Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-6803 |
A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. Published: December 21, 2023; 4:15:14 PM -0500 |
V4.0:(not available) V3.1: 4.0 MEDIUM V2.0:(not available) |
CVE-2023-6802 |
An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. Published: December 21, 2023; 4:15:14 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-6746 |
An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. Published: December 21, 2023; 4:15:14 PM -0500 |
V4.0:(not available) V3.1: 5.7 MEDIUM V2.0:(not available) |
CVE-2023-6690 |
A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. Published: December 21, 2023; 4:15:14 PM -0500 |
V4.0:(not available) V3.1: 2.0 LOW V2.0:(not available) |
CVE-2023-51380 |
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. Published: December 21, 2023; 4:15:13 PM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2023-51379 |
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. Published: December 21, 2023; 4:15:13 PM -0500 |
V4.0:(not available) V3.1: 4.9 MEDIUM V2.0:(not available) |
CVE-2023-48722 |
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database. Published: December 21, 2023; 4:15:13 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-48720 |
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. Published: December 21, 2023; 4:15:12 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-48718 |
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database. Published: December 21, 2023; 4:15:12 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-48716 |
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_id' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database. Published: December 21, 2023; 4:15:11 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-48689 |
Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'byname' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database. Published: December 21, 2023; 4:15:11 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-48687 |
Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'from' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database. Published: December 21, 2023; 4:15:10 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-48685 |
Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'psd' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. Published: December 21, 2023; 4:15:09 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-46649 |
A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an organization needs to be converted from a user. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. Published: December 21, 2023; 4:15:09 PM -0500 |
V4.0:(not available) V3.1: 7.0 HIGH V2.0:(not available) |
CVE-2023-46648 |
An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pending. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program. Published: December 21, 2023; 4:15:09 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-46647 |
Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0. Published: December 21, 2023; 4:15:08 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-46646 |
Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0. Published: December 21, 2023; 4:15:08 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2023-46645 |
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program. Published: December 21, 2023; 4:15:08 PM -0500 |
V4.0:(not available) V3.1: 4.9 MEDIUM V2.0:(not available) |
CVE-2023-41097 |
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0. Published: December 21, 2023; 4:15:08 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-7042 |
A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service. Published: December 21, 2023; 3:15:09 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |