Lucene search
K

139 matches found

Vulnrichment
Vulnrichment
added 2023/11/10 2:43 p.m.23 views

CVE-2023-45806 Discourse vulnerable to DoS via Regexp Injection in Full Name

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, if a user has been quoted and uses a | in their full name, they might be able to trigger a bug that generates a lot of duplicat...

4.3CVSS6.9AI score0.00999EPSS
Exploits0References3
OSV
OSV
added 2023/11/10 2:43 p.m.22 views

CVE-2023-45806 Discourse vulnerable to DoS via Regexp Injection in Full Name

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, if a user has been quoted and uses a | in their full name, they might be able to trigger a bug that generates a lot of duplicat...

4.3CVSS5.4AI score0.00999EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/09/15 12:0 a.m.8 views

PT-2023-27755 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.1 Discourse version 3.2.0.beta1 and earlier in the beta and tests-passed branches Description: Discourse is an open-source discussion platform. Importing a remote theme loads their assets into memory without...

6.5CVSS6.4AI score0.00508EPSS
Exploits0References6
Prion
Prion
added 2023/07/28 4:15 p.m.20 views

Design/Logic Flaw

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the stable branch and version...

2.6CVSS4AI score0.0024EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/28 3:27 p.m.15 views

CVE-2023-38685 Discourse's restricted tag information visible to unauthenticated users

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, information about restricted-visibility topic tags could be obtained by unauthorized users. The issue is patched in version 3.0.6 of the stab...

4.3CVSS6.3AI score0.0039EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/07/28 3:9 p.m.20 views

CVE-2023-37904 Discourse Race Condition in Accept Invite

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the stable branch and version...

2.6CVSS6.5AI score0.0024EPSS
Exploits0References2
Prion
Prion
added 2023/06/13 10:15 p.m.20 views

Design/Logic Flaw

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the stable branch and...

5CVSS5.2AI score0.00423EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/06/13 9:35 p.m.63 views

CVE-2023-32301

Discourse prior to versions 3.0.4 (stable) and 3.1.0.beta5 (beta/tests-passed) were affected by a flaw that could allow creation of multiple duplicate topics when topic embedding is enabled. The underlying issue is fixed in Discourse 3.0.4 (stable) and 3.1.0.beta5 (beta/tests-passed). A workaroun...

5.3CVSS4.3AI score0.00423EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/13 12:0 a.m.9 views

PT-2023-23712 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.0.4 Discourse version 3.1.0.beta5 and earlier in the beta and tests-passed branches Description: Discourse is an open source discussion platform. Multiple duplicate topics could be created if topic embedding is...

5.3CVSS5AI score0.00423EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/04/28 12:0 a.m.32 views

Fedora 38 : xen (2023-d28433ead1)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-d28433ead1 advisory. x86 shadow paging arbitrary pointer dereference XSA-430, CVE-2022-42335 Tenable has extracted the preceding description block directly from the Fedora securi...

7.8CVSS7.6AI score0.00264EPSS
Exploits0References2
Prion
Prion
added 2023/04/25 1:15 p.m.28 views

Design/Logic Flaw

x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging HAP is unavailable, Xen will run guests in so called shadow mode. Due to too lax a check in one of the hypervisor routines used for shadow page handlin...

4.3CVSS7.4AI score0.00264EPSS
Exploits0References5Affected Software2
CNNVD
CNNVD
added 2023/04/18 12:0 a.m.5 views

Discourse 跨站脚本漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. Discourse suffers from a cross-site scripting vulnerability that originates from allowing embedding of Javascript via CSP, leading to user session hijacking. Affected product...

6.1CVSS5.9AI score0.00313EPSS
Exploits0References2
Code423n4
Code423n4
added 2023/04/13 12:0 a.m.7 views

VetoProposal.voteToVeto() checks the proposal status wrongly.

Lines of code Vulnerability details Impact VetoProposal.voteToVeto wouldn't work as expected because voters can vote during the Voting status only. Proof of Concept When we check veto, it works during 3 statuses, Voting, Passed, Ready which is mentioned in the comment as well. ProposalStatus stat...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/04/07 12:0 a.m.12 views

VetoProposal: proposals cannot be vetoed in all states in which it should be possible to veto proposals

Lines of code Vulnerability details Impact The VetoProposal contract allows to veto proposals with the voteToVeto function. The proposal can only be vetoed when it is in the Voting state, otherwise the voteToVeto function reverts. The issue is that the Voting state is not the only state in which ...

6.7AI score
Exploits0
NVD
NVD
added 2023/03/21 1:15 p.m.33 views

CVE-2022-42334

x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults...

6.5CVSS7.2AI score0.00267EPSS
Exploits0References7
OSV
OSV
added 2023/03/21 1:15 p.m.36 views

CVE-2022-42334

x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults...

6.5CVSS6.6AI score
Exploits0References7
OSV
OSV
added 2023/03/21 1:15 p.m.4 views

UBUNTU-CVE-2022-42333

x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults...

8.6CVSS5.8AI score0.01189EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2023/03/21 1:15 p.m.39 views

CVE-2022-42334

x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults...

8.6CVSS7.4AI score0.01189EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2023/03/21 1:15 p.m.28 views

CVE-2022-42333

x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults...

8.6CVSS7.4AI score0.01189EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2023/03/21 1:15 p.m.25 views

CVE-2022-42333

x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults...

8.6CVSS6.9AI score0.01189EPSS
Exploits0References6
Rows per page
Query Builder