CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-22484 – Inefficient Quadratic complexity bug in handle_pointy_brace may lead to a denial of service
https://notcve.org/view.php?id=CVE-2023-22484
23 Jan 2023 — cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7. cmark-gfm es la bifurcación de GitHub de cmark, una librería y programa de análisis y representación de CommonMark en C. Las versiones anteriores a 0.29.0.gfm.7 están sujetas a un proble... • https://github.com/github/cmark-gfm/security/advisories/GHSA-24f7-9frr-5h2r • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-22483 – cmark-gfm Quadratic complexity bugs may lead to a denial of service
https://notcve.org/view.php?id=CVE-2023-22483
23 Jan 2023 — cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands, when piped to cmark-gfm with large values, cause the running time to increase quadratically. These vulnerabilities have been patched in version 0.29.0.gfm.7. cmark-gfm es la bifurcación de GitHub de cmark, una libr... • https://github.com/github/cmark-gfm/security/advisories/GHSA-29g3-96g3-jg6c • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-23739 – Incorrect authorization check in GitHub Enterprise Server leading to escalation of privileges in GraphQL API requests from GitHub Apps using scoped user-to-server tokens
https://notcve.org/view.php?id=CVE-2022-23739
17 Jan 2023 — An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app installed on an organization to gain access to and modify most organization-level resources that are not tied to a repository regardless of granted permissions, such as users and organization-wide projects. Resources associated with repositories were not impacted, such as repository file content, repository-spec... • https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.16 • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-46258 – Incorrect Authorization in GitHub Enterprise Server leads to Action Workflow modifications without Workflow Scope
https://notcve.org/view.php?id=CVE-2022-46258
09 Jan 2023 — An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This vulnerability affected all versions of GitHub Enterprise Server prior to version 3.7 and was fixed in versions 3.3.16, 3.4.11, 3.5.8, and 3.6.4. This vulnerability was reported via the GitHub Bug Bounty program. Se identificó una vul... • https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.16 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10031 – purpleparrots 491-Project Highscore update.php sql injection
https://notcve.org/view.php?id=CVE-2015-10031
08 Jan 2023 — A vulnerability classified as critical was found in purpleparrots 491-Project. This vulnerability affects unknown code of the file update.php of the component Highscore Handler. The manipulation leads to sql injection. The name of the patch is a812a5e4cf72f2a635a716086fe1ee2b8fa0b1ab. It is recommended to apply a patch to fix this issue. • https://github.com/purpleparrots/491-Project/commit/a812a5e4cf72f2a635a716086fe1ee2b8fa0b1ab • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-25084 – Hide Files on GitHub options.js addEventListener cross site scripting
https://notcve.org/view.php?id=CVE-2019-25084
25 Dec 2022 — A vulnerability, which was classified as problematic, has been found in Hide Files on GitHub up to 2.x. This issue affects the function addEventListener of the file extension/options.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.0.0 is able to address this issue. • https://github.com/sindresorhus/hide-files-on-github/commit/9de0c57df81db1178e0e79431d462f6d9842742e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 3%CPEs: 5EXPL: 0CVE-2022-46256 – Path traversal in GitHub Enterprise Server leading to remote code execution in GitHub Pages
https://notcve.org/view.php?id=CVE-2022-46256
14 Dec 2022 — A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5 and 3.7.2. This vulnerability was reported via the GitHub Bug Bounty program. Se identificó una vulnerabilidad de path traversal en GitHub Enterprise Server que permitía la eje... • https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 0CVE-2022-46255 – Improper Limitation of a Pathname to a Restricted Directory in GitHub Enterprise Server leading to RCE
https://notcve.org/view.php?id=CVE-2022-46255
14 Dec 2022 — An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an arbitrary file overwrite bug. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program. Se identificó una limitación inadecua... • https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-23741 – Incorrect authorization in GitHub Enterprise Server token generation leading to full admin access
https://notcve.org/view.php?id=CVE-2022-23741
14 Dec 2022 — An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program. Se identificó una vulnerabilidad de autorización incorrecta en GitHub Enterprise Server que permitió que un t... • https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17 • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-23737 – Improper Privilege Management in GitHub Enterprise Server leading to page creation and deletion
https://notcve.org/view.php?id=CVE-2022-23737
01 Dec 2022 — An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerability, an attacker would need to be added to an organization's repo with write permissions. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.2.20, 3.3.15, 3.4.10, 3.5.7, and 3.6.3. This vulnerability was reported via the GitHub Bug Bounty program. Se ide... • https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.20 • CWE-269: Improper Privilege Management •