Commits 11/25/2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Entry

Field

vulnerability_cvss3_meta_tempscore174
exploit_price_0day173
vulnerability_cvss3_meta_basescore160
vulnerability_cvss3_nvd_basescore124
vulnerability_cvss3_nvd_a124

Commit Conf

90%1846
70%1281
50%542
100%1

Approve Conf

90%1846
70%1281
80%542
100%1

IDUserEntryFieldChangeRemarksAcceptedReasonC
13311456VulD...214391price_0day$0-$5ksee exploit price documentation11/25/2022accepted
90
13311455VulD...214391cvss3_meta_tempscore4.3see CVSS documentation11/25/2022accepted
90
13311454VulD...214391cvss3_meta_basescore4.3see CVSS documentation11/25/2022accepted
90
13311453VulD...214391cvss3_vuldb_tempscore4.3see CVSS documentation11/25/2022accepted
90
13311452VulD...214391cvss3_vuldb_basescore4.3see CVSS documentation11/25/2022accepted
90
13311451VulD...214391cvss2_vuldb_tempscore4.0see CVSS documentation11/25/2022accepted
90
13311450VulD...214391cvss2_vuldb_basescore4.0see CVSS documentation11/25/2022accepted
90
13311449VulD...214391cvss3_vuldb_rcXderived from historical data11/25/2022accepted
80
13311448VulD...214391cvss3_vuldb_rlXderived from historical data11/25/2022accepted
80
13311447VulD...214391cvss3_vuldb_eXderived from historical data11/25/2022accepted
80
13311446VulD...214391cvss3_vuldb_prLderived from historical data11/25/2022accepted
80
13311445VulD...214391cvss2_vuldb_rcNDderived from historical data11/25/2022accepted
80
13311444VulD...214391cvss2_vuldb_rlNDderived from historical data11/25/2022accepted
80
13311443VulD...214391cvss2_vuldb_eNDderived from historical data11/25/2022accepted
80
13311442VulD...214391cvss2_vuldb_auSderived from historical data11/25/2022accepted
80
13311441VulD...214391cvss2_vuldb_aiNderived from vuldb v3 vector11/25/2022accepted
80
13311440VulD...214391cvss2_vuldb_iiNderived from vuldb v3 vector11/25/2022accepted
80
13311439VulD...214391cvss2_vuldb_ciPderived from vuldb v3 vector11/25/2022accepted
80
13311438VulD...214391cvss2_vuldb_acLderived from vuldb v3 vector11/25/2022accepted
80
13311437VulD...214391cvss2_vuldb_avNderived from vuldb v3 vector11/25/2022accepted
80
13311436VulD...214391date1669330800 (11/25/2022)11/25/2022accepted
90
13311435VulD...214391cve_nvd_summaryBrowsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use the file:// protocol.cve.org11/25/2022accepted
90
13311434VulD...214391cve_assigned1666908000 (10/28/2022)cve.org11/25/2022accepted
90
13311433VulD...214391cveCVE-2022-43983cve.org11/25/2022accepted
90
13311432VulD...214391urlhttps://fluidattacks.com/advisories/khalid/fluidattacks.com11/25/2022accepted
90
13311431VulD...214391cvss3_vuldb_aNsee CVSS documentation11/25/2022accepted
90
13311430VulD...214391cvss3_vuldb_iNsee CVSS documentation11/25/2022accepted
90
13311429VulD...214391cvss3_vuldb_cLsee CVSS documentation11/25/2022accepted
90
13311428VulD...214391cvss3_vuldb_sUsee CVSS documentation11/25/2022accepted
90
13311427VulD...214391cvss3_vuldb_uiNsee CVSS documentation11/25/2022accepted
90
13311426VulD...214391cvss3_vuldb_acLsee CVSS documentation11/25/2022accepted
90
13311425VulD...214391cvss3_vuldb_avNsee CVSS documentation11/25/2022accepted
90
13311424VulD...214391risk1see risk documentation11/25/2022accepted
90
13311423VulD...214391cwe200 (information disclosure)11/25/2022accepted
90
13311422VulD...214391functionBrowsershot::html11/25/2022accepted
90
13311421VulD...214391componentfile Protocol Handler11/25/2022accepted
90
13311420VulD...214391version3.57.2see version documentation11/25/2022accepted
90
13311419VulD...214391nameBrowsershot11/25/2022accepted
90
13311418VulD...214390price_0day$0-$5ksee exploit price documentation11/25/2022accepted
90
13311417VulD...214390cvss3_meta_tempscore6.2see CVSS documentation11/25/2022accepted
90
13311416VulD...214390cvss3_meta_basescore6.3see CVSS documentation11/25/2022accepted
90
13311415VulD...214390cvss3_vuldb_tempscore5.1see CVSS documentation11/25/2022accepted
90
13311414VulD...214390cvss3_vuldb_basescore5.3see CVSS documentation11/25/2022accepted
90
13311413VulD...214390cvss2_vuldb_tempscore3.7see CVSS documentation11/25/2022accepted
90
13311412VulD...214390cvss2_vuldb_basescore4.3see CVSS documentation11/25/2022accepted
90
13311411VulD...214390cvss3_cna_basescore7.3see CVSS documentation11/25/2022accepted
90
13311410VulD...214390cvss3_vuldb_eXderived from historical data11/25/2022accepted
80
13311409VulD...214390cvss2_vuldb_eNDderived from historical data11/25/2022accepted
80
13311408VulD...214390cvss2_vuldb_auSderived from historical data11/25/2022accepted
80
13311407VulD...214390cvss2_vuldb_rlOFderived from vuldb v3 vector11/25/2022accepted
