Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 529

Количество 314 529

github логотип

GHSA-3mw7-6cqh-vgc6

больше 3 лет назад

Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename.

CVSS3: 9.6
EPSS: Низкий
github логотип

GHSA-3mw6-fgc8-7frc

больше 3 лет назад

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3mw6-835f-4vv4

больше 3 лет назад

Unspecified vulnerability in Octopussy before 0.9.5.8 has unknown impact and attack vectors related to a "major security" vulnerability.

EPSS: Низкий
github логотип

GHSA-3mw5-8fv4-p245

больше 3 лет назад

PumpKIN TFTP Server 2.7.2.0 allows remote attackers to cause a denial of service via a write request with a long mode field.

EPSS: Низкий
github логотип

GHSA-3mw5-7hq7-6p5w

11 месяцев назад

NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering.

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-3mw4-pmpc-h76j

больше 3 лет назад

Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames.

EPSS: Низкий
github логотип

GHSA-3mw4-6rj6-74g5

почти 4 года назад

Null pointer dereference in TensorFlow

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3mw4-4mfr-235g

больше 3 лет назад

On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specifically crafted traffic using the default 'xnet' driver, Virtual Edition instances hosted in Amazon Web Services (AWS) may experience a TMM restart.

EPSS: Низкий
github логотип

GHSA-3mw3-473f-ghgm

7 месяцев назад

A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the device configuration without user interaction.

EPSS: Низкий
github логотип

GHSA-3mw3-2r27-jvqm

больше 2 лет назад

An issue was discovered in DTS Monitoring 3.57.0. The parameter options within the WGET check function is vulnerable to OS command injection (blind).

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3mvx-8xgc-hh5r

почти 4 года назад

Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local network for the configuration pages can be viewed by a malicious actor. The size of certain communications packets are predictable. This would allow an attacker to learn the state of the system if they can observe the traffic. This would be possible even if the traffic were encrypted, e.g., using WPA2, as the packet sizes would remain observable. The communication encryption scheme is theoretically sound, but is not strong enough for the level of protection required.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3mvv-2mf6-8hwf

почти 2 года назад

A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/bookdate.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256958 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS3: 3.5
EPSS: Низкий
github логотип

GHSA-3mvr-vp9h-cr29

10 месяцев назад

A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird ESR < 128.10.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3mvr-qcj7-4jj5

почти 4 года назад

Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3mvr-pxcv-j67r

больше 1 года назад

The SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS3: 6.4
EPSS: Низкий
github логотип

GHSA-3mvr-3jc2-mgf4

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.7, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via vectors involving an embedded image attachment.

EPSS: Низкий
github логотип

GHSA-3mvm-cfg4-h2w9

почти 4 года назад

fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to cause a denial of service (crash) by closing the connection while fetchnews is reading (1) an article header or (2) an article body, which also prevents fetchnews from querying other servers.

EPSS: Низкий
github логотип

GHSA-3mvm-3j3w-h3x9

больше 3 лет назад

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

EPSS: Средний
github логотип

GHSA-3mvj-vrgf-7rcr

8 месяцев назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP WPComplete allows Stored XSS. This issue affects WPComplete: from n/a through 2.9.5.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3mvj-7p7p-x4x5

почти 2 года назад

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code

CVSS3: 8.2
EPSS: Средний

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3mw7-6cqh-vgc6

Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename.

CVSS3: 9.6
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3mw6-fgc8-7frc

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mw6-835f-4vv4

Unspecified vulnerability in Octopussy before 0.9.5.8 has unknown impact and attack vectors related to a "major security" vulnerability.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mw5-8fv4-p245

PumpKIN TFTP Server 2.7.2.0 allows remote attackers to cause a denial of service via a write request with a long mode field.

2%
Низкий
больше 3 лет назад
github логотип
GHSA-3mw5-7hq7-6p5w

NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering.

CVSS3: 7.1
0%
Низкий
11 месяцев назад
github логотип
GHSA-3mw4-pmpc-h76j

Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mw4-6rj6-74g5

Null pointer dereference in TensorFlow

CVSS3: 6.5
0%
Низкий
почти 4 года назад
github логотип
GHSA-3mw4-4mfr-235g

On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specifically crafted traffic using the default 'xnet' driver, Virtual Edition instances hosted in Amazon Web Services (AWS) may experience a TMM restart.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3mw3-473f-ghgm

A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the device configuration without user interaction.

0%
Низкий
7 месяцев назад
github логотип
GHSA-3mw3-2r27-jvqm

An issue was discovered in DTS Monitoring 3.57.0. The parameter options within the WGET check function is vulnerable to OS command injection (blind).

CVSS3: 9.8
1%
Низкий
больше 2 лет назад
github логотип
GHSA-3mvx-8xgc-hh5r

Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local network for the configuration pages can be viewed by a malicious actor. The size of certain communications packets are predictable. This would allow an attacker to learn the state of the system if they can observe the traffic. This would be possible even if the traffic were encrypted, e.g., using WPA2, as the packet sizes would remain observable. The communication encryption scheme is theoretically sound, but is not strong enough for the level of protection required.

CVSS3: 5.5
0%
Низкий
почти 4 года назад
github логотип
GHSA-3mvv-2mf6-8hwf

A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/bookdate.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256958 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS3: 3.5
0%
Низкий
почти 2 года назад
github логотип
GHSA-3mvr-vp9h-cr29

A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird ESR < 128.10.

CVSS3: 6.5
0%
Низкий
10 месяцев назад
github логотип
GHSA-3mvr-qcj7-4jj5

Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.

CVSS3: 6.5
0%
Низкий
почти 4 года назад
github логотип
GHSA-3mvr-pxcv-j67r

The SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS3: 6.4
0%
Низкий
больше 1 года назад
github логотип
GHSA-3mvr-3jc2-mgf4

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.7, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via vectors involving an embedded image attachment.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3mvm-cfg4-h2w9

fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to cause a denial of service (crash) by closing the connection while fetchnews is reading (1) an article header or (2) an article body, which also prevents fetchnews from querying other servers.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3mvm-3j3w-h3x9

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

27%
Средний
больше 3 лет назад
github логотип
GHSA-3mvj-vrgf-7rcr

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP WPComplete allows Stored XSS. This issue affects WPComplete: from n/a through 2.9.5.

CVSS3: 6.5
0%
Низкий
8 месяцев назад
github логотип
GHSA-3mvj-7p7p-x4x5

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code

CVSS3: 8.2
11%
Средний
почти 2 года назад

Уязвимостей на страницу