Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-3cm3-4557-5h5h

4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix potential leak in rtw89_append_probe_req_ie() Do `kfree_skb(new)` before `goto out` to prevent potential leak.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3cm2-qc8f-9f2g

около 2 месяцев назад

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'register_form' and 'restrict' shortcodes in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS3: 6.4
EPSS: Низкий
github логотип

GHSA-3cjx-w9jj-45qv

больше 3 лет назад

The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. If an attacker runs script code in the context of the application, he could get access to the session cookie. The session cookie could then be abused to gain access to the application.

EPSS: Низкий
github логотип

GHSA-3cjx-hc9q-934r

больше 3 лет назад

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3cjx-7cj6-qvq3

больше 3 лет назад

An information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3cjv-rm4f-84rm

больше 3 лет назад

A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCvf38060, CSCvg54836, CSCvf38077, CSCvg54843, CSCvf38084, CSCvg54850.

CVSS3: 9.6
EPSS: Низкий
github логотип

GHSA-3cjv-7phg-36cf

больше 3 лет назад

Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3cjv-4phw-gvvv

больше 5 лет назад

Malicious Package in getcookies

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3cjv-4652-42rh

около 1 года назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pressfore Winning Portfolio allows Stored XSS.This issue affects Winning Portfolio: from n/a through 1.1.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3cjr-x7x5-gqqh

почти 4 года назад

The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access.

EPSS: Низкий
github логотип

GHSA-3cjq-w2m7-3294

7 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix invalid inode pointer dereferences during log replay In a few places where we call read_one_inode(), if we get a NULL pointer we end up jumping into an error path, or fallthrough in case of __add_inode_ref(), where we then do something like this: iput(&inode->vfs_inode); which results in an invalid inode pointer that triggers an invalid memory access, resulting in a crash. Fix this by making sure we don't do such dereferences.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3cjq-m2rg-gw63

больше 3 лет назад

Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3cjq-h7vf-r8wr

почти 4 года назад

Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to cause a denial of service (crash) by via SYN, UDP, ICMP and TCP portscans when the administrator selects the Log tab of the Personal Firewall Agent module.

EPSS: Низкий
github логотип

GHSA-3cjp-53qj-h5qx

больше 3 лет назад

Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to bypass intended access restrictions, and obtain sensitive information or modify data, via unknown vectors.

EPSS: Низкий
github логотип

GHSA-3cjp-4q2p-v3mg

больше 1 года назад

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/sendParticipationRemember/ , parameter send.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3cjp-47jv-9rh2

24 дня назад

Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3cjm-9wq5-p7gj

почти 3 года назад

Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3cjm-23gg-86mm

больше 3 лет назад

An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3cjj-r488-r263

больше 3 лет назад

The WP YouTube Live WordPress plugin before 1.8.3 does not validate, sanitise and escape various of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

CVSS3: 4.8
EPSS: Низкий
github логотип

GHSA-3cjj-grfr-qr35

около 1 года назад

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system.

CVSS3: 5.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3cm3-4557-5h5h

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix potential leak in rtw89_append_probe_req_ie() Do `kfree_skb(new)` before `goto out` to prevent potential leak.

CVSS3: 5.5
0%
Низкий
4 месяца назад
github логотип
GHSA-3cm2-qc8f-9f2g

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'register_form' and 'restrict' shortcodes in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS3: 6.4
0%
Низкий
около 2 месяцев назад
github логотип
GHSA-3cjx-w9jj-45qv

The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. If an attacker runs script code in the context of the application, he could get access to the session cookie. The session cookie could then be abused to gain access to the application.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3cjx-hc9q-934r

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length.

CVSS3: 7.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3cjx-7cj6-qvq3

An information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room.

CVSS3: 6.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3cjv-rm4f-84rm

A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCvf38060, CSCvg54836, CSCvf38077, CSCvg54843, CSCvf38084, CSCvg54850.

CVSS3: 9.6
2%
Низкий
больше 3 лет назад
github логотип
GHSA-3cjv-7phg-36cf

Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7.

CVSS3: 5.4
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3cjv-4phw-gvvv

Malicious Package in getcookies

CVSS3: 9.8
больше 5 лет назад
github логотип
GHSA-3cjv-4652-42rh

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pressfore Winning Portfolio allows Stored XSS.This issue affects Winning Portfolio: from n/a through 1.1.

CVSS3: 6.5
0%
Низкий
около 1 года назад
github логотип
GHSA-3cjr-x7x5-gqqh

The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access.

9%
Низкий
почти 4 года назад
github логотип
GHSA-3cjq-w2m7-3294

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix invalid inode pointer dereferences during log replay In a few places where we call read_one_inode(), if we get a NULL pointer we end up jumping into an error path, or fallthrough in case of __add_inode_ref(), where we then do something like this: iput(&inode->vfs_inode); which results in an invalid inode pointer that triggers an invalid memory access, resulting in a crash. Fix this by making sure we don't do such dereferences.

CVSS3: 5.5
0%
Низкий
7 месяцев назад
github логотип
GHSA-3cjq-m2rg-gw63

Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3cjq-h7vf-r8wr

Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to cause a denial of service (crash) by via SYN, UDP, ICMP and TCP portscans when the administrator selects the Log tab of the Personal Firewall Agent module.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3cjp-53qj-h5qx

Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to bypass intended access restrictions, and obtain sensitive information or modify data, via unknown vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3cjp-4q2p-v3mg

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/sendParticipationRemember/ , parameter send.

CVSS3: 9.8
0%
Низкий
больше 1 года назад
github логотип
GHSA-3cjp-47jv-9rh2

Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations.

CVSS3: 7.5
0%
Низкий
24 дня назад
github логотип
GHSA-3cjm-9wq5-p7gj

Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file.

CVSS3: 9.8
3%
Низкий
почти 3 года назад
github логотип
GHSA-3cjm-23gg-86mm

An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads.

CVSS3: 6.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3cjj-r488-r263

The WP YouTube Live WordPress plugin before 1.8.3 does not validate, sanitise and escape various of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

CVSS3: 4.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3cjj-grfr-qr35

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system.

CVSS3: 5.5
0%
Низкий
около 1 года назад

Уязвимостей на страницу