Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-xvxc-929r-6mvq

больше 3 лет назад

NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-xvx9-w67v-7f8g

почти 4 года назад

Unspecified vulnerability in Report Application Server (Crystalras.exe) before 11.0.0.1370, as used in Business Objects Crystal Reports XI, Crystal Reports Server XI, and BusinessObjects Enterprise XI, allows remote attackers to cause a denial of service (application hang) via certain network traffic, possibly involving multiple simultaneous TCP connections.

EPSS: Низкий
github логотип

GHSA-xvx8-mgqv-q2fj

больше 3 лет назад

An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to inject packets that could potentially disrupt the availability of the device.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-xvx7-w8qq-jr55

6 месяцев назад

Rejected reason: Not used

EPSS: Низкий
github логотип

GHSA-xvx7-cgrp-p764

больше 3 лет назад

Insufficient access control in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access.

EPSS: Низкий
github логотип

GHSA-xvx7-78wp-jmp4

почти 4 года назад

The BAIR program does not properly restrict access to the Internet Explorer Internet options menu, which allows local users to obtain access to the menu by modifying the registry key that starts BAIR.

EPSS: Низкий
github логотип

GHSA-xvx6-rgcr-cjh6

больше 1 года назад

The MDx theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdx_list_item' shortcode in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS3: 6.4
EPSS: Низкий
github логотип

GHSA-xvx6-9cq2-q2x7

почти 4 года назад

Multiple cross-site scripting (XSS) vulnerabilities in phplist before 2.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-xvx6-286h-35qm

9 месяцев назад

Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availability.

CVSS3: 5.8
EPSS: Низкий
github логотип

GHSA-xvx5-4wp8-4f6g

больше 3 лет назад

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4768.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-xvx4-v362-295f

около 1 года назад

An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you "Allow Authentication with User Credentials OR Client Certificate."

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-xvx4-fr25-r858

больше 3 лет назад

QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.

CVSS3: 3.3
EPSS: Низкий
github логотип

GHSA-xvx3-whgp-7rq7

больше 3 лет назад

The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-xvx3-23h3-m25g

больше 3 лет назад

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect availability via vectors related to XML Publisher.

EPSS: Низкий
github логотип

GHSA-xvx2-wqf5-jjgv

больше 3 лет назад

typo3/cms-felogin Cross-site Scripting vulnerability

EPSS: Низкий
github логотип

GHSA-xvx2-w5pj-9472

больше 3 лет назад

When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. <br> *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7.

EPSS: Низкий
github логотип

GHSA-xvx2-r4w7-hx6q

больше 3 лет назад

Improper input validation in the Intel(R) SGX Platform Software for Windows* may allow an authenticated user to potentially enable a denial of service via local access.

EPSS: Низкий
github логотип

GHSA-xvx2-mpv8-r9xf

больше 3 лет назад

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in mjs_execute() in mjs.c.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-xvx2-hw78-h573

больше 3 лет назад

Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.

EPSS: Низкий
github логотип

GHSA-xvwx-g9pc-953x

почти 4 года назад

time server daemon timed allows remote attackers to cause a denial of service via malformed packets.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-xvxc-929r-6mvq

NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations.

CVSS3: 5.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-xvx9-w67v-7f8g

Unspecified vulnerability in Report Application Server (Crystalras.exe) before 11.0.0.1370, as used in Business Objects Crystal Reports XI, Crystal Reports Server XI, and BusinessObjects Enterprise XI, allows remote attackers to cause a denial of service (application hang) via certain network traffic, possibly involving multiple simultaneous TCP connections.

1%
Низкий
почти 4 года назад
github логотип
GHSA-xvx8-mgqv-q2fj

An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to inject packets that could potentially disrupt the availability of the device.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-xvx7-w8qq-jr55

Rejected reason: Not used

6 месяцев назад
github логотип
GHSA-xvx7-cgrp-p764

Insufficient access control in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-xvx7-78wp-jmp4

The BAIR program does not properly restrict access to the Internet Explorer Internet options menu, which allows local users to obtain access to the menu by modifying the registry key that starts BAIR.

0%
Низкий
почти 4 года назад
github логотип
GHSA-xvx6-rgcr-cjh6

The MDx theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdx_list_item' shortcode in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS3: 6.4
1%
Низкий
больше 1 года назад
github логотип
GHSA-xvx6-9cq2-q2x7

Multiple cross-site scripting (XSS) vulnerabilities in phplist before 2.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

0%
Низкий
почти 4 года назад
github логотип
GHSA-xvx6-286h-35qm

Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availability.

CVSS3: 5.8
0%
Низкий
9 месяцев назад
github логотип
GHSA-xvx5-4wp8-4f6g

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4768.

CVSS3: 8.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-xvx4-v362-295f

An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you "Allow Authentication with User Credentials OR Client Certificate."

CVSS3: 4.3
0%
Низкий
около 1 года назад
github логотип
GHSA-xvx4-fr25-r858

QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.

CVSS3: 3.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-xvx3-whgp-7rq7

The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.

CVSS3: 6.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-xvx3-23h3-m25g

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect availability via vectors related to XML Publisher.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-xvx2-wqf5-jjgv

typo3/cms-felogin Cross-site Scripting vulnerability

0%
Низкий
больше 3 лет назад
github логотип
GHSA-xvx2-w5pj-9472

When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. <br> *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-xvx2-r4w7-hx6q

Improper input validation in the Intel(R) SGX Platform Software for Windows* may allow an authenticated user to potentially enable a denial of service via local access.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-xvx2-mpv8-r9xf

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in mjs_execute() in mjs.c.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-xvx2-hw78-h573

Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-xvwx-g9pc-953x

time server daemon timed allows remote attackers to cause a denial of service via malformed packets.

1%
Низкий
почти 4 года назад

Уязвимостей на страницу