Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3phc-v747-949q

больше 3 лет назад

A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file.

EPSS: Низкий
github логотип

GHSA-3ph9-qwh9-55vc

больше 3 лет назад

FilesAnywhere does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVSS3: 7.4
EPSS: Низкий
github логотип

GHSA-3ph9-c37g-wmx3

больше 3 лет назад

An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a direct copy to NULL pointer dereference, leading to a denial of service (DOS).

EPSS: Низкий
github логотип

GHSA-3ph8-ggf6-fg2x

больше 3 лет назад

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3ph6-qh68-fv85

больше 3 лет назад

A Remote Bypass Security Restriction vulnerability in HPE Network Node Manager i (NNMi) Software versions v10.0x, v10.1x, v10.2x was found.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3ph6-jhvp-76gj

больше 3 лет назад

Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack ("Bleichenbacher attack"). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations.

CVSS3: 5.9
EPSS: Высокий
github логотип

GHSA-3ph6-cjjg-96q6

11 месяцев назад

The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS3: 4.8
EPSS: Низкий
github логотип

GHSA-3ph6-4gjf-m5qj

почти 4 года назад

Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.

EPSS: Низкий
github логотип

GHSA-3ph5-8qc9-vmmg

больше 3 лет назад

Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3ph5-58qm-r6wg

больше 2 лет назад

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.3, 12.4, 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 6.5 (Confidentiality,...

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3ph4-q4px-cwq5

почти 4 года назад

Directory traversal vulnerability in cms_detect.php in TotalCalendar 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the include parameter.

EPSS: Низкий
github логотип

GHSA-3ph4-552r-r3pc

больше 3 лет назад

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, array access out of bounds may occur in the camera driver in the kernel

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3ph4-2g83-q4c3

3 месяца назад

Nagios XI versions prior to 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edit page. Exploitation requires an account with administrative privileges to access the affected interface. A user with administrative access could supply crafted input that is not properly sanitized, allowing SQL injection that may lead to unauthorized disclosure or modification of application data or execution of arbitrary SQL commands against the backend database.

CVSS3: 7.2
EPSS: Низкий
github логотип

GHSA-3ph3-5vg6-324h

10 месяцев назад

In Soffid Console 3.5.38 before 3.5.39, necessary checks were not applied to some Java objects. A malicious agent could possibly execute arbitrary code in the Sync Server and compromise security.

CVSS3: 8.5
EPSS: Низкий
github логотип

GHSA-3ph2-m9qq-8gwp

7 месяцев назад

IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26119.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3ph2-3pv3-wjv3

почти 4 года назад

Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the "NetMeeting Desktop Sharing" vulnerability.

EPSS: Средний
github логотип

GHSA-3pgx-69pv-46wx

около 1 года назад

A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3pgx-5h9r-2mg2

больше 3 лет назад

SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure.

EPSS: Низкий
github логотип

GHSA-3pgx-46rx-xc9j

больше 3 лет назад

hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3pgw-pp6m-pgh6

около 3 лет назад

In multiple functions of AdapterService.java, there is a possible way to manipulate Bluetooth state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240301753

CVSS3: 7.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3phc-v747-949q

A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3ph9-qwh9-55vc

FilesAnywhere does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVSS3: 7.4
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3ph9-c37g-wmx3

An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a direct copy to NULL pointer dereference, leading to a denial of service (DOS).

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3ph8-ggf6-fg2x

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

CVSS3: 6.1
2%
Низкий
больше 3 лет назад
github логотип
GHSA-3ph6-qh68-fv85

A Remote Bypass Security Restriction vulnerability in HPE Network Node Manager i (NNMi) Software versions v10.0x, v10.1x, v10.2x was found.

CVSS3: 9.8
9%
Низкий
больше 3 лет назад
github логотип
GHSA-3ph6-jhvp-76gj

Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack ("Bleichenbacher attack"). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations.

CVSS3: 5.9
77%
Высокий
больше 3 лет назад
github логотип
GHSA-3ph6-cjjg-96q6

The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS3: 4.8
0%
Низкий
11 месяцев назад
github логотип
GHSA-3ph6-4gjf-m5qj

Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3ph5-8qc9-vmmg

Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVSS3: 5.5
2%
Низкий
больше 3 лет назад
github логотип
GHSA-3ph5-58qm-r6wg

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.3, 12.4, 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 6.5 (Confidentiality,...

CVSS3: 6.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3ph4-q4px-cwq5

Directory traversal vulnerability in cms_detect.php in TotalCalendar 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the include parameter.

3%
Низкий
почти 4 года назад
github логотип
GHSA-3ph4-552r-r3pc

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, array access out of bounds may occur in the camera driver in the kernel

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3ph4-2g83-q4c3

Nagios XI versions prior to 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edit page. Exploitation requires an account with administrative privileges to access the affected interface. A user with administrative access could supply crafted input that is not properly sanitized, allowing SQL injection that may lead to unauthorized disclosure or modification of application data or execution of arbitrary SQL commands against the backend database.

CVSS3: 7.2
1%
Низкий
3 месяца назад
github логотип
GHSA-3ph3-5vg6-324h

In Soffid Console 3.5.38 before 3.5.39, necessary checks were not applied to some Java objects. A malicious agent could possibly execute arbitrary code in the Sync Server and compromise security.

CVSS3: 8.5
0%
Низкий
10 месяцев назад
github логотип
GHSA-3ph2-m9qq-8gwp

IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26119.

CVSS3: 7.8
0%
Низкий
7 месяцев назад
github логотип
GHSA-3ph2-3pv3-wjv3

Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the "NetMeeting Desktop Sharing" vulnerability.

20%
Средний
почти 4 года назад
github логотип
GHSA-3pgx-69pv-46wx

A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

CVSS3: 6.5
0%
Низкий
около 1 года назад
github логотип
GHSA-3pgx-5h9r-2mg2

SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pgx-46rx-xc9j

hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed.

CVSS3: 7.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3pgw-pp6m-pgh6

In multiple functions of AdapterService.java, there is a possible way to manipulate Bluetooth state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240301753

CVSS3: 7.8
0%
Низкий
около 3 лет назад

Уязвимостей на страницу