Enterprise
by GitHub
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-2055 | Hig | 0.49 | 7.5 | 0.01 | Apr 5, 2012 | GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass assignment"… | ||
| CVE-2017-18365 | 0.06 | — | 0.41 | Mar 28, 2019 | The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code.… | |||
| CVE-2018-19753 | 0.06 | — | 0.77 | Dec 5, 2018 | Tarantella Enterprise before 3.11 allows Directory Traversal. | |||
| CVE-2005-4456 | 0.03 | — | 0.05 | Dec 21, 2005 | Multiple buffer overflows in MailEnable Professional 1.71 and Enterprise 1.1 before patch ME-10009 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) LIST, (2) LSUB, and (3) UID FETCH commands. NOTE: it is possible that… | |||
| CVE-2002-0296 | 0.03 | — | 0.00 | May 31, 2002 | The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file. | |||
| CVE-2002-0211 | 0.03 | — | 0.00 | May 16, 2002 | Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed. | |||
| CVE-2023-28482 | 0.00 | — | 0.00 | Aug 14, 2023 | An issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the confidentiality of any data uploaded to the remote server. In this scenario,… | |||
| CVE-2023-28481 | 0.00 | — | 0.00 | Aug 14, 2023 | An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key… | |||
| CVE-2023-28483 | 0.00 | — | 0.00 | Aug 14, 2023 | An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration… | |||
| CVE-2021-44476 | 0.00 | — | 0.00 | Apr 25, 2023 | A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files. | |||
| CVE-2018-17168 | 0.00 | — | 0.00 | Apr 18, 2019 | PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer (Disable, Approve, etc). | |||
| CVE-2018-17167 | 0.00 | — | 0.00 | Mar 20, 2019 | PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access… | |||
| CVE-2018-19936 | 0.00 | — | 0.00 | Dec 17, 2018 | PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion. | |||
| CVE-2018-19754 | 0.00 | — | 0.01 | Dec 5, 2018 | Tarantella Enterprise before 3.11 allows bypassing Access Control. | |||
| CVE-2002-0203 | 0.00 | — | 0.00 | May 16, 2002 | ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux, and 3.1x and 3.0x including 3.11.903, allows remote attackers to view directory contents via an empty pg parameter. |
- risk 0.49cvss 7.5epss 0.01
GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass assignment"…
- CVE-2017-18365Mar 28, 2019risk 0.06cvss —epss 0.41
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code.…
- CVE-2018-19753Dec 5, 2018risk 0.06cvss —epss 0.77
Tarantella Enterprise before 3.11 allows Directory Traversal.
- CVE-2005-4456Dec 21, 2005risk 0.03cvss —epss 0.05
Multiple buffer overflows in MailEnable Professional 1.71 and Enterprise 1.1 before patch ME-10009 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) LIST, (2) LSUB, and (3) UID FETCH commands. NOTE: it is possible that…
- CVE-2002-0296May 31, 2002risk 0.03cvss —epss 0.00
The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file.
- CVE-2002-0211May 16, 2002risk 0.03cvss —epss 0.00
Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed.
- CVE-2023-28482Aug 14, 2023risk 0.00cvss —epss 0.00
An issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the confidentiality of any data uploaded to the remote server. In this scenario,…
- CVE-2023-28481Aug 14, 2023risk 0.00cvss —epss 0.00
An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key…
- CVE-2023-28483Aug 14, 2023risk 0.00cvss —epss 0.00
An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration…
- CVE-2021-44476Apr 25, 2023risk 0.00cvss —epss 0.00
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files.
- CVE-2018-17168Apr 18, 2019risk 0.00cvss —epss 0.00
PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer (Disable, Approve, etc).
- CVE-2018-17167Mar 20, 2019risk 0.00cvss —epss 0.00
PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access…
- CVE-2018-19936Dec 17, 2018risk 0.00cvss —epss 0.00
PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion.
- CVE-2018-19754Dec 5, 2018risk 0.00cvss —epss 0.01
Tarantella Enterprise before 3.11 allows bypassing Access Control.
- CVE-2002-0203May 16, 2002risk 0.00cvss —epss 0.00
ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux, and 3.1x and 3.0x including 3.11.903, allows remote attackers to view directory contents via an empty pg parameter.