Lucene search
K

167 matches found

Positive Technologies
Positive Technologies
added 2023/01/27 12:0 a.m.4 views

PT-2023-19084 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.0.1 on the stable branch Discourse versions prior to 3.1.0.beta2 on the beta and tests-passed branches Description: The issue affects Discourse, an open-source discussion platform, where someone can use the exclu...

5.3CVSS5.2AI score0.0059EPSS
Exploits0References8
Cvelist
Cvelist
added 2023/01/27 12:0 a.m.31 views

CVE-2023-23616 Discourse membership requests lack character limit

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and 3.1.0.beta2 on the beta and tests-passed branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to...

3.5CVSS5.3AI score0.00678EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/01/27 12:0 a.m.32 views

CVE-2023-23620 Discourse restricted tag routes leak topic information

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and 3.1.0.beta2 on the beta and tests-passed branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version 3.0.1 on the stable...

5.3CVSS5.8AI score0.00669EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/27 12:0 a.m.6 views

Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes community, email and chat room features. A security vulnerability exists in Discourse versions prior to 3.0.1 stable, 3.1.0.beta2 beta and test-passed. An attacker exploited the vulnerability to cause a regular...

8.6CVSS7.3AI score0.00868EPSS
Exploits0References5
NVD
NVD
added 2023/01/26 9:18 p.m.25 views

CVE-2023-22739

Discourse is an open source platform for community discussion. Versions prior to 3.0.1 stable, 3.1.0.beta2 beta, and 3.1.0.beta2 tests-passed are subject to Allocation of Resources Without Limits or Throttling. As there is no limit on data contained in a draft, a malicious user can create an...

6.5CVSS6.3AI score0.00874EPSS
Exploits0References1
OSV
OSV
added 2023/01/26 8:45 a.m.24 views

CVE-2023-22739 Discourse subject to Allocation of Resources Without Limits or Throttling

Discourse is an open source platform for community discussion. Versions prior to 3.0.1 stable, 3.1.0.beta2 beta, and 3.1.0.beta2 tests-passed are subject to Allocation of Resources Without Limits or Throttling. As there is no limit on data contained in a draft, a malicious user can create an...

6.5CVSS6.3AI score0.00874EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.5 views

Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. A security vulnerability exists in Discourse versions prior to 3.0.1 stable, 3.1.0.beta2 beta, and 3.1.0.beta3 test-passed, which stems from an improperly restricte...

6.5CVSS6.4AI score0.00874EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/01/16 12:0 a.m.8 views

PT-2023-1610 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.0.1 on the stable branch Discourse versions prior to 3.1.0.beta2 on the beta and tests-passed branches Description: The issue is related to the use of a regular expression with inefficient computational complexit...

8.6CVSS7.3AI score0.00868EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2022/05/25 10:40 p.m.41 views

Possible information disclosure inside TreeGrid component with default data provider

Description The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information...

7.5CVSS6.9AI score0.00915EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2022/05/24 3:15 p.m.26 views

CVE-2022-29567

The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure ...

7.5CVSS6.4AI score0.00915EPSS
Exploits0References2
Prion
Prion
added 2022/05/24 3:15 p.m.17 views

Default configuration

The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure ...

5CVSS7.3AI score0.00915EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/05/24 2:20 p.m.31 views

CVE-2022-29567 Possible information disclosure inside TreeGrid component with default data provider

The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure ...

5.7CVSS7.5AI score0.00915EPSS
Exploits0References2
Vaadin
Vaadin
added 2022/05/24 12:0 a.m.44 views

Possible information disclosure inside TreeGrid component with default data provider

The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure ...

7.5CVSS3.3AI score0.00915EPSS
Exploits0References1Affected Software2
vulnersOsv
vulnersOsv
added 2022/05/17 2:48 a.m.5 views

org.infinispan:infinispan-distribution (=9.0.0.Beta1), org.infinispan:infinispan-javadoc-all (=9.0.0.Beta1) +26 more potentially affected by CVE-2016-6347 via org.jboss.resteasy:resteasy-client (>=3.1.0.Beta1 <=3.1.0.Beta2)

org.jboss.resteasy:resteasy-client MAVEN version =3.1.0.Beta1, =5.3.4.Final, =5.3.4.Final, =3.1.0.Beta1, =3.1.0.Beta1, =3.1.0.Beta1, =3.1.0.Beta1, =3.1.0.Beta1, =3.1.0.Beta1, =3.1.0.Beta1, =3.1.0.Beta2 and more Source cves: CVE-2016-6347 Source advisory: OSV:GHSA-R346-RMRG-QPGH...

6.1CVSS6.6AI score0.01553EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/17 1:24 a.m.8 views

be.thematchbox:AbstractRiver (>=1.0.1 <=1.1.0), br.com.starcode.trex:t-rex (=0.7.1) +319 more potentially affected by CVE-2014-3529 via org.apache.poi:poi (>=3.0-FINAL <=3.10-beta2)

org.apache.poi:poi MAVEN version =3.0-FINAL, =1.0.1, =1.0.4, =5.0.1.1, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.6.4 and more Source cves: CVE-2014-3529 Source advisory: OSV:GHSA-Q56H-JJJ6-52MF...

4.3CVSS6.5AI score0.13258EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/17 1:24 a.m.4 views

be.thematchbox:AbstractRiver (>=1.0.1 <=1.1.0), br.com.starcode.trex:t-rex (=0.7.1) +319 more potentially affected by CVE-2014-3574 via org.apache.poi:poi (>=3.0-FINAL <=3.10-beta2)

org.apache.poi:poi MAVEN version =3.0-FINAL, =1.0.1, =1.0.4, =5.0.1.1, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.6.4 and more Source cves: CVE-2014-3574 Source advisory: OSV:GHSA-5WFP-8643-C58X...

4.3CVSS6.2AI score0.07395EPSS
Exploits0
OSV
OSV
added 2022/04/23 12:40 a.m.20 views

GHSA-8MW8-J583-VQFG RubyGems passenger gem allows remote attackers to delete files

RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process. Affects both open source and Enterprise versions 4.0.0.beta1, 4.0.0.beta2...

7.5CVSS7.5AI score0.02308EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2021/07/16 12:0 a.m.26 views

Discourse 2.8.0.beta3 Security Update

A new Discourse update includes three security fixes. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse";...

8.1CVSS6.4AI score0.00545EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/06/14 12:0 a.m.7 views

Discourse 2.8.0.beta2 Security Update

A new Discourse update includes two security fixes. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse";...

7.5AI score
Exploits0References2
OSV
OSV
added 2021/04/01 3:15 p.m.2 views

UBUNTU-CVE-2021-28163

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that...

2.7CVSS6.7AI score0.0418EPSS
Exploits1References3
Rows per page
Query Builder