Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3f6h-6ch9-p8jv

больше 3 лет назад

libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.

EPSS: Низкий
github логотип

GHSA-3f6g-r82m-2vg5

почти 4 года назад

Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.

EPSS: Средний
github логотип

GHSA-3f6g-q6j8-gjpg

почти 4 года назад

Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes the router to become unresponsive and stop forwarding packets.

EPSS: Средний
github логотип

GHSA-3f6g-m4hr-59h8

больше 1 года назад

OpenFGA Authorization Bypass

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3f6g-6p3h-q27p

почти 4 года назад

PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter.

EPSS: Низкий
github логотип

GHSA-3f6c-mv48-pf3v

больше 3 лет назад

A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using this account to log in to an affected device and execute commands with full admin rights. Cisco has not released software updates that address this vulnerability. This advisory will be updated with fixed software information once fixed software becomes available. There is a workaround to address this vulnerability.

CVSS3: 9.8
EPSS: Средний
github логотип

GHSA-3f6c-7fw2-ppm4

4 месяца назад

vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-3f69-xhq6-c8m8

больше 3 лет назад

Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3f69-f27h-f53w

больше 1 года назад

The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so.

EPSS: Низкий
github логотип

GHSA-3f68-9fxg-g2j6

почти 4 года назад

The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.

EPSS: Низкий
github логотип

GHSA-3f67-9787-pwrh

около 3 лет назад

Altair HyperView Player versions 2021.1.0.27 and prior perform operations on a memory buffer but can read from or write to a memory location outside of the intended boundary of the buffer. This hits initially as a read access violation, leading to a memory corruption situation.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3f66-qjp3-gfq9

больше 3 лет назад

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06511132; Issue ID: ALPS06511132.

CVSS3: 6.7
EPSS: Низкий
github логотип

GHSA-3f66-mr9x-qch8

больше 2 лет назад

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gold Plugins Locations plugin <= 4.0 versions.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3f66-9wgv-7rw2

около 3 лет назад

An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall older than version 19.5 GA.

CVSS3: 7.2
EPSS: Низкий
github логотип

GHSA-3f65-pmph-3762

больше 3 лет назад

An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function via a RegExp("[\\u0") payload, related to re_parse_char_class in parser/regexp/re-parser.c.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3f65-m234-9mxr

больше 1 года назад

github.com/huandu/facebook may expose access_token in error message.

CVSS3: 3.7
EPSS: Низкий
github логотип

GHSA-3f65-5prq-693p

больше 3 лет назад

The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion.

EPSS: Низкий
github логотип

GHSA-3f64-v74g-7p75

около 1 года назад

A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/search-booking-request.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely.

CVSS3: 2.4
EPSS: Низкий
github логотип

GHSA-3f63-w59m-x8ff

больше 2 лет назад

cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3f63-vqp6-r5p2

больше 3 лет назад

The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message.

CVSS3: 9.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3f6h-6ch9-p8jv

libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3f6g-r82m-2vg5

Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.

65%
Средний
почти 4 года назад
github логотип
GHSA-3f6g-q6j8-gjpg

Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes the router to become unresponsive and stop forwarding packets.

13%
Средний
почти 4 года назад
github логотип
GHSA-3f6g-m4hr-59h8

OpenFGA Authorization Bypass

CVSS3: 7.5
0%
Низкий
больше 1 года назад
github логотип
GHSA-3f6g-6p3h-q27p

PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3f6c-mv48-pf3v

A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using this account to log in to an affected device and execute commands with full admin rights. Cisco has not released software updates that address this vulnerability. This advisory will be updated with fixed software information once fixed software becomes available. There is a workaround to address this vulnerability.

CVSS3: 9.8
41%
Средний
больше 3 лет назад
github логотип
GHSA-3f6c-7fw2-ppm4

vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class

CVSS3: 7.1
0%
Низкий
4 месяца назад
github логотип
GHSA-3f69-xhq6-c8m8

Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

CVSS3: 7.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3f69-f27h-f53w

The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so.

0%
Низкий
больше 1 года назад
github логотип
GHSA-3f68-9fxg-g2j6

The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.

2%
Низкий
почти 4 года назад
github логотип
GHSA-3f67-9787-pwrh

Altair HyperView Player versions 2021.1.0.27 and prior perform operations on a memory buffer but can read from or write to a memory location outside of the intended boundary of the buffer. This hits initially as a read access violation, leading to a memory corruption situation.

CVSS3: 7.8
0%
Низкий
около 3 лет назад
github логотип
GHSA-3f66-qjp3-gfq9

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06511132; Issue ID: ALPS06511132.

CVSS3: 6.7
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3f66-mr9x-qch8

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gold Plugins Locations plugin <= 4.0 versions.

CVSS3: 6.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-3f66-9wgv-7rw2

An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall older than version 19.5 GA.

CVSS3: 7.2
0%
Низкий
около 3 лет назад
github логотип
GHSA-3f65-pmph-3762

An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function via a RegExp("[\\u0") payload, related to re_parse_char_class in parser/regexp/re-parser.c.

CVSS3: 9.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3f65-m234-9mxr

github.com/huandu/facebook may expose access_token in error message.

CVSS3: 3.7
0%
Низкий
больше 1 года назад
github логотип
GHSA-3f65-5prq-693p

The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3f64-v74g-7p75

A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/search-booking-request.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely.

CVSS3: 2.4
0%
Низкий
около 1 года назад
github логотип
GHSA-3f63-w59m-x8ff

cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network.

CVSS3: 9.8
1%
Низкий
больше 2 лет назад
github логотип
GHSA-3f63-vqp6-r5p2

The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message.

CVSS3: 9.8
1%
Низкий
больше 3 лет назад

Уязвимостей на страницу