Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-425x-9rj5-2cwq

почти 4 года назад

Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-425w-xhjg-hfcm

около 1 года назад

A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter of the upgrade session confirmation page (upgradeSession / forceUpgrade) if the "Upgrade session" plugin has been enabled by an admin

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-425v-6qh8-hmjx

10 месяцев назад

Missing Authorization vulnerability in cedcommerce Ship Per Product allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Ship Per Product: from n/a through 2.1.0.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-425r-wx26-xvfm

почти 4 года назад

Unspecified vulnerability in eClient in IBM DB2 Content Manager (CM) Toolkit 8.3 before fix pack 7 for z/OS has unknown impact and attack vectors, related to "scripting."

EPSS: Низкий
github логотип

GHSA-425r-hmhf-r25x

10 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: iio: light: Add check for array bounds in veml6075_read_int_time_ms The array contains only 5 elements, but the index calculated by veml6075_read_int_time_index can range from 0 to 7, which could lead to out-of-bounds access. The check prevents this issue. Coverity Issue CID 1574309: (#1 of 1): Out-of-bounds read (OVERRUN) overrun-local: Overrunning array veml6075_it_ms of 5 4-byte elements at element index 7 (byte offset 31) using index int_index (which evaluates to 7) This is hardening against potentially broken hardware. Good to have but not necessary to backport.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-425r-g3hx-w75v

7 месяцев назад

A vulnerability, which was classified as critical, has been found in Campcodes Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /mark.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-425q-pgcw-3w5r

больше 3 лет назад

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0714, CVE-2019-0717, CVE-2019-0718, CVE-2019-0723.

CVSS3: 6.2
EPSS: Низкий
github логотип

GHSA-425m-4v5p-2xch

больше 3 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can (1) create new administrator user accounts and take over the entire application, (2) create regular user accounts, or (3) change configuration parameters such as tax rates and the enable/disable status of PayPal payment modules.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-425j-xr6h-5vrv

почти 4 года назад

The (1) ZD_MissingPlayer, (2) ZD_UseItem, and (3) ZD_LoadNewClientLevel functions in sv_main.cpp for (a) Zdaemon 1.08.01 and (b) X-Doom allows remote attackers to cause a denial of service (crash) via an invalid player slot or item number, which causes an invalid memory access, possibly due to an invalid array index.

EPSS: Средний
github логотип

GHSA-425j-ff8c-j42j

9 месяцев назад

Rejected reason: Not used

EPSS: Низкий
github логотип

GHSA-425j-2mfw-73xx

больше 3 лет назад

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF.

EPSS: Средний
github логотип

GHSA-425g-hgx9-r6jq

больше 3 лет назад

** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that "the underlying problem is non-trivial to handle."

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-425g-3v2m-rf2q

больше 1 года назад

dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addAdmin.

CVSS3: 9.3
EPSS: Низкий
github логотип

GHSA-425f-273g-699h

больше 1 года назад

libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-425c-w8px-7q9c

больше 1 года назад

Path traversal vulnerability in “deleteFiles” function of Common Service Desktop, a GE HealthCare ultrasound device component

CVSS3: 6.2
EPSS: Низкий
github логотип

GHSA-425c-ccf3-3jrr

около 6 лет назад

Critical severity vulnerability that affects slpjs

CVSS3: 5.7
EPSS: Низкий
github логотип

GHSA-425c-353w-6mvg

12 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix oops when unload drivers paralleling When unload hclge driver, it tries to disable sriov first for each ae_dev node from hnae3_ae_dev_list. If user unloads hns3 driver at the time, because it removes all the ae_dev nodes, and it may cause oops. But we can't simply use hnae3_common_lock for this. Because in the process flow of pci_disable_sriov(), it will trigger the remove flow of VF, which will also take hnae3_common_lock. To fixes it, introduce a new mutex to protect the unload process.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-4259-rfmh-fqxw

4 месяца назад

Reolink Video Doorbell WiFi DB_566128M5MP_W allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitrary commands with root privileges.

CVSS3: 6.8
EPSS: Низкий
github логотип

GHSA-4258-vcjw-wwxx

больше 3 лет назад

furlongm openvpn-monitor command injection

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-4257-qx96-mgcq

11 месяцев назад

Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vulnerability. An attacker can log in to any system account including the system administrator through a logical flaw.

CVSS3: 7.7
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-425x-9rj5-2cwq

Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet.

CVSS3: 6.5
0%
Низкий
почти 4 года назад
github логотип
GHSA-425w-xhjg-hfcm

A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter of the upgrade session confirmation page (upgradeSession / forceUpgrade) if the "Upgrade session" plugin has been enabled by an admin

CVSS3: 5.4
0%
Низкий
около 1 года назад
github логотип
GHSA-425v-6qh8-hmjx

Missing Authorization vulnerability in cedcommerce Ship Per Product allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Ship Per Product: from n/a through 2.1.0.

