CVE-2021-22863 Improper access control in GitHub Enterprise Server leading to unauthorized changes to maintainer permissions on pull requests

An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...

Design/Logic Flaw

TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs...

CVE-2020-36199

TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places...

Kaspersky TinyCheck Trust Management Issues Vulnerability

Kaspersky TinyCheck is a software from the Russian company Kaspersky that captures network communications from smartphones or any device that can be associated with a Wi-Fi access point. TinyCheck before commits 9fd360d and ea53de8 suffers from a security vulnerability that stems from an...

PT-2021-4086 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.8 through 13.10.4 GitLab CE/EE versions 13.11 through 13.11.4 GitLab CE/EE versions 13.12 through 13.12.1 Description: The issue is related to errors in the x509 certificate authentication procedure, which could be...

CVE-2020-28086

pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the password. If an attacker controls the central Git server or one of the other members' machines, a...

DEBIAN-CVE-2020-28086

pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the password. If an attacker controls the central Git server or one of the other members' machines, a...

CVE-2020-28086

pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the password. If an attacker controls the central Git server or one of the other members' machines, a...

CVE-2020-28086

pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the password. If an attacker controls the central Git server or one of the other members' machines, a...

PYSEC-2020-282

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the Shard API in TensorFlow expects the last argument to be a function taking two int64 i.e., long long arguments. However, there are several places in TensorFlow where a lambda taking int or int32 arguments is being used. In...

Commit Stream - OSINT Tool For Finding Github Repositories By Extracting Commit Logs In Real Time From The Github Event API

commit-stream drinks commit logs from the Github event firehose exposing the author details name and email address associated with Github repositories in real time. OSINT / Recon uses for Redteamers / Bug bounty hunters: Uncover repositories which employees of a target company is commiting code...

Denial Of Service (DoS)

github.com/tendermint/tendermint is vulnerable to denial of service DoS. The vulnerability exists as it allowed signatures to be included for the wrong block, causing the commits not to validate and invalidating the proposed blocks...

Arbitrary File Read in Snyk Broker

All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API...

GHSA-45HW-29X7-9X95 Arbitrary File Read in Snyk Broker

All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API...

snyk-broker information disclosure vulnerability

snyk-broker is a proxy program for access between snyk.io and Git repositories. A security vulnerability exists in snyk-broker versions prior to 4.79.0. The vulnerability can be exploited by an attacker to read parts of the Snyk internal network via the patch history in the GitHub Commits API...

CVE-2020-7651

All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API...

CVE-2020-7651

All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API...

Code injection

All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API...

CVE-2020-7651

All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API...

Arbitrary File Read

Overview snyk-broker is a package that proxies access between snyk.io and your Git repositories, such as GitHub Enterprise, GitHub.com and Bitbucket Server. Snyk Broker can also be used to enable a secure connection with your on-premise Jira deployment. Affected versions of this package are...