Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-3w53-58xm-8pwx

около 1 года назад

Missing Authorization vulnerability in Pierre JEHAN Owl Carousel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Owl Carousel: from n/a through 0.5.3.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3w4x-wq52-ff93

почти 4 года назад

Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file.

EPSS: Низкий
github логотип

GHSA-3w4x-g8q4-22gw

почти 4 года назад

The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors.

EPSS: Низкий
github логотип

GHSA-3w4w-m332-9cfq

больше 3 лет назад

The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392.

EPSS: Низкий
github логотип

GHSA-3w4v-rvc4-2xpw

больше 3 лет назад

Keycloak has Files or Directories Accessible to External Parties

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3w4v-qfqc-3433

больше 3 лет назад

ChakraCore RCE Vulnerability

CVSS3: 7.5
EPSS: Критический
github логотип

GHSA-3w4r-prc4-q67c

около 1 года назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agnel Waghela Shortcode Collection allows Stored XSS.This issue affects Shortcode Collection: from n/a through 1.4.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3w4r-g3q4-3xjj

больше 1 года назад

In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible

CVSS3: 3.5
EPSS: Низкий
github логотип

GHSA-3w4p-r654-56p4

почти 4 года назад

Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions.

EPSS: Низкий
github логотип

GHSA-3w4p-mc7m-x3qf

больше 3 лет назад

Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a path.

EPSS: Низкий
github логотип

GHSA-3w4p-hjjh-fjwg

почти 4 года назад

FireGPG before 0.6 handle user?s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users?s private key.

EPSS: Низкий
github логотип

GHSA-3w4p-cp93-7566

почти 2 года назад

In the Linux kernel, the following vulnerability has been resolved: afs: Fix endless loop in directory parsing If a directory has a block with only ".__afsXXXX" files in it (from uncompleted silly-rename), these .__afsXXXX files are skipped but without advancing the file position in the dir_context. This leads to afs_dir_iterate() repeating the block again and again. Fix this by making the code that skips the .__afsXXXX file also manually advance the file position. The symptoms are a soft lookup: watchdog: BUG: soft lockup - CPU#3 stuck for 52s! [check:5737] ... RIP: 0010:afs_dir_iterate_block+0x39/0x1fd ... ? watchdog_timer_fn+0x1a6/0x213 ... ? asm_sysvec_apic_timer_interrupt+0x16/0x20 ? afs_dir_iterate_block+0x39/0x1fd afs_dir_iterate+0x10a/0x148 afs_readdir+0x30/0x4a iterate_dir+0x93/0xd3 __do_sys_getdents64+0x6b/0xd4 This is almost certainly the actual fix for: ...

EPSS: Низкий
github логотип

GHSA-3w4p-5chr-2r8f

больше 3 лет назад

xterm through Patch #365 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted UTF-8 character sequence.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3w4m-x79g-ghg6

почти 4 года назад

Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327.

EPSS: Низкий
github логотип

GHSA-3w4m-c8rq-62jj

4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: net: phylink: add lock for serializing concurrent pl->phydev writes with resolver Currently phylink_resolve() protects itself against concurrent phylink_bringup_phy() or phylink_disconnect_phy() calls which modify pl->phydev by relying on pl->state_mutex. The problem is that in phylink_resolve(), pl->state_mutex is in a lock inversion state with pl->phydev->lock. So pl->phydev->lock needs to be acquired prior to pl->state_mutex. But that requires dereferencing pl->phydev in the first place, and without pl->state_mutex, that is racy. Hence the reason for the extra lock. Currently it is redundant, but it will serve a functional purpose once mutex_lock(&phy->lock) will be moved outside of the mutex_lock(&pl->state_mutex) section. Another alternative considered would have been to let phylink_resolve() acquire the rtnl_mutex, which is also held when phylink_bringup_phy() and phylink_disconnect_phy() are called. But ...

CVSS3: 7
EPSS: Низкий
github логотип

GHSA-3w4m-48x7-p9gx

почти 4 года назад

Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06, on Mac OS X, allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. NOTE: it is highly likely that this item will be MERGED with CVE-2005-0836.

