-f6rv Medium Malicious Long Unicode filenames may cause an Application-level Denial of Service
22 CVE-2024-1211 Medium Require confirmation before linking JWT identity on Gitlab Blog
23 CVE-2024-35231 High Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter
24 CVE-2024-45412 Medium Potential Denial of Service due to the One Milion Unicode characters attack
25 CVE-2024-8124 High Denial of Service via sending a large glm_source parameter in GitLab
26 CVE-2024-47830 Critical Server side request forgery via /_next/image endpoint on makeplane/plane

✨ Feel free to subscribe to my little newsletter sim4n6.beehiiv.com.

Some of the articles already published :

Subject Publication Date
1 Unicode characters to Bypass Security Checks x
2 The One Million Unicode Denial Of Service Attack x
3 How CodeQL works: Summary x
4 Arbitrary Configuration Injection x
5 Application-level Denial of Service using Unconstrained number x

💬 By the way, I'm looking for a remote opportunity ...

sim4n6 AT gmail.com

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published