Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3q6p-r6rr-266x

больше 3 лет назад

Jenkins Deploy to container Plugin stored plain text passwords in job configuration

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3q6p-m26m-f78r

7 месяцев назад

A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.

CVSS3: 5.6
EPSS: Низкий
github логотип

GHSA-3q6m-v84f-6p9h

больше 2 лет назад

quic-go vulnerable to pointer dereference that can lead to panic

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3q6j-h79v-fffv

больше 3 лет назад

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L).

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3q6j-5f25-xfc9

3 месяца назад

In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including the use of the Yii framework, the MySQL/MariaDB database engine, the table name 'lime_sessions', primary keys, and fragments of the content that caused the conflict. This information can simplify the collection of data about the internal architecture of the application by an attacker.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3q6h-q44p-xw88

больше 2 лет назад

Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-3q6h-2x33-95wm

больше 2 лет назад

This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3q6g-vf58-7m4g

больше 4 лет назад

Regular Expression Denial of Service in flask-restx

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3q6g-qmpx-rqw4

почти 2 года назад

Whoogle Search Server-Side Request Forgery vulnerability

CVSS3: 9.1
EPSS: Низкий
github логотип

GHSA-3q6g-7frr-xvpj

7 месяцев назад

A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3q6g-2ch9-q6x7

больше 3 лет назад

IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170004.

EPSS: Низкий
github логотип

GHSA-3q6f-8grx-pr4v

больше 4 лет назад

Cross-site scripting in jspdf

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3q6c-xv98-jf35

больше 3 лет назад

In JetBrains Hub before 2021.1.13415, a DoS via user information is possible.

EPSS: Низкий
github логотип

GHSA-3q6c-gxc3-h5vx

6 месяцев назад

A vulnerability was detected in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used.

CVSS3: 2.4
EPSS: Низкий
github логотип

GHSA-3q69-c555-hw23

больше 3 лет назад

Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matches JavaScript identifier syntax. This vulnerability affects Firefox < 56.

CVSS3: 8.2
EPSS: Низкий
github логотип

GHSA-3q68-jh6h-39cm

больше 3 лет назад

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pas...

CVSS3: 6.8
EPSS: Низкий
github логотип

GHSA-3q68-hm47-94vg

больше 1 года назад

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

CVSS3: 3.9
EPSS: Низкий
github логотип

GHSA-3q68-3vrx-8h5f

около 3 лет назад

When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3q67-g228-h5qx

больше 3 лет назад

An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos.

EPSS: Низкий
github логотип

GHSA-3q67-fwp6-mgfc

около 4 лет назад

Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.

CVSS3: 8.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3q6p-r6rr-266x

Jenkins Deploy to container Plugin stored plain text passwords in job configuration

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3q6p-m26m-f78r

A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.

CVSS3: 5.6
0%
Низкий
7 месяцев назад
github логотип
GHSA-3q6m-v84f-6p9h

quic-go vulnerable to pointer dereference that can lead to panic

CVSS3: 7.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3q6j-h79v-fffv

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L).

CVSS3: 5.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3q6j-5f25-xfc9

In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including the use of the Yii framework, the MySQL/MariaDB database engine, the table name 'lime_sessions', primary keys, and fragments of the content that caused the conflict. This information can simplify the collection of data about the internal architecture of the application by an attacker.

CVSS3: 6.5
0%
Низкий
3 месяца назад
github логотип
GHSA-3q6h-q44p-xw88

Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.

CVSS3: 7.3
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3q6h-2x33-95wm

This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack.

CVSS3: 6.1
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3q6g-vf58-7m4g

Regular Expression Denial of Service in flask-restx

CVSS3: 7.5
1%
Низкий
больше 4 лет назад
github логотип
GHSA-3q6g-qmpx-rqw4

Whoogle Search Server-Side Request Forgery vulnerability

CVSS3: 9.1
0%
Низкий
почти 2 года назад
github логотип
GHSA-3q6g-7frr-xvpj

A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 8.8
0%
Низкий
7 месяцев назад
github логотип
GHSA-3q6g-2ch9-q6x7

IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170004.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3q6f-8grx-pr4v

Cross-site scripting in jspdf

CVSS3: 6.1
0%
Низкий
больше 4 лет назад
github логотип
GHSA-3q6c-xv98-jf35

In JetBrains Hub before 2021.1.13415, a DoS via user information is possible.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3q6c-gxc3-h5vx

A vulnerability was detected in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used.

CVSS3: 2.4
0%
Низкий
6 месяцев назад
github логотип
GHSA-3q69-c555-hw23

Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matches JavaScript identifier syntax. This vulnerability affects Firefox < 56.

CVSS3: 8.2
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3q68-jh6h-39cm

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pas...

CVSS3: 6.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3q68-hm47-94vg

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

CVSS3: 3.9
0%
Низкий
больше 1 года назад
github логотип
GHSA-3q68-3vrx-8h5f

When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.

CVSS3: 5.3
0%
Низкий
около 3 лет назад
github логотип
GHSA-3q67-g228-h5qx

An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3q67-fwp6-mgfc

Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.

CVSS3: 8.8
0%
Низкий
около 4 лет назад

Уязвимостей на страницу