CVSS3: 5.3
0%
Низкий
10 месяцев назад
github логотип
GHSA-425r-wx26-xvfm

Unspecified vulnerability in eClient in IBM DB2 Content Manager (CM) Toolkit 8.3 before fix pack 7 for z/OS has unknown impact and attack vectors, related to "scripting."

1%
Низкий
почти 4 года назад
github логотип
GHSA-425r-hmhf-r25x

In the Linux kernel, the following vulnerability has been resolved: iio: light: Add check for array bounds in veml6075_read_int_time_ms The array contains only 5 elements, but the index calculated by veml6075_read_int_time_index can range from 0 to 7, which could lead to out-of-bounds access. The check prevents this issue. Coverity Issue CID 1574309: (#1 of 1): Out-of-bounds read (OVERRUN) overrun-local: Overrunning array veml6075_it_ms of 5 4-byte elements at element index 7 (byte offset 31) using index int_index (which evaluates to 7) This is hardening against potentially broken hardware. Good to have but not necessary to backport.

CVSS3: 7.8
0%
Низкий
10 месяцев назад
github логотип
GHSA-425r-g3hx-w75v

A vulnerability, which was classified as critical, has been found in Campcodes Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /mark.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 7.3
0%
Низкий
7 месяцев назад
github логотип
GHSA-425q-pgcw-3w5r

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0714, CVE-2019-0717, CVE-2019-0718, CVE-2019-0723.

CVSS3: 6.2
1%
Низкий
больше 3 лет назад
github логотип
GHSA-425m-4v5p-2xch

Multiple cross-site request forgery (CSRF) vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can (1) create new administrator user accounts and take over the entire application, (2) create regular user accounts, or (3) change configuration parameters such as tax rates and the enable/disable status of PayPal payment modules.

CVSS3: 8.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-425j-xr6h-5vrv

The (1) ZD_MissingPlayer, (2) ZD_UseItem, and (3) ZD_LoadNewClientLevel functions in sv_main.cpp for (a) Zdaemon 1.08.01 and (b) X-Doom allows remote attackers to cause a denial of service (crash) via an invalid player slot or item number, which causes an invalid memory access, possibly due to an invalid array index.

16%
Средний
почти 4 года назад
github логотип
GHSA-425j-ff8c-j42j

Rejected reason: Not used

9 месяцев назад
github логотип
GHSA-425j-2mfw-73xx

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF.

10%
Средний
больше 3 лет назад
github логотип
GHSA-425g-hgx9-r6jq

** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that "the underlying problem is non-trivial to handle."

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-425g-3v2m-rf2q

dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addAdmin.

CVSS3: 9.3
0%
Низкий
больше 1 года назад
github логотип
GHSA-425f-273g-699h

libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.

CVSS3: 6.5
0%
Низкий
больше 1 года назад
github логотип
GHSA-425c-w8px-7q9c

Path traversal vulnerability in “deleteFiles” function of Common Service Desktop, a GE HealthCare ultrasound device component

CVSS3: 6.2
0%
Низкий
больше 1 года назад
github логотип
GHSA-425c-ccf3-3jrr

Critical severity vulnerability that affects slpjs

CVSS3: 5.7
0%
Низкий
около 6 лет назад
github логотип
GHSA-425c-353w-6mvg

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix oops when unload drivers paralleling When unload hclge driver, it tries to disable sriov first for each ae_dev node from hnae3_ae_dev_list. If user unloads hns3 driver at the time, because it removes all the ae_dev nodes, and it may cause oops. But we can't simply use hnae3_common_lock for this. Because in the process flow of pci_disable_sriov(), it will trigger the remove flow of VF, which will also take hnae3_common_lock. To fixes it, introduce a new mutex to protect the unload process.

CVSS3: 5.5
0%
Низкий
12 месяцев назад
github логотип
GHSA-4259-rfmh-fqxw

Reolink Video Doorbell WiFi DB_566128M5MP_W allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitrary commands with root privileges.

CVSS3: 6.8
0%
Низкий
4 месяца назад
github логотип
GHSA-4258-vcjw-wwxx

furlongm openvpn-monitor command injection

CVSS3: 7.5
2%
Низкий
больше 3 лет назад
github логотип
GHSA-4257-qx96-mgcq

Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vulnerability. An attacker can log in to any system account including the system administrator through a logical flaw.

CVSS3: 7.7
0%
Низкий
11 месяцев назад

Уязвимостей на страницу