go-compile/security-advisories

Releases0

This repository serves as a publication platform for my security advisories.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-36588 ↗	Jun 13, 2024Thursday, 13 June 2024, 19:15	6.5 MEDIUM	—
An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to send messages erroneously attributed to arbitrary users via a crafted HTTP request.
CVE-2024-36589 ↗	Jun 13, 2024Thursday, 13 June 2024, 19:15	4.3 MEDIUM	—
An issue in Annonshop.app DecentralizeJustice/anonymousLocker commit 2b2b4 to ba9fd and DecentralizeJustice/anonBackend commit 57837 to cd815 was discovered to store credentials in plaintext.
CVE-2024-36586 ↗	Jun 13, 2024Thursday, 13 June 2024, 19:15	8.8 HIGH	—
An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary.
CVE-2024-36587 ↗	Jun 13, 2024Thursday, 13 June 2024, 19:15	7.8 HIGH	—
Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy.
CVE-2023-23277 ↗	Apr 11, 2023Tuesday, 11 April 2023, 15:15	6.1 MEDIUM	—
Snippet-box 1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote attackers can render arbitrary web script or HTML from the "Snippet code" form field.