Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-3mgv-rw6h-g4mm

больше 3 лет назад

Open redirect vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

EPSS: Низкий
github логотип

GHSA-3mgv-3m44-369m

больше 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in sample store pages in IBM WebSphere Commerce 7.0 before 7.0.0.1 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.

EPSS: Низкий
github логотип

GHSA-3mgr-fjw4-mgpc

больше 3 лет назад

SQL injection vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to execute arbitrary SQL commands via the displayid parameter.

EPSS: Низкий
github логотип

GHSA-3mgr-cw56-9xx7

почти 4 года назад

Windows File Explorer Elevation of Privilege Vulnerability.

CVSS3: 7
EPSS: Низкий
github логотип

GHSA-3mgr-6m8w-82f4

больше 3 лет назад

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 179428.

EPSS: Низкий
github логотип

GHSA-3mgq-766r-8vr6

4 месяца назад

HCL MyXalytics: 6.6.  is affected by Mass Assignment vulnerability. Mass Assignment occurs when user input is automatically bound to application objects without proper validation or access controls, potentially allowing unauthorized modification of sensitive fields.

CVSS3: 7.6
EPSS: Низкий
github логотип

GHSA-3mgp-qhxh-6rqh

больше 3 лет назад

In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3mgp-fx93-9xv5

около 7 лет назад

XSS vulnerability that affects bootstrap

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3mgp-6v5r-49c2

больше 3 лет назад

Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3mgm-63xg-j4r3

больше 3 лет назад

An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3mgm-628r-4cx7

почти 2 года назад

Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3mgj-ppp2-8gvj

7 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: remove WARN on bad firmware input If the firmware gives bad input, that's nothing to do with the driver's stack at this point etc., so the WARN_ON() doesn't add any value. Additionally, this is one of the top syzbot reports now. Just print a message, and as an added bonus, print the sizes too.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3mgj-7ppj-9qfc

больше 3 лет назад

This issue was addressed with improved checks. This issue is fixed in watchOS 6.3, iOS 12.5, iOS 14.3 and iPadOS 14.3, watchOS 7.2. Unauthorized code execution may lead to an authentication policy violation.

EPSS: Низкий
github логотип

GHSA-3mgj-3vhp-rjgq

почти 4 года назад

StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive information and edit configuration scripts via a direct request to admin.asp.

EPSS: Низкий
github логотип

GHSA-3mgj-2f83-wr3q

больше 3 лет назад

Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp() function. By adding "[]" to the end of "key" in the URL when accessing API functions, an attacker could exploit this vulnerability to execute API functions.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3mgj-25w6-9vm6

около 4 лет назад

Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ;

EPSS: Низкий
github логотип

GHSA-3mgh-2cwf-8r9v

больше 3 лет назад

An information disclosure vulnerability in the Android system (rild). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37896655.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3mgg-hwvm-97qx

больше 3 лет назад

NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3mgg-3hqg-jjq6

около 1 года назад

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text.

CVSS3: 4.4
EPSS: Низкий
github логотип

GHSA-3mgg-22gr-vqxv

больше 3 лет назад

Unspecified vulnerability in Twilight Frontier Touhou Hisouten 1.06 and earlier allows remote attackers to cause a denial of service (daemon crash) via unknown network traffic.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3mgv-rw6h-g4mm

Open redirect vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mgv-3m44-369m

Multiple cross-site scripting (XSS) vulnerabilities in sample store pages in IBM WebSphere Commerce 7.0 before 7.0.0.1 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mgr-fjw4-mgpc

SQL injection vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to execute arbitrary SQL commands via the displayid parameter.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mgr-cw56-9xx7

Windows File Explorer Elevation of Privilege Vulnerability.

CVSS3: 7
0%
Низкий
почти 4 года назад
github логотип
GHSA-3mgr-6m8w-82f4

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 179428.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mgq-766r-8vr6

HCL MyXalytics: 6.6.  is affected by Mass Assignment vulnerability. Mass Assignment occurs when user input is automatically bound to application objects without proper validation or access controls, potentially allowing unauthorized modification of sensitive fields.

CVSS3: 7.6
0%
Низкий
4 месяца назад
github логотип
GHSA-3mgp-qhxh-6rqh

In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mgp-fx93-9xv5

XSS vulnerability that affects bootstrap

CVSS3: 6.1
6%
Низкий
около 7 лет назад
github логотип
GHSA-3mgp-6v5r-49c2

Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mgm-63xg-j4r3

An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

CVSS3: 6.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3mgm-628r-4cx7

Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.

CVSS3: 4.3
0%
Низкий
почти 2 года назад
github логотип
GHSA-3mgj-ppp2-8gvj

In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: remove WARN on bad firmware input If the firmware gives bad input, that's nothing to do with the driver's stack at this point etc., so the WARN_ON() doesn't add any value. Additionally, this is one of the top syzbot reports now. Just print a message, and as an added bonus, print the sizes too.

CVSS3: 5.5
0%
Низкий
7 месяцев назад
github логотип
GHSA-3mgj-7ppj-9qfc

This issue was addressed with improved checks. This issue is fixed in watchOS 6.3, iOS 12.5, iOS 14.3 and iPadOS 14.3, watchOS 7.2. Unauthorized code execution may lead to an authentication policy violation.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mgj-3vhp-rjgq

StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive information and edit configuration scripts via a direct request to admin.asp.

8%
Низкий
почти 4 года назад
github логотип
GHSA-3mgj-2f83-wr3q

Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp() function. By adding "[]" to the end of "key" in the URL when accessing API functions, an attacker could exploit this vulnerability to execute API functions.

CVSS3: 9.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mgj-25w6-9vm6

Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ;

0%
Низкий
около 4 лет назад
github логотип
GHSA-3mgh-2cwf-8r9v

An information disclosure vulnerability in the Android system (rild). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37896655.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mgg-hwvm-97qx

NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors.

CVSS3: 8.8
2%
Низкий
больше 3 лет назад
github логотип
GHSA-3mgg-3hqg-jjq6

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text.

CVSS3: 4.4
0%
Низкий
около 1 года назад
github логотип
GHSA-3mgg-22gr-vqxv

Unspecified vulnerability in Twilight Frontier Touhou Hisouten 1.06 and earlier allows remote attackers to cause a denial of service (daemon crash) via unknown network traffic.

1%
Низкий
больше 3 лет назад

Уязвимостей на страницу