Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3p3x-vg38-6g9q

больше 2 лет назад

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Deni...

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3p3x-8v96-cq98

4 месяца назад

A vulnerability was found in Campcodes Online Apartment Visitor Management System 1.0. Impacted is an unknown function of the file /admin-profile.php. Performing manipulation of the argument mobilenumber results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

CVSS3: 4.7
EPSS: Низкий
github логотип

GHSA-3p3w-92gc-7p27

больше 3 лет назад

Buffer overflow in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable elevation of privilege or denial of service via adjacent access.

EPSS: Низкий
github логотип

GHSA-3p3w-8fvr-q4gw

больше 3 лет назад

Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

EPSS: Средний
github логотип

GHSA-3p3r-fjqw-f7g3

больше 3 лет назад

A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges.

EPSS: Низкий
github логотип

GHSA-3p3q-w36v-m4vj

почти 4 года назад

Buffer overflow in the Multimedia PC Client in Nortel Multimedia Communication Server (MCS) before Maintenance Release 3.5.8.3 and 4.0.25.3 allows remote attackers to cause a denial of service (crash) via a flood of "extraneous" messages, as demonstrated by the Nessus "Generic flood" denial of service plugin.

EPSS: Низкий
github логотип

GHSA-3p3q-5gjp-wvmc

9 месяцев назад

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused

EPSS: Низкий
github логотип

GHSA-3p3p-qg5g-j2p5

больше 3 лет назад

SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 allows remote attackers to execute arbitrary SQL commands via the mytable parameter. NOTE: the id vector is covered by another CVE name.

EPSS: Низкий
github логотип

GHSA-3p3p-pvm7-cggr

больше 3 лет назад

Winston 1.5.4 devices are vulnerable to command injection via the API.

EPSS: Низкий
github логотип

GHSA-3p3p-cgj7-vgw3

почти 2 года назад

RSSHub vulnerable to Server-Side Request Forgery

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3p3m-mqcr-8mfw

больше 2 лет назад

Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to spoof browser UI via a crafted HTML page. (Chromium security severity: Low)

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3p3m-h26v-9r73

больше 3 лет назад

The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injection.

CVSS3: 9.8
EPSS: Средний
github логотип

GHSA-3p3h-qghp-hvh2

почти 5 лет назад

Open Redirect in werkzeug

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3p3h-j9q4-q239

больше 1 года назад

Incorrect access control in the firmware update and download processes of IVY Smart v4.5.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.

CVSS3: 8.4
EPSS: Низкий
github логотип

GHSA-3p3h-7wpm-9j2r

больше 3 лет назад

Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3p3h-5g54-qmc8

больше 1 года назад

ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3p3g-vpw6-4w66

больше 4 лет назад

Authentication Bypass in hydra

CVSS3: 5.8
EPSS: Низкий
github логотип

GHSA-3p3g-v9c5-jwvw

почти 3 года назад

An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.0.0 through 7.0.6, 2.0 all versions, 1.2 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS/FortiProxy device and remote servers hosting threat feeds (when the latter are configured as Fabric connectors in FortiOS/FortiProxy)

CVSS3: 7.4
EPSS: Низкий
github логотип

GHSA-3p3f-hgmm-72qv

больше 3 лет назад

Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

EPSS: Низкий
github логотип

GHSA-3p3f-h63v-47c5

больше 3 лет назад

A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.

CVSS3: 5.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3p3x-vg38-6g9q

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Deni...

CVSS3: 5.3
1%
Низкий
больше 2 лет назад
github логотип
GHSA-3p3x-8v96-cq98

A vulnerability was found in Campcodes Online Apartment Visitor Management System 1.0. Impacted is an unknown function of the file /admin-profile.php. Performing manipulation of the argument mobilenumber results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

CVSS3: 4.7
0%
Низкий
4 месяца назад
github логотип
GHSA-3p3w-92gc-7p27

Buffer overflow in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable elevation of privilege or denial of service via adjacent access.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3p3w-8fvr-q4gw

Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

13%
Средний
больше 3 лет назад
github логотип
GHSA-3p3r-fjqw-f7g3

A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3p3q-w36v-m4vj

Buffer overflow in the Multimedia PC Client in Nortel Multimedia Communication Server (MCS) before Maintenance Release 3.5.8.3 and 4.0.25.3 allows remote attackers to cause a denial of service (crash) via a flood of "extraneous" messages, as demonstrated by the Nessus "Generic flood" denial of service plugin.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3p3q-5gjp-wvmc

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused

9 месяцев назад
github логотип
GHSA-3p3p-qg5g-j2p5

SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 allows remote attackers to execute arbitrary SQL commands via the mytable parameter. NOTE: the id vector is covered by another CVE name.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3p3p-pvm7-cggr

Winston 1.5.4 devices are vulnerable to command injection via the API.

6%
Низкий
больше 3 лет назад
github логотип
GHSA-3p3p-cgj7-vgw3

RSSHub vulnerable to Server-Side Request Forgery

CVSS3: 6.5
1%
Низкий
почти 2 года назад
github логотип
GHSA-3p3m-mqcr-8mfw

Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to spoof browser UI via a crafted HTML page. (Chromium security severity: Low)

CVSS3: 4.3
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3p3m-h26v-9r73

The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injection.

CVSS3: 9.8
13%
Средний
больше 3 лет назад
github логотип
GHSA-3p3h-qghp-hvh2

Open Redirect in werkzeug

CVSS3: 6.1
1%
Низкий
почти 5 лет назад
github логотип
GHSA-3p3h-j9q4-q239

Incorrect access control in the firmware update and download processes of IVY Smart v4.5.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.

CVSS3: 8.4
0%
Низкий
больше 1 года назад
github логотип
GHSA-3p3h-7wpm-9j2r

Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter.

CVSS3: 5.4
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3p3h-5g54-qmc8

ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code.

CVSS3: 9.8
0%
Низкий
больше 1 года назад
github логотип
GHSA-3p3g-vpw6-4w66

Authentication Bypass in hydra

CVSS3: 5.8
0%
Низкий
больше 4 лет назад
github логотип
GHSA-3p3g-v9c5-jwvw

An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.0.0 through 7.0.6, 2.0 all versions, 1.2 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS/FortiProxy device and remote servers hosting threat feeds (when the latter are configured as Fabric connectors in FortiOS/FortiProxy)

CVSS3: 7.4
0%
Низкий
почти 3 года назад
github логотип
GHSA-3p3f-hgmm-72qv

Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3p3f-h63v-47c5

A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад

Уязвимостей на страницу