Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3mvh-3mr8-3g6f

больше 3 лет назад

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ URI.

EPSS: Низкий
github логотип

GHSA-3mvg-wf73-6mx2

около 1 года назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codstack Team wp_automatic_widget allows DOM-Based XSS.This issue affects wp_automatic_widget: from n/a through 1.0.1.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3mvg-rrrw-m7ph

больше 5 лет назад

Ability to change order address without triggering address validations in solidus

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3mvg-pwgj-w59x

больше 2 лет назад

The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3mvg-73xx-6fcp

2 месяца назад

Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.

CVSS3: 7
EPSS: Низкий
github логотип

GHSA-3mvf-79cp-mfqc

больше 3 лет назад

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS3: 4.9
EPSS: Низкий
github логотип

GHSA-3mv9-ggpf-rmx9

больше 3 лет назад

The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "Windows SAM and LSAD Downgrade Vulnerability" or "BADLOCK."

CVSS3: 6.8
EPSS: Средний
github логотип

GHSA-3mv9-fmvf-xvmx

около 2 лет назад

Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet – A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP – Membership plugin for WordPress and Woo...

CVSS3: 8.2
EPSS: Низкий
github логотип

GHSA-3mv9-9jrg-48mh

почти 4 года назад

** DISPUTED ** PHP remote file inclusion vulnerability in user-func.php in Codeworks Gnomedia SubberZ[Lite] allows remote attackers to execute arbitrary PHP code via a URL in the myadmindir parameter. NOTE: this issue has been disputed by a third party that claims that " the myadmindir variable is set before any GET variables are processed."

EPSS: Средний
github логотип

GHSA-3mv9-6gw5-j7q6

около 3 лет назад

The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header.

CVSS3: 8.1
EPSS: Низкий
github логотип

GHSA-3mv9-4h5g-vhg3

11 месяцев назад

tsup DOM Clobbering vulnerability

EPSS: Низкий
github логотип

GHSA-3mv8-x3jj-3j7m

больше 3 лет назад

ChakraCore RCE Vulnerability

CVSS3: 7.5
EPSS: Средний
github логотип

GHSA-3mv8-qr3m-89rv

больше 3 лет назад

Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-3mv8-cw8p-37fv

26 дней назад

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3mv7-84x4-8439

2 месяца назад

In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix received length check in big packets Since commit 4959aebba8c0 ("virtio-net: use mtu size as buffer length for big packets"), when guest gso is off, the allocated size for big packets is not MAX_SKB_FRAGS * PAGE_SIZE anymore but depends on negotiated MTU. The number of allocated frags for big packets is stored in vi->big_packets_num_skbfrags. Because the host announced buffer length can be malicious (e.g. the host vhost_net driver's get_rx_bufs is modified to announce incorrect length), we need a check in virtio_net receive path. Currently, the check is not adapted to the new change which can lead to NULL page pointer dereference in the below while loop when receiving length that is larger than the allocated one. This commit fixes the received length check corresponding to the new change.

EPSS: Низкий
github логотип

GHSA-3mv6-r7mf-4mmv

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Content Security Management on Security Management Appliance (SMA) devices allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh24749.

EPSS: Низкий
github логотип

GHSA-3mv5-rjm2-qwx6

больше 3 лет назад

An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes.

EPSS: Низкий
github логотип

GHSA-3mv5-343c-w2qg

около 2 лет назад

Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut

EPSS: Низкий
github логотип

GHSA-3mv4-jjf4-j7wj

больше 2 лет назад

Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3mv4-77hr-gc5g

почти 4 года назад

Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a crafted web site.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3mvh-3mr8-3g6f

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ URI.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mvg-wf73-6mx2

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codstack Team wp_automatic_widget allows DOM-Based XSS.This issue affects wp_automatic_widget: from n/a through 1.0.1.

CVSS3: 6.5
0%
Низкий
около 1 года назад
github логотип
GHSA-3mvg-rrrw-m7ph

Ability to change order address without triggering address validations in solidus

CVSS3: 5.3
0%
Низкий
больше 5 лет назад
github логотип
GHSA-3mvg-pwgj-w59x

The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115.

CVSS3: 5.4
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3mvg-73xx-6fcp

Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.

CVSS3: 7
0%
Низкий
2 месяца назад
github логотип
GHSA-3mvf-79cp-mfqc

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS3: 4.9
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mv9-ggpf-rmx9

The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "Windows SAM and LSAD Downgrade Vulnerability" or "BADLOCK."

CVSS3: 6.8
60%
Средний
больше 3 лет назад
github логотип
GHSA-3mv9-fmvf-xvmx

Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet – A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP – Membership plugin for WordPress and Woo...

CVSS3: 8.2
1%
Низкий
около 2 лет назад
github логотип
GHSA-3mv9-9jrg-48mh

** DISPUTED ** PHP remote file inclusion vulnerability in user-func.php in Codeworks Gnomedia SubberZ[Lite] allows remote attackers to execute arbitrary PHP code via a URL in the myadmindir parameter. NOTE: this issue has been disputed by a third party that claims that " the myadmindir variable is set before any GET variables are processed."

11%
Средний
почти 4 года назад
github логотип
GHSA-3mv9-6gw5-j7q6

The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header.

CVSS3: 8.1
1%
Низкий
около 3 лет назад
github логотип
GHSA-3mv9-4h5g-vhg3

tsup DOM Clobbering vulnerability

0%
Низкий
11 месяцев назад
github логотип
GHSA-3mv8-x3jj-3j7m

ChakraCore RCE Vulnerability

CVSS3: 7.5
19%
Средний
больше 3 лет назад
github логотип
GHSA-3mv8-qr3m-89rv

Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

CVSS3: 5.3
2%
Низкий
больше 3 лет назад
github логотип
GHSA-3mv8-cw8p-37fv

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 7.8
0%
Низкий
26 дней назад
github логотип
GHSA-3mv7-84x4-8439

In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix received length check in big packets Since commit 4959aebba8c0 ("virtio-net: use mtu size as buffer length for big packets"), when guest gso is off, the allocated size for big packets is not MAX_SKB_FRAGS * PAGE_SIZE anymore but depends on negotiated MTU. The number of allocated frags for big packets is stored in vi->big_packets_num_skbfrags. Because the host announced buffer length can be malicious (e.g. the host vhost_net driver's get_rx_bufs is modified to announce incorrect length), we need a check in virtio_net receive path. Currently, the check is not adapted to the new change which can lead to NULL page pointer dereference in the below while loop when receiving length that is larger than the allocated one. This commit fixes the received length check corresponding to the new change.

0%
Низкий
2 месяца назад
github логотип
GHSA-3mv6-r7mf-4mmv

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Content Security Management on Security Management Appliance (SMA) devices allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh24749.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mv5-rjm2-qwx6

An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mv5-343c-w2qg

Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut

около 2 лет назад
github логотип
GHSA-3mv4-jjf4-j7wj

Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 5.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3mv4-77hr-gc5g

Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a crafted web site.

2%
Низкий
почти 4 года назад

Уязвимостей на страницу