80
13311406VulD...214390cvss2_vuldb_rcCderived from vuldb v3 vector11/25/2022accepted
80
13311405VulD...214390cvss2_vuldb_aiPderived from vuldb v3 vector11/25/2022accepted
80
13311404VulD...214390cvss2_vuldb_iiPderived from vuldb v3 vector11/25/2022accepted
80
13311403VulD...214390cvss2_vuldb_ciPderived from vuldb v3 vector11/25/2022accepted
80
13311402VulD...214390cvss2_vuldb_acLderived from vuldb v3 vector11/25/2022accepted
80
13311401VulD...214390cvss2_vuldb_avLderived from vuldb v3 vector11/25/2022accepted
80
13311400VulD...214390date1669330800 (11/25/2022)11/25/2022accepted
90
13311399VulD...214390cve_nvd_summarysuper-xray is a web vulnerability scanning tool. Versions prior to 0.7 assumed trusted input for the program config which is stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. This issue has been addressed in commit `4d0d5966` and will be included in future releases. Users are advised to upgrade. There are no known workarounds for this issue.cve.org11/25/2022accepted
90
13311398VulD...214390cve_cnaGitHub, Inc.cve.org11/25/2022accepted
90
13311397VulD...214390cve_assigned1664488800 (09/30/2022)cve.org11/25/2022accepted
90
13311396VulD...214390cveCVE-2022-41958cve.org11/25/2022accepted
90
13311395VulD...214390patch_urlhttps://github.com/4ra1n/super-xray/commit/4d0d59663596db03f39d7edd2be251d48b52dcfcgithub.com11/25/2022accepted
90
13311394VulD...214390patch_name4d0d59663596db03f39d7edd2be251d48b52dcfc11/25/2022accepted
90
13311393VulD...214390upgrade_version0.7see version documentation11/25/2022accepted
90
13311392VulD...214390nameUpgrade11/25/2022accepted
90
13311391VulD...214390urlhttps://github.com/4ra1n/super-xray/security/advisories/GHSA-39pv-4vmj-c4frgithub.com11/25/2022accepted
90
13311390VulD...214390identifierGHSA-39pv-4vmj-c4fr11/25/2022accepted
90
13311389VulD...214390cvss3_cna_aHsee CVSS documentation11/25/2022accepted
90
13311388VulD...214390cvss3_cna_iHsee CVSS documentation11/25/2022accepted
90
13311387VulD...214390cvss3_cna_cHsee CVSS documentation11/25/2022accepted
90
13311386VulD...214390cvss3_cna_sUsee CVSS documentation11/25/2022accepted
90
13311385VulD...214390cvss3_cna_uiRsee CVSS documentation11/25/2022accepted
90
13311384VulD...214390cvss3_cna_prLsee CVSS documentation11/25/2022accepted
90
13311383VulD...214390cvss3_cna_acLsee CVSS documentation11/25/2022accepted
90
13311382VulD...214390cvss3_cna_avLsee CVSS documentation11/25/2022accepted
90
13311381VulD...214390cvss3_vuldb_rcCsee CVSS documentation11/25/2022accepted
90
13311380VulD...214390cvss3_vuldb_rlOsee CVSS documentation11/25/2022accepted
90
13311379VulD...214390cvss3_vuldb_aLsee CVSS documentation11/25/2022accepted
90
13311378VulD...214390cvss3_vuldb_iLsee CVSS documentation11/25/2022accepted
90
13311377VulD...214390cvss3_vuldb_cLsee CVSS documentation11/25/2022accepted
90
13311376VulD...214390cvss3_vuldb_sUsee CVSS documentation11/25/2022accepted
90
13311375VulD...214390cvss3_vuldb_uiNsee CVSS documentation11/25/2022accepted
90
13311374VulD...214390cvss3_vuldb_prLsee CVSS documentation11/25/2022accepted
90
13311373VulD...214390cvss3_vuldb_acLsee CVSS documentation11/25/2022accepted
90
13311372VulD...214390cvss3_vuldb_avLsee CVSS documentation11/25/2022accepted
90
13311371VulD...214390cwe502 (deserialization)11/25/2022accepted
90
13311370VulD...214390componentYAML File Handler11/25/2022accepted
90
13311369VulD...214390version<=0.6see version documentation11/25/2022accepted
90
13311368VulD...214390namesuper-xray11/25/2022accepted
90
13311367VulD...214389price_0day$0-$5ksee exploit price documentation11/25/2022accepted
90
13311366VulD...214389cvss3_meta_tempscore4.3see CVSS documentation11/25/2022accepted
90
13311365VulD...214389cvss3_meta_basescore4.3see CVSS documentation11/25/2022accepted
90
13311364VulD...214389cvss3_vuldb_tempscore4.3see CVSS documentation11/25/2022accepted
90
13311363VulD...214389cvss3_vuldb_basescore4.3see CVSS documentation11/25/2022accepted
90
13311362VulD...214389cvss2_vuldb_tempscore4.0see CVSS documentation11/25/2022accepted
90
13311361VulD...214389cvss2_vuldb_basescore4.0see CVSS documentation11/25/2022accepted
90
13311360VulD...214389cvss3_vuldb_rcXderived from historical data11/25/2022accepted
80
13311359VulD...214389cvss3_vuldb_rlXderived from historical data11/25/2022accepted
80
13311358VulD...214389cvss3_vuldb_eXderived from historical data11/25/2022accepted
80
13311357VulD...214389cvss3_vuldb_prLderived from historical data11/25/2022accepted
80

3570 more entries are not shown

Do you need the next level of professionalism?

Upgrade your account now!