public-vulnerabilities icon indicating copy to clipboard operation
public-vulnerabilities copied to clipboard

Published 20 hours ago verified publisher icon dawid-czarnecki

Metadata

Repositories with publicly disclosed vulnerabilities that I found

Publicly disclosed vulnerabilities

Latest release: 1.0
License: GNU GPL

This repository contains some of the publicly disclosed vulnerabilities that I have found.

Table of contents - chronologically

  • 2021
    • CVE-2021-45096 - External XML Entity Injection in workflow import
    • CVE-2021-45097 - Weak file permissions when installed in unattended mode
    • CVE-2021-44726 - DOM-based XSS in a login panel
    • CVE-2021-44725 - Directory Path Traversal in the profiles section
    • CVE-2021-42369 - SQL Injection vulnerability in contacts CSV export
    • CVE-2021-41326 - Command Injection vulnerability in Opendata export
    • CVE-2021-37742 - Stored XSS when viewing Galaxy Cluster Relationships
  • 2020
    • CVE-2020-25216 - XSLT Remote Code Execution in XML when opening XML files together with custom stylesheets
    • CVE-2020-25215 - XML External Entity injection when opening XML files
    • CVE-2020-9407 - Information disclsure in cookie
    • CVE-2020-9406 - Command injection in queryBCP method
    • CVE-2020-9405 - Reflected XSS in redirect page
    • CVE-2020-8894 - Mishandling of discussion threads ACL
    • CVE-2020-8893 - Reflected XSS in Galaxy view
    • CVE-2020-8890 - Bruteforce protection not working in very specific environments
  • 2019
    • CVE-2019-12868 - Command injection via phar:// deserialization
  • 2018
    • CVE-2018-11245 - XSS with cortex type attributes
  • 2017
    • CVE-2017-16876 - Stored XSS vulnerability in the _keyify function
    • CVE-2017-16802 - XSS in the sharingGroupPopulateOrganisations function

Table of contents - by product

  • KNIME
    • CVE-2021-45096 - External XML Entity Injection in workflow import
    • CVE-2021-45097 - Weak file permissions when installed in unattended mode
    • CVE-2021-44726 - DOM-based XSS in a login panel
    • CVE-2021-44725 - Directory Path Traversal in the profiles section
  • Imagicle
    • CVE-2021-42369 - SQL Injection vulnerability in contacts CSV export
  • Open Source Threat Intelligence Platform
    • CVE-2021-41326 - Command Injection vulnerability in Opendata export
    • CVE-2021-37742 - Stored XSS when viewing Galaxy Cluster Relationships
    • CVE-2020-8894 - Mishandling of discussion threads ACL
    • CVE-2020-8893 - Reflected XSS in Galaxy view
    • CVE-2020-8890 - Bruteforce protection not working in very specific environments
    • CVE-2019-12868 - Command injection via phar:// deserialization
    • CVE-2018-11245 - XSS with cortex type attributes
    • CVE-2017-16802 - XSS in the sharingGroupPopulateOrganisations function
  • Mistune
    • CVE-2017-16876 - Stored XSS vulnerability in the _keyify function
  • Online Weather
    • CVE-2020-9407 - Information disclsure in cookie
    • CVE-2020-9406 - Command injection in queryBCP method
    • CVE-2020-9405 - Reflected XSS in redirect page
  • yEd
    • CVE-2020-25216 - XSLT Remote Code Execution in XML when opening XML files together with custom stylesheets
    • CVE-2020-25215 - XML External Entity injection when opening XML files

Metadata

7
Stars
1
Forks
Watchers

Owner

verified publisher icon dawid-czarnecki

Metadata

Repositories with publicly disclosed vulnerabilities that I found

Back