Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3qcg-4hp6-rx66

больше 3 лет назад

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 has an improper account-lockout setting, which makes it easier for remote attackers to obtain access via a brute-force attack.

EPSS: Низкий
github логотип

GHSA-3qcf-jc2v-r99h

почти 4 года назад

Directory traversal vulnerability in the third party tool from Powertech, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.

EPSS: Низкий
github логотип

GHSA-3qcf-hphp-2m63

почти 2 года назад

In imgsys, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation Patch ID: ALPS08518692; Issue ID: MSV-1012.

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-3qcf-857g-5p4x

больше 1 года назад

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVSS3: 8
EPSS: Низкий
github логотип

GHSA-3qcc-hgxf-jmc5

больше 3 лет назад

IBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, 6.2.3 through FP05, and 6.3.0 before FP04 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging Take Action view authority to modify in-progress commands.

EPSS: Низкий
github логотип

GHSA-3qcc-7w94-cc7w

почти 4 года назад

SQL injection vulnerability in DWdirectory 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter to the /search URI.

EPSS: Низкий
github логотип

GHSA-3qc9-35qv-7xpj

около 3 лет назад

To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.

EPSS: Низкий
github логотип

GHSA-3qc8-c2c9-9pgw

больше 3 лет назад

Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.

CVSS3: 9.1
EPSS: Низкий
github логотип

GHSA-3qc8-39jf-7268

почти 4 года назад

libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804.

EPSS: Низкий
github логотип

GHSA-3qc6-x7mq-579v

около 1 года назад

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Roberto Alicata ra_qrcode allows Stored XSS.This issue affects ra_qrcode: from n/a through 2.1.0.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3qc6-f467-3w44

больше 3 лет назад

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523.

EPSS: Низкий
github логотип

GHSA-3qc6-cvgf-f4r6

больше 3 лет назад

Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Integration - COM.

EPSS: Низкий
github логотип

GHSA-3qc5-w3mm-qh46

больше 2 лет назад

In FaceStatsAnalyzer::InterpolateWeightList of face_stats_analyzer.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-269174022References: N/A

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3qc4-32h5-3h38

больше 3 лет назад

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_bcode_part_get_by_offset() in mjs.c.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3qc3-mx6x-267h

около 1 года назад

Insecure default config access in WriteFreely

CVSS3: 8.4
EPSS: Низкий
github логотип

GHSA-3qc2-v3hp-6cv8

больше 2 лет назад

sidekiq Denial of Service vulnerability

CVSS3: 5.7
EPSS: Низкий
github логотип

GHSA-3qc2-95g6-46cj

почти 4 года назад

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3qc2-7hv7-fxp9

почти 4 года назад

AGTC MyShop 3.2b allows remote attackers to bypass authentication and obtain administrative access setting the log_accept cookie to "correcto."

EPSS: Низкий
github логотип

GHSA-3q9x-w53p-jg53

около 4 лет назад

OS Command Injection in heroku-addonpool

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3q9w-xx57-q783

больше 3 лет назад

ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3qcg-4hp6-rx66

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 has an improper account-lockout setting, which makes it easier for remote attackers to obtain access via a brute-force attack.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3qcf-jc2v-r99h

Directory traversal vulnerability in the third party tool from Powertech, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3qcf-hphp-2m63

In imgsys, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation Patch ID: ALPS08518692; Issue ID: MSV-1012.

CVSS3: 6.3
0%
Низкий
почти 2 года назад
github логотип
GHSA-3qcf-857g-5p4x

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVSS3: 8
0%
Низкий
больше 1 года назад
github логотип
GHSA-3qcc-hgxf-jmc5

IBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, 6.2.3 through FP05, and 6.3.0 before FP04 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging Take Action view authority to modify in-progress commands.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3qcc-7w94-cc7w

SQL injection vulnerability in DWdirectory 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter to the /search URI.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3qc9-35qv-7xpj

To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.

около 3 лет назад
github логотип
GHSA-3qc8-c2c9-9pgw

Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.

CVSS3: 9.1
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3qc8-39jf-7268

libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3qc6-x7mq-579v

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Roberto Alicata ra_qrcode allows Stored XSS.This issue affects ra_qrcode: from n/a through 2.1.0.

CVSS3: 6.5
0%
Низкий
около 1 года назад
github логотип
GHSA-3qc6-f467-3w44

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3qc6-cvgf-f4r6

Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Integration - COM.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3qc5-w3mm-qh46

In FaceStatsAnalyzer::InterpolateWeightList of face_stats_analyzer.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-269174022References: N/A

CVSS3: 5.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3qc4-32h5-3h38

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_bcode_part_get_by_offset() in mjs.c.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3qc3-mx6x-267h

Insecure default config access in WriteFreely

CVSS3: 8.4
0%
Низкий
около 1 года назад
github логотип
GHSA-3qc2-v3hp-6cv8

sidekiq Denial of Service vulnerability

CVSS3: 5.7
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3qc2-95g6-46cj

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

CVSS3: 7.5
0%
Низкий
почти 4 года назад
github логотип
GHSA-3qc2-7hv7-fxp9

AGTC MyShop 3.2b allows remote attackers to bypass authentication and obtain administrative access setting the log_accept cookie to "correcto."

3%
Низкий
почти 4 года назад
github логотип
GHSA-3q9x-w53p-jg53

OS Command Injection in heroku-addonpool

CVSS3: 9.8
3%
Низкий
около 4 лет назад
github логотип
GHSA-3q9w-xx57-q783

ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters.

0%
Низкий
больше 3 лет назад

Уязвимостей на страницу