Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-3mxh-jhq3-34vp

больше 3 лет назад

In checkAccess of SliceManagerService.java in Android 9, there is a possible permissions check bypass due to incorrect order of arguments. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

EPSS: Низкий
github логотип

GHSA-3mxh-jg23-hw9c

больше 3 лет назад

Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (memory corruption and application crash) or potentially execute arbitrary code via the Bezier data in a crafted PDF file.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3mxh-57x7-m994

больше 3 лет назад

Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405.

EPSS: Низкий
github логотип

GHSA-3mxg-74vr-rhx5

больше 3 лет назад

Out of bound read in BIOS firmware for 8th, 9th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 Series Processors may allow an unauthenticated user to potentially enable elevation of privilege or denial of service via local access.

EPSS: Низкий
github логотип

GHSA-3mxf-xw42-ccg7

больше 3 лет назад

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateMacClone.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3mxf-gmrf-p76m

больше 3 лет назад

An issue was discovered in ONAP VNFSDK through Dublin. By accessing port 8000 of demo-vnfsdk-vnfsdk, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.

EPSS: Низкий
github логотип

GHSA-3mxf-85j4-w2qr

больше 2 лет назад

A vulnerability was found in code-projects Agro-School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument password leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-230568.

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-3mxc-mmgr-xj49

почти 4 года назад

Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers a divide-by-zero error. NOTE: some of these details are obtained from third party information.

EPSS: Низкий
github логотип

GHSA-3mxc-8p66-5xwj

больше 3 лет назад

In libmkvextractor, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141860394

EPSS: Низкий
github логотип

GHSA-3mxc-4fgq-75qh

почти 4 года назад

** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in John Frank Asset Manager (AssetMan) 2.4a and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE.

EPSS: Низкий
github логотип

GHSA-3mx9-7xh4-v774

10 месяцев назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Blocks allows Stored XSS. This issue affects Magical Blocks: from n/a through 1.0.10.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3mx8-688w-x5vh

5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: chardev: fix error handling in cdev_device_add() While doing fault injection test, I got the following report: ------------[ cut here ]------------ kobject: '(null)' (0000000039956980): is not initialized, yet kobject_put() is being called. WARNING: CPU: 3 PID: 6306 at kobject_put+0x23d/0x4e0 CPU: 3 PID: 6306 Comm: 283 Tainted: G W 6.1.0-rc2-00005-g307c1086d7c9 #1253 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:kobject_put+0x23d/0x4e0 Call Trace: <TASK> cdev_device_add+0x15e/0x1b0 __iio_device_register+0x13b4/0x1af0 [industrialio] __devm_iio_device_register+0x22/0x90 [industrialio] max517_probe+0x3d8/0x6b4 [max517] i2c_device_probe+0xa81/0xc00 When device_add() is injected fault and returns error, if dev->devt is not set, cdev_add() is not called, cdev_del() is not needed. Fix this by checking dev->devt in error path.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3mx7-v7gf-xcv3

больше 3 лет назад

In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3mx6-gj69-jg8v

больше 3 лет назад

Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows administrator users to access policy settings via running this tool.

EPSS: Низкий
github логотип

GHSA-3mx5-5456-727x

больше 2 лет назад

SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to obtain sensitive information via the import sessions functions.

CVSS3: 4.9
EPSS: Низкий
github логотип

GHSA-3mx4-qc89-mgrf

6 месяцев назад

In mupen64plus v2.6.0 there is an array overflow vulnerability in the write_rdram_regs and write_rdram_regs functions, which enables executing arbitrary commands on the host machine.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3mx4-h2pg-vf39

больше 3 лет назад

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3mx4-39m2-w2c8

почти 4 года назад

Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat parameter to index.php, (5) ppuser parameter to showgallery.php, (6) cat parameter to showgallery.php, (7) cat parameter to uploadphoto.php, (8) albumid parameter to useralbums.php, or (9) albumid parameter to useralbums.php.

