Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3fhx-2fp6-p2rv

больше 3 лет назад

The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not reject a zero length, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

EPSS: Низкий
github логотип

GHSA-3fhw-3rw6-474c

почти 2 года назад

A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-3fhw-2p9h-rjgc

больше 3 лет назад

A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. In certain configurations, a remote attacker may be able to submit arbitrary print jobs.

EPSS: Низкий
github логотип

GHSA-3fhv-q33v-8j9m

около 1 года назад

Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network.

CVSS3: 8.8
EPSS: Средний
github логотип

GHSA-3fhv-c3fm-fgwj

11 месяцев назад

Rejected reason: Not used

EPSS: Низкий
github логотип

GHSA-3fhv-3538-fw8f

больше 1 года назад

A vulnerability has been identified in Simcenter Nastran 2306 (All versions), Simcenter Nastran 2312 (All versions), Simcenter Nastran 2406 (All versions < V2406.5000). The affected application is vulnerable to memory corruption while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3fhr-rj77-p5v2

4 месяца назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Calvaweb Password only login password-only-login allows Reflected XSS.This issue affects Password only login: from n/a through <= 0.2.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3fhr-8fpg-h6pg

около 3 лет назад

Transient DOS due to buffer over-read in WLAN firmware while parsing cipher suite info attributes. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3fhq-qffp-rp75

больше 3 лет назад

Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3fhq-72hw-jqwv

больше 3 лет назад

rdiffweb's lack of token name length limit can result in DoS or memory corruption

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3fhq-6hpj-6xr8

10 месяцев назад

A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /edit-phlebotomist.php?pid=11. The manipulation of the argument mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-3fhp-jv43-7m9c

больше 3 лет назад

BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3fhm-f343-r7mm

8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - don't sleep when in softirq When kunpeng920 encryption driver is used to deencrypt and decrypt packets during the softirq, it is not allowed to use mutex lock. The kernel will report the following error: BUG: scheduling while atomic: swapper/57/0/0x00000300 Call trace: dump_backtrace+0x0/0x1e4 show_stack+0x20/0x2c dump_stack+0xd8/0x140 __schedule_bug+0x68/0x80 __schedule+0x728/0x840 schedule+0x50/0xe0 schedule_preempt_disabled+0x18/0x24 __mutex_lock.constprop.0+0x594/0x5dc __mutex_lock_slowpath+0x1c/0x30 mutex_lock+0x50/0x60 sec_request_init+0x8c/0x1a0 [hisi_sec2] sec_process+0x28/0x1ac [hisi_sec2] sec_skcipher_crypto+0xf4/0x1d4 [hisi_sec2] sec_skcipher_encrypt+0x1c/0x30 [hisi_sec2] crypto_skcipher_encrypt+0x2c/0x40 crypto_authenc_encrypt+0xc8/0xfc [authenc] crypto_aead_encrypt+0x2c/0x40 echainiv_encrypt+0x144/0x1a0 [echainiv] crypto_aead_encrypt+0x2c/0x40 esp_output_tail+0x348/0x5c0 [esp4...

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3fhm-4qrh-h995

почти 4 года назад

Cross-site scripting (XSS) vulnerability in the login page in Lxlabs HyperVM 2.0 allows remote attackers to inject arbitrary web script or HTML via the frm_emessage parameter, a different vector than CVE-2006-6649. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

EPSS: Низкий
github логотип

GHSA-3fhj-wpvj-x5w8

около 3 лет назад

laravel-jqgrid vulnerable to SQL Injection

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3fhj-wjxg-9649

больше 3 лет назад

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521283; Issue ID: ALPS06521283.

CVSS3: 6.7
EPSS: Низкий
github логотип

GHSA-3fhj-6hmf-3c6x

больше 3 лет назад

A vulnerability in an access control mechanism of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access services beyond the scope of their authorization. This vulnerability is due to insufficient enforcement of access control in the affected software. An attacker could exploit this vulnerability by directly accessing the internal services of an affected device. A successful exploit could allow the attacker to overwrite policies and impact the configuration and operation of the affected device.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3fhh-g5rg-6jpm

больше 3 лет назад

The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated. NOTE: it could be argued that this is a design limitation of the Net::HTTPS API, and separate implementations should be independently assigned CVE identifiers for not working around this limitation. However, because this API was modified within LWP, a single CVE identifier has been assigned.

EPSS: Низкий
github логотип

GHSA-3fhh-fr6w-p45p

почти 4 года назад

Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to cause a denial of service and possibly execute arbitrary code via a long user name.

EPSS: Низкий
github логотип

GHSA-3fhg-h6jr-rg4q

больше 3 лет назад

web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555.

CVSS3: 9.1
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3fhx-2fp6-p2rv

The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not reject a zero length, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3fhw-3rw6-474c

A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services.

