Lucene search
K

139 matches found

Positive Technologies
Positive Technologies
added 2023/01/05 12:0 a.m.3 views

PT-2023-14816 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.14 on the stable branch and version 2.9.0.beta15 on the beta and tests-passed branches Description: Discourse is an open-source discussion platform. Prior to the specified versions, recipients of a group SMTP...

3.5CVSS3.7AI score0.00523EPSS
Exploits0References9
Cvelist
Cvelist
added 2022/11/29 12:0 a.m.26 views

CVE-2022-46148 Discourse allows self-XSS through malicious composer message

Discourse is an open-source messaging platform. In versions 2.8.10 and prior on the stable branch and versions 2.9.0.beta11 and prior on the beta and tests-passed branches, users composing malicious messages and navigating to drafts page could self-XSS. This vulnerability can lead to a full XSS o...

7.1CVSS6.7AI score0.00452EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/11/02 12:0 a.m.36 views

CVE-2022-39241 Possible Server-Side Request Forgery (SSRF) in webhooks

Discourse is a platform for community discussion. A malicious admin could use this vulnerability to perform port enumeration on the local host or other hosts on the internal network, as well as against hosts on the Internet. Latest stable, beta, and test-passed versions are now patched. As a...

7.6CVSS7.9AI score0.00522EPSS
Exploits0References1
OSV
OSV
added 2022/11/02 12:0 a.m.28 views

CVE-2022-39241 Possible Server-Side Request Forgery (SSRF) in webhooks

Discourse is a platform for community discussion. A malicious admin could use this vulnerability to perform port enumeration on the local host or other hosts on the internal network, as well as against hosts on the Internet. Latest stable, beta, and test-passed versions are now patched. As a...

7.6CVSS4.9AI score0.00522EPSS
Exploits0References3
NVD
NVD
added 2022/09/29 8:15 p.m.47 views

CVE-2022-36066

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution...

9.1CVSS0.01578EPSS
Exploits0References3
Prion
Prion
added 2022/09/29 8:15 p.m.19 views

Design/Logic Flaw

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in...

4CVSS4.6AI score0.0072EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/09/29 8:15 p.m.20 views

Remote code execution

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution...

5.8CVSS7.3AI score0.01578EPSS
Exploits0References3Affected Software1
Code423n4
Code423n4
added 2022/08/07 12:0 a.m.8 views

msg.sender lending pool and initiator can be forged in executeOperationin MImoLeverage

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. the function signature is function executeOperation address calldata assets, uint256 calldata amounts, uint256 calldata premiums, address initiator, bytes calldata params external override returns bool...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/08/01 12:0 a.m.6 views

PT-2022-20594 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse affected versions not specified Description: Discourse is an open source discussion platform. In affected versions, an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta...

7.5CVSS7.4AI score0.00571EPSS
Exploits0References8
Prion
Prion
added 2022/06/14 9:15 p.m.21 views

Design/Logic Flaw

Discourse is an open-source discussion platform. Prior to version 2.8.4 in the stable branch and version 2.9.0.beta5 in the beta and tests-passed branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the stable branch and version 2.9.0.beta5 in...

5CVSS5.2AI score0.01013EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/05/01 4:15 p.m.31 views

CVE-2022-21227

The package sqlite3 before 5.0.3 are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine...

7.5CVSS0.01955EPSS
Exploits0References3
OSV
OSV
added 2022/05/01 3:25 p.m.26 views

CVE-2022-21227 Denial of Service (DoS)

The package sqlite3 before 5.0.3 are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine...

7.5CVSS7.1AI score0.01955EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/03/24 12:0 a.m.8 views

PT-2022-16875 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions 2.8.2 and prior in the stable branch Discourse versions 2.9.0.beta3 and prior in the beta branch Discourse versions 2.9.0.beta3 and prior in the tests-passed branch Description: Discourse is an open source discussion...

4.3CVSS4.5AI score0.00927EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/03/24 12:0 a.m.5 views

Discourse 信息泄露漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. Discourse is vulnerable to an information disclosure vulnerability that originates in the "stable" branch of version 2.8.2 and earlier, the "beta" branch of version 2.9.0.bet...

4.3CVSS5.1AI score0.00927EPSS
Exploits0References5
OSV
OSV
added 2022/01/25 2:15 p.m.4 views

ALPINE-CVE-2022-23035

Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time...

4.6CVSS6.8AI score0.00352EPSS
Exploits0References1
OSV
OSV
added 2022/01/25 2:15 p.m.2 views

DEBIAN-CVE-2022-23035

Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time...

4.6CVSS5.8AI score0.00352EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/01/25 2:15 p.m.13 views

CVE-2022-23035

Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time...

4.7CVSS5.8AI score0.00352EPSS
Exploits0References7
OSV
OSV
added 2022/01/25 2:15 p.m.3 views

UBUNTU-CVE-2022-23035

Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time...

4.6CVSS7AI score0.00352EPSS
Exploits0References4
Prion
Prion
added 2021/11/15 10:15 p.m.20 views

Design/Logic Flaw

Discourse is a platform for community discussion. In affected versions a maliciously crafted request could cause an error response to be cached by intermediate proxies. This could cause a loss of confidentiality for some content. This issue is patched in the latest stable, beta and tests-passed...

5CVSS5.1AI score0.00938EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2021/10/20 11:15 p.m.27 views

CVE-2021-41163

Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribeurl values. This issue is patched in the latest stable, beta and tests-passed versions of...

10CVSS0.19812EPSS
Exploits0References2
Rows per page
Query Builder