EPSS: Низкий
github логотип

GHSA-3mx3-2j2q-9898

больше 3 лет назад

Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

EPSS: Средний
github логотип

GHSA-3mwx-pjvv-8hjh

больше 3 лет назад

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3mxh-jhq3-34vp

In checkAccess of SliceManagerService.java in Android 9, there is a possible permissions check bypass due to incorrect order of arguments. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mxh-jg23-hw9c

Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (memory corruption and application crash) or potentially execute arbitrary code via the Bezier data in a crafted PDF file.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mxh-57x7-m994

Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mxg-74vr-rhx5

Out of bound read in BIOS firmware for 8th, 9th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 Series Processors may allow an unauthenticated user to potentially enable elevation of privilege or denial of service via local access.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mxf-xw42-ccg7

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateMacClone.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mxf-gmrf-p76m

An issue was discovered in ONAP VNFSDK through Dublin. By accessing port 8000 of demo-vnfsdk-vnfsdk, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3mxf-85j4-w2qr

A vulnerability was found in code-projects Agro-School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument password leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-230568.

CVSS3: 6.3
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3mxc-mmgr-xj49

Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers a divide-by-zero error. NOTE: some of these details are obtained from third party information.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3mxc-8p66-5xwj

In libmkvextractor, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141860394

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mxc-4fgq-75qh

** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in John Frank Asset Manager (AssetMan) 2.4a and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3mx9-7xh4-v774

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Blocks allows Stored XSS. This issue affects Magical Blocks: from n/a through 1.0.10.

CVSS3: 6.5
0%
Низкий
10 месяцев назад
github логотип
GHSA-3mx8-688w-x5vh

In the Linux kernel, the following vulnerability has been resolved: chardev: fix error handling in cdev_device_add() While doing fault injection test, I got the following report: ------------[ cut here ]------------ kobject: '(null)' (0000000039956980): is not initialized, yet kobject_put() is being called. WARNING: CPU: 3 PID: 6306 at kobject_put+0x23d/0x4e0 CPU: 3 PID: 6306 Comm: 283 Tainted: G W 6.1.0-rc2-00005-g307c1086d7c9 #1253 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:kobject_put+0x23d/0x4e0 Call Trace: <TASK> cdev_device_add+0x15e/0x1b0 __iio_device_register+0x13b4/0x1af0 [industrialio] __devm_iio_device_register+0x22/0x90 [industrialio] max517_probe+0x3d8/0x6b4 [max517] i2c_device_probe+0xa81/0xc00 When device_add() is injected fault and returns error, if dev->devt is not set, cdev_add() is not called, cdev_del() is not needed. Fix this by checking dev->devt in error path.

CVSS3: 5.5
0%
Низкий
5 месяцев назад
github логотип
GHSA-3mx7-v7gf-xcv3

In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mx6-gj69-jg8v

Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows administrator users to access policy settings via running this tool.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mx5-5456-727x

SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to obtain sensitive information via the import sessions functions.

CVSS3: 4.9
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3mx4-qc89-mgrf

In mupen64plus v2.6.0 there is an array overflow vulnerability in the write_rdram_regs and write_rdram_regs functions, which enables executing arbitrary commands on the host machine.

CVSS3: 9.8
0%
Низкий
6 месяцев назад
github логотип
GHSA-3mx4-h2pg-vf39

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.

CVSS3: 9.8
10%
Низкий
больше 3 лет назад
github логотип
GHSA-3mx4-39m2-w2c8

Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat parameter to index.php, (5) ppuser parameter to showgallery.php, (6) cat parameter to showgallery.php, (7) cat parameter to uploadphoto.php, (8) albumid parameter to useralbums.php, or (9) albumid parameter to useralbums.php.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3mx3-2j2q-9898

Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

18%
Средний
больше 3 лет назад
github логотип
GHSA-3mwx-pjvv-8hjh

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

4%
Низкий
больше 3 лет назад

Уязвимостей на страницу