Skip to content
View Sim4n6's full-sized avatar

Block or report Sim4n6

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Sim4n6/README.md

Hi 👋

CVE Severity Description
1 CVE-2022-1993 High Path Traversal vulnerability on the endpoint '/info/refs' in gogs/gogs
2 CVE-2022-3607 Medium ZipSlip Symlink variant allows to read any file within OctoPrint Box in octoprint/octoprint
3 CVE-2022-23530 Medium GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package
4 CVE-2023-25804 Medium Limited Path Traversal in name parameter hap-wi/roxy-wi
5 CVE-2023-25803 CVE-2023-25802 High Directory Traversal vulnerability in hap-wi/roxy-wi
6 CVE-2022-23522 High Arbitrary File Write when Extracting Tarballs retrieved from a remote location using shutil.unpack_archive()
7 CVE-2023-30620 High Arbitrary File Write when Extracting a Remotely retrieved Tarball using Tarfile.extractall() in mindsdb/mindsdb
8 CVE-2023-31131 Medium Arbitrary File Write when Extracting Tarballs retrieved from a remote location using shutil.unpack_archive() in greenplum-db/gpdb
9 CVE-2023-35932 High Configuration Injection in tanghaibao/jcvi due to unsanitized user input
10 GHSA-373w-rj84-pv6x Low Hostname blocklist does not block FQDNs in IncludeSecurity/safeurl-python
11 CVE-2023-39911 Medium ---
12 CVE-2023-42183 Low A Post-Unicode Normalization Vulnerability in lockss/lockss-daemon
13 CVE-2023-41889 Medium Late-Unicode normalization vulnerability in shirasagi/shirasagi
14 CVE-2023-52081 Low Late-Unicode normalization vulnerability in ewen-lbh/ffcss
15 CVE-2024-21623 Critical Arbitrary Expression Injection in github workflow leads to Command execution & leaking secrets in mehah/otclient
16 CVE-2024-23343 Medium
17 CVE-2024-23826 Medium Uploading an image with a specific filename causes a server-side DoS in spbu-se/spbu_se_site
18 CVE-2024-24759 Critical Bypass SSRF Protection with DNS Rebinding in mindsdb/mindsdb
19 CVE-2024-0081 High Unicode use in a user-controlled filename may cause a server-side DoS in Nvidia/NeMo - Nvidia security acknowledgement
20 CVE-2024-32874 Medium Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
21 GHSA-9gw7-hxgx-f6rv Medium Malicious Long Unicode filenames may cause an Application-level Denial of Service
22 CVE-2024-1211 Medium Require confirmation before linking JWT identity on Gitlab Blog
23 CVE-2024-35231 High Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter
24 CVE-2024-45412 Medium Potential Denial of Service due to the One Milion Unicode characters attack
25 CVE-2024-8124 High Denial of Service via sending a large glm_source parameter in GitLab
26 CVE-2024-47830 Critical Server side request forgery via /_next/image endpoint on makeplane/plane

✨ Feel free to subscribe to my little newsletter sim4n6.beehiiv.com.

Some of the articles already published :

Subject Publication Date
1 Unicode characters to Bypass Security Checks x
2 The One Million Unicode Denial Of Service Attack x
3 How CodeQL works: Summary x
4 Arbitrary Configuration Injection x
5 Application-level Denial of Service using Unconstrained number x

💬 By the way, I'm looking for a remote opportunity ...

sim4n6 AT gmail.com

Pinned Loading

  1. github/codeql github/codeql Public

    CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security

    CodeQL 7.9k 1.6k

  2. Slack_handler Slack_handler Public

    Python tool to extract File slacks from disk images.

    Python 5