VYPR

Vendor CVEs

GitHub

All CVEs

201 total · sorted by risk
  • CVE-2024-3470Apr 19, 2024
    risk 0.00cvss epss 0.01

    An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the…

  • CVE-2024-2748Mar 20, 2024
    risk 0.00cvss epss 0.00

    A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub…

  • CVE-2024-2443Mar 20, 2024
    risk 0.00cvss epss 0.02

    A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to…

  • CVE-2024-2469Mar 20, 2024
    risk 0.00cvss epss 0.02

    An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This…

  • CVE-2024-1908Feb 29, 2024
    risk 0.00cvss epss 0.01

    An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the server instance with…

  • CVE-2024-25129Feb 22, 2024
    risk 0.00cvss epss 0.01

    The CodeQL CLI repo holds binaries for the CodeQL command line interface (CLI). Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML External Entity attack. If a vulnerable version of the CLI is used to process…

  • CVE-2024-20744Feb 15, 2024
    risk 0.00cvss epss 0.00

    Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…

  • CVE-2024-20740Feb 15, 2024
    risk 0.00cvss epss 0.00

    Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…

  • CVE-2024-20742Feb 15, 2024
    risk 0.00cvss epss 0.00

    Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the…

  • CVE-2024-20741Feb 15, 2024
    risk 0.00cvss epss 0.00

    Substance3D - Painter versions 9.1.1 and earlier are affected by a Write-what-where Condition vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2024-20723Feb 15, 2024
    risk 0.00cvss epss 0.00

    Substance3D - Painter versions 9.1.1 and earlier are affected by a Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2024-1482Feb 14, 2024
    risk 0.00cvss epss 0.00

    An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUB_TOKEN. To exploit this vulnerability, an…

  • CVE-2024-1378Feb 13, 2024
    risk 0.00cvss epss 0.02

    A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options. Exploitation of this vulnerability…

  • CVE-2024-1374Feb 13, 2024
    risk 0.00cvss epss 0.03

    A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding. Exploitation of this…

  • CVE-2024-1372Feb 13, 2024
    risk 0.00cvss epss 0.02

    A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. Exploitation of this vulnerability required access to the…

  • CVE-2024-1369Feb 13, 2024
    risk 0.00cvss epss 0.02

    A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collectd configurations. Exploitation of this…

  • CVE-2024-1359Feb 13, 2024
    risk 0.00cvss epss 0.02

    A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. Exploitation of this vulnerability required access to the…

  • CVE-2024-1355Feb 13, 2024
    risk 0.00cvss epss 0.02

    A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of…

  • CVE-2024-1354Feb 13, 2024
    risk 0.00cvss epss 0.02

    A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng` configuration file. Exploitation of this vulnerability required…

  • CVE-2024-1082Feb 13, 2024
    risk 0.00cvss epss 0.01

    A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. To exploit this…

  • CVE-2024-1084Feb 13, 2024
    risk 0.00cvss epss 0.00

    Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created CSRF tokens. This…

  • CVE-2024-22051Jan 4, 2024
    risk 0.00cvss epss 0.01

    CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing…

  • CVE-2023-6847Dec 21, 2023
    risk 0.00cvss epss 0.01

    An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured…

  • CVE-2023-51380Dec 21, 2023
    risk 0.00cvss epss 0.00

    An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12,…

  • CVE-2023-51379Dec 21, 2023
    risk 0.00cvss epss 0.01

    An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and…

  • CVE-2023-46648Dec 21, 2023
    risk 0.00cvss epss 0.01

    An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pending.…

  • CVE-2023-46649Dec 21, 2023
    risk 0.00cvss epss 0.00

    A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an organization needs to be converted from a user. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in…

  • CVE-2023-6804Dec 21, 2023
    risk 0.00cvss epss 0.00

    Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was…

  • CVE-2023-6803Dec 21, 2023
    risk 0.00cvss epss 0.00

    A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

  • CVE-2023-6802Dec 21, 2023
    risk 0.00cvss epss 0.01

    An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise…

  • CVE-2023-6746Dec 21, 2023
    risk 0.00cvss epss 0.01

    An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker…

  • CVE-2023-46645Dec 21, 2023
    risk 0.00cvss epss 0.01

    A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise…

  • CVE-2023-6690Dec 21, 2023
    risk 0.00cvss epss 0.00

    A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and…

  • CVE-2023-46647Dec 21, 2023
    risk 0.00cvss epss 0.01

    Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability…

  • CVE-2023-46646Dec 21, 2023
    risk 0.00cvss epss 0.01

    Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. This…

  • CVE-2023-23766Sep 22, 2023
    risk 0.00cvss epss 0.01

    An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would need write access to the repository. This vulnerability affected all versions…

  • CVE-2023-23763Sep 1, 2023
    risk 0.00cvss epss 0.01

    An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub…

  • CVE-2023-23765Aug 30, 2023
    risk 0.00cvss epss 0.00

    An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability…

  • CVE-2023-28481Aug 14, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key…

  • CVE-2023-28483Aug 14, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration…

  • CVE-2023-28482Aug 14, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the confidentiality of any data uploaded to the remote server. In this scenario,…

  • CVE-2023-23764Jul 27, 2023
    risk 0.00cvss epss 0.00

    An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub…

  • CVE-2023-37463Jul 13, 2023
    risk 0.00cvss epss 0.01

    cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. These…

  • CVE-2021-44476Apr 25, 2023
    risk 0.00cvss epss 0.00

    A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files.

  • CVE-2023-23762Apr 7, 2023
    risk 0.00cvss epss 0.01

    An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created…

  • CVE-2023-23761Apr 7, 2023
    risk 0.00cvss epss 0.00

    An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist's URL. This…

  • CVE-2023-24824Mar 31, 2023
    risk 0.00cvss epss 0.01

    cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing…

  • CVE-2023-26485Mar 31, 2023
    risk 0.00cvss epss 0.01

    cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing…

  • CVE-2023-23760Mar 8, 2023
    risk 0.00cvss epss 0.01

    A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise…

  • CVE-2022-46257Mar 7, 2023
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in…