CVSS3: 7.3
0%
Низкий
почти 2 года назад
github логотип
GHSA-3fhw-2p9h-rjgc

A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. In certain configurations, a remote attacker may be able to submit arbitrary print jobs.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3fhv-q33v-8j9m

Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network.

CVSS3: 8.8
11%
Средний
около 1 года назад
github логотип
GHSA-3fhv-c3fm-fgwj

Rejected reason: Not used

11 месяцев назад
github логотип
GHSA-3fhv-3538-fw8f

A vulnerability has been identified in Simcenter Nastran 2306 (All versions), Simcenter Nastran 2312 (All versions), Simcenter Nastran 2406 (All versions < V2406.5000). The affected application is vulnerable to memory corruption while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process.

CVSS3: 7.8
0%
Низкий
больше 1 года назад
github логотип
GHSA-3fhr-rj77-p5v2

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Calvaweb Password only login password-only-login allows Reflected XSS.This issue affects Password only login: from n/a through <= 0.2.

CVSS3: 6.1
0%
Низкий
4 месяца назад
github логотип
GHSA-3fhr-8fpg-h6pg

Transient DOS due to buffer over-read in WLAN firmware while parsing cipher suite info attributes. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

CVSS3: 7.5
0%
Низкий
около 3 лет назад
github логотип
GHSA-3fhq-qffp-rp75

Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3fhq-72hw-jqwv

rdiffweb's lack of token name length limit can result in DoS or memory corruption

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3fhq-6hpj-6xr8

A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /edit-phlebotomist.php?pid=11. The manipulation of the argument mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVSS3: 7.3
0%
Низкий
10 месяцев назад
github логотип
GHSA-3fhp-jv43-7m9c

BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed.

CVSS3: 7.5
5%
Низкий
больше 3 лет назад
github логотип
GHSA-3fhm-f343-r7mm

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - don't sleep when in softirq When kunpeng920 encryption driver is used to deencrypt and decrypt packets during the softirq, it is not allowed to use mutex lock. The kernel will report the following error: BUG: scheduling while atomic: swapper/57/0/0x00000300 Call trace: dump_backtrace+0x0/0x1e4 show_stack+0x20/0x2c dump_stack+0xd8/0x140 __schedule_bug+0x68/0x80 __schedule+0x728/0x840 schedule+0x50/0xe0 schedule_preempt_disabled+0x18/0x24 __mutex_lock.constprop.0+0x594/0x5dc __mutex_lock_slowpath+0x1c/0x30 mutex_lock+0x50/0x60 sec_request_init+0x8c/0x1a0 [hisi_sec2] sec_process+0x28/0x1ac [hisi_sec2] sec_skcipher_crypto+0xf4/0x1d4 [hisi_sec2] sec_skcipher_encrypt+0x1c/0x30 [hisi_sec2] crypto_skcipher_encrypt+0x2c/0x40 crypto_authenc_encrypt+0xc8/0xfc [authenc] crypto_aead_encrypt+0x2c/0x40 echainiv_encrypt+0x144/0x1a0 [echainiv] crypto_aead_encrypt+0x2c/0x40 esp_output_tail+0x348/0x5c0 [esp4...

CVSS3: 5.5
0%
Низкий
8 месяцев назад
github логотип
GHSA-3fhm-4qrh-h995

Cross-site scripting (XSS) vulnerability in the login page in Lxlabs HyperVM 2.0 allows remote attackers to inject arbitrary web script or HTML via the frm_emessage parameter, a different vector than CVE-2006-6649. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3fhj-wpvj-x5w8

laravel-jqgrid vulnerable to SQL Injection

CVSS3: 9.8
0%
Низкий
около 3 лет назад
github логотип
GHSA-3fhj-wjxg-9649

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521283; Issue ID: ALPS06521283.

CVSS3: 6.7
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3fhj-6hmf-3c6x

A vulnerability in an access control mechanism of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access services beyond the scope of their authorization. This vulnerability is due to insufficient enforcement of access control in the affected software. An attacker could exploit this vulnerability by directly accessing the internal services of an affected device. A successful exploit could allow the attacker to overwrite policies and impact the configuration and operation of the affected device.

CVSS3: 4.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3fhh-g5rg-6jpm

The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated. NOTE: it could be argued that this is a design limitation of the Net::HTTPS API, and separate implementations should be independently assigned CVE identifiers for not working around this limitation. However, because this API was modified within LWP, a single CVE identifier has been assigned.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3fhh-fr6w-p45p

Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to cause a denial of service and possibly execute arbitrary code via a long user name.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3fhg-h6jr-rg4q

web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 do not restrict file paths sent to an unlink call, which allows remote attackers to delete arbitrary files via the path parameter to data/import_csv, aka ZDI-CAN-3555.

CVSS3: 9.1
5%
Низкий
больше 3 лет назад

Уязвимостей на страницу