Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 310 789

Количество 310 789

github логотип

GHSA-3g96-v8h5-2g5f

около 2 месяцев назад

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3g96-gjx9-qj4c

больше 3 лет назад

Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."

EPSS: Низкий
github логотип

GHSA-3g95-xf53-275x

больше 3 лет назад

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3g95-jqmm-jr55

почти 4 года назад

Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that increments a pointer count after the nargs function has counted the pointers, but before the count is copied from user space to kernel space, which leads to a buffer overflow.

EPSS: Низкий
github логотип

GHSA-3g95-gcw4-qr9r

больше 1 года назад

After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3g94-3h93-rrf8

больше 1 года назад

Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium)

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3g93-9f89-prgj

больше 3 лет назад

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0795.

CVSS3: 8.8
EPSS: Средний
github логотип

GHSA-3g93-3q7r-642f

больше 2 лет назад

Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS3: 6.7
EPSS: Низкий
github логотип

GHSA-3g92-xpx3-5xx5

больше 3 лет назад

Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes it easier for remote authenticated users to obtain sensitive information via a dictionary attack, aka PR 879462.

EPSS: Низкий
github логотип

GHSA-3g92-w8c5-73pq

больше 1 года назад

Undici vulnerable to data leak when using response.arrayBuffer()

CVSS3: 2
EPSS: Низкий
github логотип

GHSA-3g92-r6cp-xjxj

больше 3 лет назад

The interpreter in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allows remote attackers to discover script source code via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-3g8x-wqfp-q876

больше 1 года назад

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

CVSS3: 9
EPSS: Средний
github логотип

GHSA-3g8x-qh85-fr9c

больше 3 лет назад

IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623.

EPSS: Низкий
github логотип

GHSA-3g8x-c82p-r7gj

больше 3 лет назад

The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3g8x-9wgw-w22x

около 1 года назад

D-Link DSL-3782 v1.01 is vulnerable to Buffer Overflow in /New_GUI/ParentalControl.asp.

CVSS3: 5.7
EPSS: Низкий
github логотип

GHSA-3g8x-9j4g-j75h

больше 3 лет назад

A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3g8x-8934-xrr7

около 2 месяцев назад

The HAPPY – Helpdesk Support Ticket System plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'submit_form_reply' AJAX action in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit replies to arbitrary support tickets by manipulating the 'happy_topic_id' parameter, regardless of whether they are the ticket owner or have been assigned to the ticket.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3g8v-hxcm-qw7q

около 1 года назад

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Biplob Adhikari Team Showcase and Slider – Team Members Builder allows Reflected XSS.This issue affects Team Showcase and Slider – Team Members Builder: from n/a through 1.3.

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-3g8v-fw4m-xm3p

больше 3 лет назад

Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x before 5.2 allows remote attackers to cause a denial of service (memory consumption) via crafted packets.

EPSS: Низкий
github логотип

GHSA-3g8v-6552-p38w

около 4 лет назад

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and prior versions.

EPSS: Высокий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3g96-v8h5-2g5f

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS3: 7.8
0%
Низкий
около 2 месяцев назад
github логотип
GHSA-3g96-gjx9-qj4c

Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."

8%
Низкий
больше 3 лет назад
github логотип
GHSA-3g95-xf53-275x

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.

CVSS3: 6.1
2%
Низкий
больше 3 лет назад
github логотип
GHSA-3g95-jqmm-jr55

Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that increments a pointer count after the nargs function has counted the pointers, but before the count is copied from user space to kernel space, which leads to a buffer overflow.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3g95-gcw4-qr9r

After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 7.8
0%
Низкий
больше 1 года назад
github логотип
GHSA-3g94-3h93-rrf8

Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium)

CVSS3: 6.5
0%
Низкий
больше 1 года назад
github логотип
GHSA-3g93-9f89-prgj

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0795.

CVSS3: 8.8
28%
Средний
больше 3 лет назад
github логотип
GHSA-3g93-3q7r-642f

Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS3: 6.7
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3g92-xpx3-5xx5

Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes it easier for remote authenticated users to obtain sensitive information via a dictionary attack, aka PR 879462.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3g92-w8c5-73pq

Undici vulnerable to data leak when using response.arrayBuffer()

CVSS3: 2
0%
Низкий
больше 1 года назад
github логотип
GHSA-3g92-r6cp-xjxj

The interpreter in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allows remote attackers to discover script source code via unspecified vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3g8x-wqfp-q876

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

CVSS3: 9
24%
Средний
больше 1 года назад
github логотип
GHSA-3g8x-qh85-fr9c

IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3g8x-c82p-r7gj

The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document.

CVSS3: 5.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3g8x-9wgw-w22x

D-Link DSL-3782 v1.01 is vulnerable to Buffer Overflow in /New_GUI/ParentalControl.asp.

CVSS3: 5.7
0%
Низкий
около 1 года назад
github логотип
GHSA-3g8x-9j4g-j75h

A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS.

CVSS3: 8.8
3%
Низкий
больше 3 лет назад
github логотип
GHSA-3g8x-8934-xrr7

The HAPPY – Helpdesk Support Ticket System plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'submit_form_reply' AJAX action in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit replies to arbitrary support tickets by manipulating the 'happy_topic_id' parameter, regardless of whether they are the ticket owner or have been assigned to the ticket.

CVSS3: 5.3
0%
Низкий
около 2 месяцев назад
github логотип
GHSA-3g8v-hxcm-qw7q

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Biplob Adhikari Team Showcase and Slider – Team Members Builder allows Reflected XSS.This issue affects Team Showcase and Slider – Team Members Builder: from n/a through 1.3.

CVSS3: 7.1
0%
Низкий
около 1 года назад
github логотип
GHSA-3g8v-fw4m-xm3p

Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x before 5.2 allows remote attackers to cause a denial of service (memory consumption) via crafted packets.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3g8v-6552-p38w

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and prior versions.

86%
Высокий
около 4 лет назад

Уязвимостей на страницу