EPSS: Низкий
github логотип

GHSA-3w4j-cfcj-wj69

больше 3 лет назад

XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3w4j-297m-588q

больше 3 лет назад

Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3w4h-r27h-4r2w

больше 3 лет назад

TYPO3 Image Processing susceptible to Code Execution

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3w4g-jj6x-f73c

почти 4 года назад

upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3w53-58xm-8pwx

Missing Authorization vulnerability in Pierre JEHAN Owl Carousel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Owl Carousel: from n/a through 0.5.3.

CVSS3: 5.3
0%
Низкий
около 1 года назад
github логотип
GHSA-3w4x-wq52-ff93

Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3w4x-g8q4-22gw

The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3w4w-m332-9cfq

The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3w4v-rvc4-2xpw

Keycloak has Files or Directories Accessible to External Parties

CVSS3: 4.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3w4v-qfqc-3433

ChakraCore RCE Vulnerability

CVSS3: 7.5
91%
Критический
больше 3 лет назад
github логотип
GHSA-3w4r-prc4-q67c

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agnel Waghela Shortcode Collection allows Stored XSS.This issue affects Shortcode Collection: from n/a through 1.4.

CVSS3: 6.5
0%
Низкий
около 1 года назад
github логотип
GHSA-3w4r-g3q4-3xjj

In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible

CVSS3: 3.5
0%
Низкий
больше 1 года назад
github логотип
GHSA-3w4p-r654-56p4

Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3w4p-mc7m-x3qf

Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a path.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3w4p-hjjh-fjwg

FireGPG before 0.6 handle user?s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users?s private key.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3w4p-cp93-7566

In the Linux kernel, the following vulnerability has been resolved: afs: Fix endless loop in directory parsing If a directory has a block with only ".__afsXXXX" files in it (from uncompleted silly-rename), these .__afsXXXX files are skipped but without advancing the file position in the dir_context. This leads to afs_dir_iterate() repeating the block again and again. Fix this by making the code that skips the .__afsXXXX file also manually advance the file position. The symptoms are a soft lookup: watchdog: BUG: soft lockup - CPU#3 stuck for 52s! [check:5737] ... RIP: 0010:afs_dir_iterate_block+0x39/0x1fd ... ? watchdog_timer_fn+0x1a6/0x213 ... ? asm_sysvec_apic_timer_interrupt+0x16/0x20 ? afs_dir_iterate_block+0x39/0x1fd afs_dir_iterate+0x10a/0x148 afs_readdir+0x30/0x4a iterate_dir+0x93/0xd3 __do_sys_getdents64+0x6b/0xd4 This is almost certainly the actual fix for: ...

почти 2 года назад
github логотип
GHSA-3w4p-5chr-2r8f

xterm through Patch #365 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted UTF-8 character sequence.

CVSS3: 9.8
2%
Низкий
больше 3 лет назад
github логотип
GHSA-3w4m-x79g-ghg6

Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3w4m-c8rq-62jj

In the Linux kernel, the following vulnerability has been resolved: net: phylink: add lock for serializing concurrent pl->phydev writes with resolver Currently phylink_resolve() protects itself against concurrent phylink_bringup_phy() or phylink_disconnect_phy() calls which modify pl->phydev by relying on pl->state_mutex. The problem is that in phylink_resolve(), pl->state_mutex is in a lock inversion state with pl->phydev->lock. So pl->phydev->lock needs to be acquired prior to pl->state_mutex. But that requires dereferencing pl->phydev in the first place, and without pl->state_mutex, that is racy. Hence the reason for the extra lock. Currently it is redundant, but it will serve a functional purpose once mutex_lock(&phy->lock) will be moved outside of the mutex_lock(&pl->state_mutex) section. Another alternative considered would have been to let phylink_resolve() acquire the rtnl_mutex, which is also held when phylink_bringup_phy() and phylink_disconnect_phy() are called. But ...

CVSS3: 7
0%
Низкий
4 месяца назад
github логотип
GHSA-3w4m-48x7-p9gx

Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06, on Mac OS X, allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. NOTE: it is highly likely that this item will be MERGED with CVE-2005-0836.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3w4j-cfcj-wj69

XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3w4j-297m-588q

Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.

CVSS3: 7.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3w4h-r27h-4r2w

TYPO3 Image Processing susceptible to Code Execution

CVSS3: 7.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3w4g-jj6x-f73c

upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request.

5%
Низкий
почти 4 года назад

Уязвимостей на страницу