Skip to content
View Sim4n6's full-sized avatar
31 followers · 77 following

Achievements

Achievement: YOLOAchievement: QuickdrawAchievement: Pair ExtraordinaireAchievement: Arctic Code Vault ContributorAchievement: Pull Sharkx2
BetaSend feedback

Achievements

Achievement: YOLOAchievement: QuickdrawAchievement: Pair ExtraordinaireAchievement: Arctic Code Vault ContributorAchievement: Pull Sharkx2
BetaSend feedback

Highlights

Block or Report

Block or report Sim4n6

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Sim4n6/README.md

Hi 👋

CVE Severity Description
1 CVE-2022-1993 High Path Traversal vulnerability on the endpoint '/info/refs' in gogs/gogs
2 CVE-2022-3607 Medium ZipSlip Symlink variant allows to read any file within OctoPrint Box in octoprint/octoprint
3 CVE-2022-23530 Medium GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package
4 CVE-2023-25804 Medium Limited Path Traversal in name parameter hap-wi/roxy-wi
5 CVE-2023-25803 CVE-2023-25802 High Directory Traversal vulnerability in hap-wi/roxy-wi
6 CVE-2022-23522 High Arbitrary File Write when Extracting Tarballs retrieved from a remote location using shutil.unpack_archive()
7 CVE-2023-30620 High Arbitrary File Write when Extracting a Remotely retrieved Tarball using Tarfile.extractall() in mindsdb/mindsdb
8 CVE-2023-31131 Medium Arbitrary File Write when Extracting Tarballs retrieved from a remote location using shutil.unpack_archive() in greenplum-db/gpdb
9 CVE-2023-35932 High Configuration Injection in tanghaibao/jcvi due to unsanitized user input
10 GHSA-373w-rj84-pv6x Low Hostname blocklist does not block FQDNs in IncludeSecurity/safeurl-python
11 CVE-2023-39911 Medium ---
12 CVE-2023-42183 Low A Post-Unicode Normalization Vulnerability in lockss/lockss-daemon
13 CVE-2023-41889 Medium Late-Unicode normalization vulnerability in shirasagi/shirasagi
14 CVE-2023-52081 Low Late-Unicode normalization vulnerability in ewen-lbh/ffcss
15 CVE-2024-21623 Critical Arbitrary Expression Injection in github workflow leads to Command execution & leaking secrets in mehah/otclient
16 CVE-2024-23343 Medium
17 CVE-2024-23826 High Uploading an image with a specific filename causes a server-side DoS in spbu-se/spbu_se_site
18 CVE-2024-24759 Critical --
19 CVE-2024-0081 High Unicode use in a user-controlled filename may cause a server-side DoS in Nvidia/NeMo - Nvidia security acknowledgement
20 CVE-2024-32874 Critical -
21 GHSA-9gw7-hxgx-f6rv Medium Malicious Long Unicode filenames may cause an Application-level Denial of Service

✨ Feel free to subscribe to my little newsletter sim4n6.beehiiv.com.

Some of the articles already published :

Subject Publication Date
1 Unicode characters to Bypass Security Checks x
2 The One Million Unicode Denial Of Service Attack x
3 How CodeQL works: Summary x
4 Arbitrary Configuration Injection x

💬 By the way, I'm looking for a remote opportunity ...

sim4n6 AT gmail.com

Pinned

  1. github/codeql github/codeql Public

    CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security

    CodeQL 7.1k 1.4k

  2. Slack_handler Slack_handler Public

    Python tool to extract File slacks from disk images.

    Python 5