Enterprise
by GitHub
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-18365 | Cri | 0.68 | 9.8 | 0.21 | Mar 28, 2019 | The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code.… | ||
| CVE-2012-2055 | Hig | 0.49 | 7.5 | 0.02 | Apr 5, 2012 | GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass assignment"… | ||
| CVE-2026-8606 | Med | 0.38 | 5.9 | 0.00 | May 27, 2026 | A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal… | ||
| CVE-2002-0296 | 0.03 | — | 0.01 | May 31, 2002 | The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file. | |||
| CVE-2002-0211 | 0.03 | — | 0.01 | May 16, 2002 | Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed. |
- risk 0.68cvss 9.8epss 0.21
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code.…
- risk 0.49cvss 7.5epss 0.02
GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass assignment"…
- risk 0.38cvss 5.9epss 0.00
A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal…
- CVE-2002-0296May 31, 2002risk 0.03cvss —epss 0.01
The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file.
- CVE-2002-0211May 16, 2002risk 0.03cvss —epss 0.01
Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed.