Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3gq4-h9hg-9898

больше 2 лет назад

A vulnerability has been identified in POWER METER SICAM Q200 family (All versions < V2.70). Affected devices are missing cookie protection flags when using the default settings. An attacker who gains access to a session token can use it to impersonate a legitimate application user.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3gq4-7fhw-289m

5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: fix memory corruption with too many bridges Add the missing sanity check on the bridge counter to avoid corrupting data beyond the fixed-sized bridge array in case there are ever more than eight bridges. Patchwork: https://patchwork.freedesktop.org/patch/502668/

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3gq3-wqjv-f3fj

почти 4 года назад

nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems.

EPSS: Низкий
github логотип

GHSA-3gq3-9cq7-288g

11 месяцев назад

Substance3D - Modeler versions 1.15.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3gq3-5gqh-97p3

больше 3 лет назад

IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3gq2-8vxj-g5w7

почти 4 года назад

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site.

EPSS: Низкий
github логотип

GHSA-3gpx-p63p-pr5r

11 месяцев назад

Mattermost Fails to Enforce Certain Search APIs

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3gpw-r459-56f2

больше 3 лет назад

NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43. NOTE: this CVE refers to the issues not covered by CVE-2018-3846, CVE-2018-3847, CVE-2018-3848, and CVE-2018-3849. One example is ftp_status in drvrnet.c mishandling a long string beginning with a '4' character.

CVSS3: 9.8
EPSS: Средний
github логотип

GHSA-3gpv-mp54-m96w

8 месяцев назад

Cross-Site Request Forgery (CSRF) vulnerability in Adnan Haque (a11n) Virtual Moderator allows Cross-Site Scripting (XSS). This issue affects Virtual Moderator: from n/a through 1.4.

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-3gpv-j6x6-qq3j

3 месяца назад

Improper input validation for some Intel QuickAssist Technology before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3gpv-hgg9-gfg5

почти 4 года назад

IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.

EPSS: Высокий
github логотип

GHSA-3gpv-5cwr-97p5

больше 3 лет назад

Information disclosure issue due to lack of validation of pointer arguments passed to TZ BSP in Snapdragon Wired Infrastructure and Networking

EPSS: Низкий
github логотип

GHSA-3gpq-xx45-4rr9

больше 3 лет назад

The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

EPSS: Низкий
github логотип

GHSA-3gpq-jcrp-xp2r

9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: erofs: fix missing xas_retry() in fscache mode The xarray iteration only holds the RCU read lock and thus may encounter XA_RETRY_ENTRY if there's process modifying the xarray concurrently. This will cause oops when referring to the invalid entry. Fix this by adding the missing xas_retry(), which will make the iteration wind back to the root node if XA_RETRY_ENTRY is encountered.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3gpq-hwqc-v65w

почти 4 года назад

Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. NOTE: the comersus_backoffice_message.asp/message vector is already covered by CVE-2005-2191 item 2.

EPSS: Низкий
github логотип

GHSA-3gpq-7w2g-px9w

почти 4 года назад

Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd.

EPSS: Средний
github логотип

GHSA-3gpq-5q6x-q7pf

около 1 года назад

In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability.

CVSS3: 8.4
EPSS: Низкий
github логотип

GHSA-3gpp-6hjc-7c4m

около 3 лет назад

A vulnerability was found in KYUUBl school-register. It has been classified as critical. This affects an unknown part of the file src/DBManager.java. The manipulation leads to sql injection. The name of the patch is 1cf7e01b878aee923f2b22cc2535c71a680e4c30. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218355.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3gpm-w73x-57j5

больше 2 лет назад

Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected products and versions include: Download Center 1.1.5.r1280 and below.

CVSS3: 8.6
EPSS: Низкий
github логотип

GHSA-3gpm-vq72-xv9v

9 месяцев назад

A vulnerability classified as critical was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVSS3: 7.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3gq4-h9hg-9898

A vulnerability has been identified in POWER METER SICAM Q200 family (All versions < V2.70). Affected devices are missing cookie protection flags when using the default settings. An attacker who gains access to a session token can use it to impersonate a legitimate application user.

CVSS3: 5.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3gq4-7fhw-289m

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: fix memory corruption with too many bridges Add the missing sanity check on the bridge counter to avoid corrupting data beyond the fixed-sized bridge array in case there are ever more than eight bridges. Patchwork: https://patchwork.freedesktop.org/patch/502668/

CVSS3: 7.8
0%
Низкий
5 месяцев назад
github логотип
GHSA-3gq3-wqjv-f3fj

nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3gq3-9cq7-288g

Substance3D - Modeler versions 1.15.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 5.5
0%
Низкий
11 месяцев назад
github логотип
GHSA-3gq3-5gqh-97p3

IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3gq2-8vxj-g5w7

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site.

2%
Низкий
почти 4 года назад
github логотип
GHSA-3gpx-p63p-pr5r

Mattermost Fails to Enforce Certain Search APIs

CVSS3: 4.3
0%
Низкий
11 месяцев назад
github логотип
GHSA-3gpw-r459-56f2

NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43. NOTE: this CVE refers to the issues not covered by CVE-2018-3846, CVE-2018-3847, CVE-2018-3848, and CVE-2018-3849. One example is ftp_status in drvrnet.c mishandling a long string beginning with a '4' character.

CVSS3: 9.8
31%
Средний
больше 3 лет назад
github логотип
GHSA-3gpv-mp54-m96w

Cross-Site Request Forgery (CSRF) vulnerability in Adnan Haque (a11n) Virtual Moderator allows Cross-Site Scripting (XSS). This issue affects Virtual Moderator: from n/a through 1.4.

CVSS3: 7.1
0%
Низкий
8 месяцев назад
github логотип
GHSA-3gpv-j6x6-qq3j

Improper input validation for some Intel QuickAssist Technology before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

CVSS3: 8.8
0%
Низкий
3 месяца назад
github логотип
GHSA-3gpv-hgg9-gfg5

IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.

83%
Высокий
почти 4 года назад
github логотип
GHSA-3gpv-5cwr-97p5

Information disclosure issue due to lack of validation of pointer arguments passed to TZ BSP in Snapdragon Wired Infrastructure and Networking

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3gpq-xx45-4rr9

The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

3%
Низкий
больше 3 лет назад
github логотип
GHSA-3gpq-jcrp-xp2r

In the Linux kernel, the following vulnerability has been resolved: erofs: fix missing xas_retry() in fscache mode The xarray iteration only holds the RCU read lock and thus may encounter XA_RETRY_ENTRY if there's process modifying the xarray concurrently. This will cause oops when referring to the invalid entry. Fix this by adding the missing xas_retry(), which will make the iteration wind back to the root node if XA_RETRY_ENTRY is encountered.

CVSS3: 5.5
0%
Низкий
9 месяцев назад
github логотип
GHSA-3gpq-hwqc-v65w

Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. NOTE: the comersus_backoffice_message.asp/message vector is already covered by CVE-2005-2191 item 2.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3gpq-7w2g-px9w

Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd.

15%
Средний
почти 4 года назад
github логотип
GHSA-3gpq-5q6x-q7pf

In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability.

CVSS3: 8.4
1%
Низкий
около 1 года назад
github логотип
GHSA-3gpp-6hjc-7c4m

A vulnerability was found in KYUUBl school-register. It has been classified as critical. This affects an unknown part of the file src/DBManager.java. The manipulation leads to sql injection. The name of the patch is 1cf7e01b878aee923f2b22cc2535c71a680e4c30. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218355.

CVSS3: 9.8
0%
Низкий
около 3 лет назад
github логотип
GHSA-3gpm-w73x-57j5

Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected products and versions include: Download Center 1.1.5.r1280 and below.

CVSS3: 8.6
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3gpm-vq72-xv9v

A vulnerability classified as critical was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVSS3: 7.3
0%
Низкий
9 месяцев назад

Уязвимостей на страницу