Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 529

Количество 314 529

github логотип

GHSA-436v-h7q2-9qmp

больше 3 лет назад

The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference and memory corruption) via a crafted app.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-436v-ch6r-3qxq

около 1 месяца назад

A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1.2.0 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. This plugin is disabled by default. Affected Products: UCRM Argentina AFIP invoices Plugin (Version 1.2.0 and earlier) Mitigation: Update UCRM Argentina AFIP invoices Plugin to Version 1.3.0 or later.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-436v-69cc-46r8

больше 3 лет назад

An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34325986.

CVSS3: 7
EPSS: Низкий
github логотип

GHSA-436r-9cvq-hjq5

почти 4 года назад

A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-436r-7p9m-wm47

около 3 лет назад

The Optimize images ALT Text & names for SEO using AI WordPress plugin before 2.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-436q-824j-g5cx

больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: tracing/probes: Fix MAX_TRACE_ARGS limit handling When creating a trace_probe we would set nr_args prior to truncating the arguments to MAX_TRACE_ARGS. However, we would only initialize arguments up to the limit. This caused invalid memory access when attempting to set up probes with more than 128 fetchargs. BUG: kernel NULL pointer dereference, address: 0000000000000020 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 UID: 0 PID: 1769 Comm: cat Not tainted 6.11.0-rc7+ #8 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014 RIP: 0010:__set_print_fmt+0x134/0x330 Resolve the issue by applying the MAX_TRACE_ARGS limit earlier. Return an error when there are too many arguments instead of silently truncating.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-436q-6vh3-cx7q

почти 4 года назад

SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

EPSS: Низкий
github логотип

GHSA-436q-6h4x-h2hj

около 2 лет назад

A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated user.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-436p-pp82-ppwq

больше 1 года назад

xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted file, arbitrary code may be executed on the user's environment.

CVSS3: 7
EPSS: Низкий
github логотип

GHSA-436p-8gmj-3rqv

8 месяцев назад

Cross-Site Request Forgery (CSRF) vulnerability in WP Corner Quick Event Calendar allows Cross Site Request Forgery. This issue affects Quick Event Calendar: from n/a through 1.4.9.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-436m-r88g-vhmq

10 месяцев назад

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.

CVSS3: 3.5
EPSS: Низкий
github логотип

GHSA-436m-674g-w39v

почти 4 года назад

The Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a flood of fragmented packets to port 5060.

EPSS: Низкий
github логотип

GHSA-436j-fff5-mq27

почти 4 года назад

Directory traversal vulnerability in index.php in Php Photo Album (PHPPA) 0.8 BETA allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the preview parameter.

EPSS: Низкий
github логотип

GHSA-436h-wrjr-5hj3

почти 4 года назад

Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks.

EPSS: Низкий
github логотип

GHSA-436h-cr23-m9m7

около 3 лет назад

Freeing arbitrary <code>nsIInputStream</code>'s on a different thread than creation could have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-436g-vf62-vwq9

больше 3 лет назад

Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 5.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Security.

EPSS: Низкий
github логотип

GHSA-436g-2f92-cvhh

почти 3 года назад

Jenkins Role-based Authorization Strategy Plugin grants permissions even after they’ve been disabled

CVSS3: 5.9
EPSS: Низкий
github логотип

GHSA-436f-chr9-2p6r

больше 3 лет назад

The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.

EPSS: Низкий
github логотип

GHSA-436c-96vr-9jcq

больше 3 лет назад

Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-4369-x39w-2545

почти 4 года назад

VMware ESX Server 1.5.2 before Patch 4 allows local users to execute arbitrary programs as root via certain modified VMware ESX Server environment variables.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-436v-h7q2-9qmp

The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference and memory corruption) via a crafted app.

CVSS3: 7.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-436v-ch6r-3qxq

A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1.2.0 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. This plugin is disabled by default. Affected Products: UCRM Argentina AFIP invoices Plugin (Version 1.2.0 and earlier) Mitigation: Update UCRM Argentina AFIP invoices Plugin to Version 1.3.0 or later.

CVSS3: 7.5
0%
Низкий
около 1 месяца назад
github логотип
GHSA-436v-69cc-46r8

An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34325986.

CVSS3: 7
0%
Низкий
больше 3 лет назад
github логотип
GHSA-436r-9cvq-hjq5

A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code.

CVSS3: 9.8
4%
Низкий
почти 4 года назад
github логотип
GHSA-436r-7p9m-wm47

The Optimize images ALT Text & names for SEO using AI WordPress plugin before 2.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.

CVSS3: 6.5
0%
Низкий
около 3 лет назад
github логотип
GHSA-436q-824j-g5cx

In the Linux kernel, the following vulnerability has been resolved: tracing/probes: Fix MAX_TRACE_ARGS limit handling When creating a trace_probe we would set nr_args prior to truncating the arguments to MAX_TRACE_ARGS. However, we would only initialize arguments up to the limit. This caused invalid memory access when attempting to set up probes with more than 128 fetchargs. BUG: kernel NULL pointer dereference, address: 0000000000000020 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 UID: 0 PID: 1769 Comm: cat Not tainted 6.11.0-rc7+ #8 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014 RIP: 0010:__set_print_fmt+0x134/0x330 Resolve the issue by applying the MAX_TRACE_ARGS limit earlier. Return an error when there are too many arguments instead of silently truncating.

CVSS3: 5.5
0%
Низкий
больше 1 года назад
github логотип
GHSA-436q-6vh3-cx7q

SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

1%
Низкий
почти 4 года назад
github логотип
GHSA-436q-6h4x-h2hj

A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated user.

CVSS3: 5.4
0%
Низкий
около 2 лет назад
github логотип
GHSA-436p-pp82-ppwq

xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted file, arbitrary code may be executed on the user's environment.

CVSS3: 7
0%
Низкий
больше 1 года назад
github логотип
GHSA-436p-8gmj-3rqv

Cross-Site Request Forgery (CSRF) vulnerability in WP Corner Quick Event Calendar allows Cross Site Request Forgery. This issue affects Quick Event Calendar: from n/a through 1.4.9.

CVSS3: 4.3
0%
Низкий
8 месяцев назад
github логотип
GHSA-436m-r88g-vhmq

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.

CVSS3: 3.5
0%
Низкий
10 месяцев назад
github логотип
GHSA-436m-674g-w39v

The Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a flood of fragmented packets to port 5060.

1%
Низкий
почти 4 года назад
github логотип
GHSA-436j-fff5-mq27

Directory traversal vulnerability in index.php in Php Photo Album (PHPPA) 0.8 BETA allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the preview parameter.

3%
Низкий
почти 4 года назад
github логотип
GHSA-436h-wrjr-5hj3

Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks.

4%
Низкий
почти 4 года назад
github логотип
GHSA-436h-cr23-m9m7

Freeing arbitrary <code>nsIInputStream</code>'s on a different thread than creation could have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

CVSS3: 6.5
0%
Низкий
около 3 лет назад
github логотип
GHSA-436g-vf62-vwq9

Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 5.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Security.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-436g-2f92-cvhh

Jenkins Role-based Authorization Strategy Plugin grants permissions even after they’ve been disabled

CVSS3: 5.9
0%
Низкий
почти 3 года назад
github логотип
GHSA-436f-chr9-2p6r

The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-436c-96vr-9jcq

Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-4369-x39w-2545

VMware ESX Server 1.5.2 before Patch 4 allows local users to execute arbitrary programs as root via certain modified VMware ESX Server environment variables.

0%
Низкий
почти 4 года назад

Уязвимостей на страницу