Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-xwcc-427v-vm78

больше 3 лет назад

Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UN552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V964Q R2.000 and prior to it, C961Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it) allows an attacker to obtain root privileges and execute remote code by sending unintended parameters that contain specific characters in http request.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-xwc9-h47c-3q6w

8 месяцев назад

A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-xwc9-8235-mfg3

больше 3 лет назад

The Echo News (aka com.solo.report) 1.10 application (beta) for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

EPSS: Низкий
github логотип

GHSA-xwc8-wmf6-jq93

почти 4 года назад

Unspecified vulnerability in Ampache 3.3.2 and earlier, when register_globals is enabled, allows remote attackers to bypass security restrictions and gain guest access.

EPSS: Низкий
github логотип

GHSA-xwc8-rf6m-xr86

больше 2 лет назад

hnswlib Double Free vulnerability

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-xwc8-5q53-jg4p

больше 3 лет назад

An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5.

CVSS3: 4.8
EPSS: Низкий
github логотип

GHSA-xwc7-wmrh-7694

6 месяцев назад

IBM Integrated Analytics System 1.0.0.0 through 1.0.30.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened.

CVSS3: 8
EPSS: Низкий
github логотип

GHSA-xwc7-pv4h-828f

почти 4 года назад

The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attack

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-xwc7-g658-j4rq

почти 4 года назад

Multiple buffer overflows in the psscan function in ps.c for gv (ghostview) allow remote attackers to execute arbitrary code via a Postscript file with a long (1) BoundingBox, (2) comment, (3) Orientation, (4) PageOrder, or (5) Pages value.

EPSS: Низкий
github логотип

GHSA-xwc7-4px3-fqx8

больше 2 лет назад

Inappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-xwc6-f3w2-2jmm

почти 2 года назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Reflected XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.21.

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-xwc6-4mcf-7v2v

около 1 года назад

Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

CVSS3: 8
EPSS: Низкий
github логотип

GHSA-xwc5-q44v-p6gg

6 месяцев назад

Liferay Portal User Enumeration Vulnerability via the Create Account Page

EPSS: Низкий
github логотип

GHSA-xwc4-p3cg-mmq4

больше 1 года назад

The Vikinghammer Tweet WordPress plugin through 0.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

CVSS3: 5.7
EPSS: Низкий
github логотип

GHSA-xwc4-f36r-xj54

больше 3 лет назад

The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this interface.

EPSS: Низкий
github логотип

GHSA-xwc4-8fpp-fv79

больше 3 лет назад

Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4309.

EPSS: Низкий
github логотип

GHSA-xwc3-j4x2-wgpc

больше 3 лет назад

Unspecified vulnerability in the Oracle Universal Installer component in Oracle Database Server 10.1.0.5 allows local users to affect confidentiality via unknown vectors.

EPSS: Низкий
github логотип

GHSA-xwc2-pv6j-7344

11 месяцев назад

Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation Manager (BSM) before 1.1-65374, Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to read limited files via unspecified vectors.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-xwc2-2xh3-v7qg

больше 3 лет назад

Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to Libevent within Libevent log handlers, which might allow remote attackers to cause a denial of service (daemon crash) via vectors that trigger certain log messages.

EPSS: Низкий
github логотип

GHSA-xw9x-352m-86jm

больше 3 лет назад

The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 does not validate the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, which allows remote attackers to (1) cause a denial of service (integer underflow, heap memory corruption, and panic) via a small length value in data sent to a ROSE socket, or (2) conduct stack-based buffer overflow attacks via a large length value in data sent to a ROSE socket.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-xwcc-427v-vm78

Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UN552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V964Q R2.000 and prior to it, C961Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it) allows an attacker to obtain root privileges and execute remote code by sending unintended parameters that contain specific characters in http request.

CVSS3: 9.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-xwc9-h47c-3q6w

A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service.

CVSS3: 6.1
0%
Низкий
8 месяцев назад
github логотип
GHSA-xwc9-8235-mfg3

The Echo News (aka com.solo.report) 1.10 application (beta) for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-xwc8-wmf6-jq93

Unspecified vulnerability in Ampache 3.3.2 and earlier, when register_globals is enabled, allows remote attackers to bypass security restrictions and gain guest access.

0%
Низкий
почти 4 года назад
github логотип
GHSA-xwc8-rf6m-xr86

hnswlib Double Free vulnerability

CVSS3: 6.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-xwc8-5q53-jg4p

An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5.

CVSS3: 4.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-xwc7-wmrh-7694

IBM Integrated Analytics System 1.0.0.0 through 1.0.30.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened.

CVSS3: 8
0%
Низкий
6 месяцев назад
github логотип
GHSA-xwc7-pv4h-828f

The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attack

CVSS3: 6.5
0%
Низкий
почти 4 года назад
github логотип
GHSA-xwc7-g658-j4rq

Multiple buffer overflows in the psscan function in ps.c for gv (ghostview) allow remote attackers to execute arbitrary code via a Postscript file with a long (1) BoundingBox, (2) comment, (3) Orientation, (4) PageOrder, or (5) Pages value.

9%
Низкий
почти 4 года назад
github логотип
GHSA-xwc7-4px3-fqx8

Inappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

CVSS3: 4.3
0%
Низкий
больше 2 лет назад
github логотип
GHSA-xwc6-f3w2-2jmm

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Reflected XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.21.

CVSS3: 7.1
0%
Низкий
почти 2 года назад
github логотип
GHSA-xwc6-4mcf-7v2v

Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

CVSS3: 8
0%
Низкий
около 1 года назад
github логотип
GHSA-xwc5-q44v-p6gg

Liferay Portal User Enumeration Vulnerability via the Create Account Page

0%
Низкий
6 месяцев назад
github логотип
GHSA-xwc4-p3cg-mmq4

The Vikinghammer Tweet WordPress plugin through 0.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

CVSS3: 5.7
0%
Низкий
больше 1 года назад
github логотип
GHSA-xwc4-f36r-xj54

The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this interface.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-xwc4-8fpp-fv79

Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4309.

4%
Низкий
больше 3 лет назад
github логотип
GHSA-xwc3-j4x2-wgpc

Unspecified vulnerability in the Oracle Universal Installer component in Oracle Database Server 10.1.0.5 allows local users to affect confidentiality via unknown vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-xwc2-pv6j-7344

Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation Manager (BSM) before 1.1-65374, Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to read limited files via unspecified vectors.

CVSS3: 5.3
0%
Низкий
11 месяцев назад
github логотип
GHSA-xwc2-2xh3-v7qg

Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to Libevent within Libevent log handlers, which might allow remote attackers to cause a denial of service (daemon crash) via vectors that trigger certain log messages.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-xw9x-352m-86jm

The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 does not validate the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, which allows remote attackers to (1) cause a denial of service (integer underflow, heap memory corruption, and panic) via a small length value in data sent to a ROSE socket, or (2) conduct stack-based buffer overflow attacks via a large length value in data sent to a ROSE socket.

1%
Низкий
больше 3 лет назад

Уязвимостей на страницу