Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-3pf6-phr8-5pjr

больше 3 лет назад

The IM5 Fans Planet (aka uk.co.pixelkicks.im5) application 2.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

EPSS: Низкий
github логотип

GHSA-3pf4-qj7m-gfhw

больше 3 лет назад

The DNS implementation in Cisco Adaptive Security Appliance (ASA) Software 7.2 before 7.2(5.16), 8.2 before 8.2(5.57), 8.3 before 8.3(2.44), 8.4 before 8.4(7.28), 8.5 before 8.5(1.24), 8.6 before 8.6(1.17), 8.7 before 8.7(1.16), 9.0 before 9.0(4.33), 9.1 before 9.1(6.1), 9.2 before 9.2(3.4), and 9.3 before 9.3(3) allows man-in-the-middle attackers to cause a denial of service (memory consumption or device outage) by triggering outbound DNS queries and then sending crafted responses to these queries, aka Bug ID CSCuq77655.

EPSS: Низкий
github логотип

GHSA-3pf3-v52v-h9jg

около 2 лет назад

Cross-Site Request Forgery (CSRF) vulnerability in Benedict B., Maciej Gryniuk Hyphenator plugin <= 5.1.5 versions.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3pf3-r2j9-j4h7

больше 3 лет назад

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, and CVE-2014-4110.

EPSS: Средний
github логотип

GHSA-3pf3-mgqq-qmjj

больше 3 лет назад

A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3pf2-g488-cwrg

больше 3 лет назад

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding.

EPSS: Низкий
github логотип

GHSA-3pcx-vgx2-j88m

около 4 лет назад

KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its content.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3pcx-p538-qfgw

почти 4 года назад

SQL injection vulnerability in the decode_cookie function in thread.php in Woltlab Burning Board Lite 1.0.2 allows remote attackers to execute arbitrary SQL commands via the threadvisit Cookie parameter.

EPSS: Низкий
github логотип

GHSA-3pcx-jqp9-f982

больше 3 лет назад

upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files.

CVSS3: 9.8
EPSS: Средний
github логотип

GHSA-3pcw-vp3f-6hvh

больше 3 лет назад

Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbitrary ADS packets when legitimate ADS traffic is observable.

CVSS3: 9.1
EPSS: Низкий
github логотип

GHSA-3pcv-gxjm-4r56

больше 3 лет назад

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Embedded Server.

EPSS: Низкий
github логотип

GHSA-3pcr-r262-49qp

больше 3 лет назад

Forcepoint User ID (FUID) server versions up to 1.2 have a remote arbitrary file upload vulnerability on TCP port 5001. Successful exploitation of this vulnerability may lead to remote code execution. To fix this vulnerability, upgrade to FUID version 1.3 or higher. To prevent the vulnerability on FUID versions 1.2 and below, apply local firewall rules on the FUID server to disable all external access to port TCP/5001. FUID requires this port only for local connections through the loopback interface.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3pcr-6mwc-x3p8

больше 3 лет назад

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).

CVSS3: 9.8
EPSS: Критический
github логотип

GHSA-3pcr-6c3f-wvpr

больше 3 лет назад

A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3pcr-4vgr-x46g

больше 2 лет назад

Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32524.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3pcr-4982-548m

почти 5 лет назад

Exposure of .env if project root is configured as web root in shopware/production

EPSS: Низкий
github логотип

GHSA-3pcq-f86j-jh8q

больше 3 лет назад

An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3pcq-5mc6-8j3p

больше 3 лет назад

In Tuxera NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3pcq-34w5-p4g2

больше 4 лет назад

modern-async's `forEachSeries` and `forEachLimit` functions do not limit the number of requests

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3pcq-2643-8rg5

больше 3 лет назад

In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941

CVSS3: 7.5
EPSS: Средний

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3pf6-phr8-5pjr

The IM5 Fans Planet (aka uk.co.pixelkicks.im5) application 2.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pf4-qj7m-gfhw

The DNS implementation in Cisco Adaptive Security Appliance (ASA) Software 7.2 before 7.2(5.16), 8.2 before 8.2(5.57), 8.3 before 8.3(2.44), 8.4 before 8.4(7.28), 8.5 before 8.5(1.24), 8.6 before 8.6(1.17), 8.7 before 8.7(1.16), 9.0 before 9.0(4.33), 9.1 before 9.1(6.1), 9.2 before 9.2(3.4), and 9.3 before 9.3(3) allows man-in-the-middle attackers to cause a denial of service (memory consumption or device outage) by triggering outbound DNS queries and then sending crafted responses to these queries, aka Bug ID CSCuq77655.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pf3-v52v-h9jg

Cross-Site Request Forgery (CSRF) vulnerability in Benedict B., Maciej Gryniuk Hyphenator plugin <= 5.1.5 versions.

CVSS3: 8.8
0%
Низкий
около 2 лет назад
github логотип
GHSA-3pf3-r2j9-j4h7

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, and CVE-2014-4110.

18%
Средний
больше 3 лет назад
github логотип
GHSA-3pf3-mgqq-qmjj

A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pf2-g488-cwrg

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pcx-vgx2-j88m

KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its content.

CVSS3: 5.5
0%
Низкий
около 4 лет назад
github логотип
GHSA-3pcx-p538-qfgw

SQL injection vulnerability in the decode_cookie function in thread.php in Woltlab Burning Board Lite 1.0.2 allows remote attackers to execute arbitrary SQL commands via the threadvisit Cookie parameter.

2%
Низкий
почти 4 года назад
github логотип
GHSA-3pcx-jqp9-f982

upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files.

CVSS3: 9.8
21%
Средний
больше 3 лет назад
github логотип
GHSA-3pcw-vp3f-6hvh

Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbitrary ADS packets when legitimate ADS traffic is observable.

CVSS3: 9.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pcv-gxjm-4r56

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Embedded Server.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pcr-r262-49qp

Forcepoint User ID (FUID) server versions up to 1.2 have a remote arbitrary file upload vulnerability on TCP port 5001. Successful exploitation of this vulnerability may lead to remote code execution. To fix this vulnerability, upgrade to FUID version 1.3 or higher. To prevent the vulnerability on FUID versions 1.2 and below, apply local firewall rules on the FUID server to disable all external access to port TCP/5001. FUID requires this port only for local connections through the loopback interface.

CVSS3: 9.8
2%
Низкий
больше 3 лет назад
github логотип
GHSA-3pcr-6mwc-x3p8

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).

CVSS3: 9.8
93%
Критический
больше 3 лет назад
github логотип
GHSA-3pcr-6c3f-wvpr

A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pcr-4vgr-x46g

Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32524.

CVSS3: 8.8
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3pcr-4982-548m

Exposure of .env if project root is configured as web root in shopware/production

почти 5 лет назад
github логотип
GHSA-3pcq-f86j-jh8q

An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pcq-5mc6-8j3p

In Tuxera NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pcq-34w5-p4g2

modern-async's `forEachSeries` and `forEachLimit` functions do not limit the number of requests

CVSS3: 7.5
0%
Низкий
больше 4 лет назад
github логотип
GHSA-3pcq-2643-8rg5

In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941

CVSS3: 7.5
11%
Средний
больше 3 лет назад

Уязвимостей на страницу