13 matches found
EUVD-2021-16090
Malware in sbrugna...
CVE-2021-29493
Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploit has been found in the Tickets module of kennnyshiwa-cogs. This exploit allows discord users to craft a message that can reveal sensitive and harmful information. Users can upgrade to version 5a84d60018468e5c0346f7ee74b2b4650a6dade7...
Red-DiscordBot vulnerable to Incorrect Authorization in commands API
Impact Due to a bug in Red's Core API, 3rd-party cogs using the @commands.canmanagechannel command permission check without additional permission controls may authorize a user to run a command even when that user doesn't have permissions to manage a channel. None of the core commands or core cogs...
GHSA-5JQ8-Q6RJ-9GQ4 Red-DiscordBot vulnerable to Incorrect Authorization in commands API
Impact Due to a bug in Red's Core API, 3rd-party cogs using the @commands.canmanagechannel command permission check without additional permission controls may authorize a user to run a command even when that user doesn't have permissions to manage a channel. None of the core commands or core cogs...
CVE-2024-39905 Red-DiscordBot vulnerable to Incorrect Authorization in commands API
Red is a fully modular Discord bot. Due to a bug in Red's Core API, 3rd-party cogs using the @commands.canmanagechannel command permission check without additional permission controls may authorize a user to run a command even when that user doesn't have permissions to manage a channel. None of t...
CVE-2024-39905 Red-DiscordBot vulnerable to Incorrect Authorization in commands API
Red is a fully modular Discord bot. Due to a bug in Red's Core API, 3rd-party cogs using the @commands.canmanagechannel command permission check without additional permission controls may authorize a user to run a command even when that user doesn't have permissions to manage a channel. None of t...
CVE-2021-29493
CVE-2021-29493 concerns kennnyshiwa-cogs (for Red Discordbot), where an RCE vulnerability exists in the Tickets module. The public details describe an exploit that lets a Discord user craft a message to reveal sensitive information. A fixed release is available: upgrade to version 5a84d60018468e5...
tsutils (>=4.0.5 <=5.2.0) potentially affected by CVE-2020-15278 via red-discordbot (=3.0.2)
red-discordbot PYPI version =3.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on red-discordbot and may be impacted: - tsutils =4.0.5, =5.2.0 Source cves: CVE-2020-15278 Source advisory: OSV:PYSEC-2020-267...
tsutils (>=4.0.5 <=5.2.0) potentially affected by CVE-2020-15278 via red-discordbot (=3.0.2)
red-discordbot PYPI version =3.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on red-discordbot and may be impacted: - tsutils =4.0.5, =5.2.0 Source cves: CVE-2020-15278 Source advisory: OSV:GHSA-MP9M-G7QJ-6VQR...
tsutils (>=4.0.5 <=5.2.0) potentially affected by CVE-2020-15140 via red-discordbot (=3.0.2)
red-discordbot PYPI version =3.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on red-discordbot and may be impacted: - tsutils =4.0.5, =5.2.0 Source cves: CVE-2020-15140 Source advisory: OSV:PYSEC-2020-265...
tsutils (>=4.0.5 <=5.2.0) potentially affected by CVE-2020-15147 via red-discordbot (=3.0.2)
red-discordbot PYPI version =3.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on red-discordbot and may be impacted: - tsutils =4.0.5, =5.2.0 Source cves: CVE-2020-15147 Source advisory: OSV:GHSA-7257-96VG-QF6X...
Remote Code Execution in Red Discord Bot
Impact A RCE exploit has been discovered in the Streams module: this exploit allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's going live message. By abusing this exploit, it's possible to perform destructive actions and/or access...
tsutils (>=4.0.5 <=5.2.0) potentially affected by CVE-2020-15140 via red-discordbot (=3.0.2)
red-discordbot PYPI version =3.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on red-discordbot and may be impacted: - tsutils =4.0.5, =5.2.0 Source cves: CVE-2020-15140 Source advisory: OSV:GHSA-55J9-849X-26H4...