Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-34xh-3qm2-46mg

больше 3 лет назад

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-34xg-fgjc-449p

больше 3 лет назад

In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-34xg-89cf-qr7j

больше 3 лет назад

In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-34xf-p252-q577

почти 4 года назад

The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-34xf-292h-46f4

больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: # cat /sys/class/thermal/thermal_zone2/cdev0/type mlxsw_fan # cat /sys/class/thermal/thermal_zone2/cdev0/max_state 10 # echo 18 > /sys/class/thermal/thermal_zone2/cdev0/cur_state # echo $? 0 This results in out-of-bounds memory accesses when thermal state transition statistics are enabled (CONFIG_THERMAL_STATISTICS=y), as the transition table is accessed with a too large index (state) [1]. According to the thermal maintainer, it is the responsibility of the driver to reject such operations [2]. Therefore, return an error when the state to be set exceeds the maximum cooling state supported by the driver. To avoid dead code, as suggested by the thermal maintainer [3], partially revert commit a421ce088ac8 ("mlxsw: core: Extend cooling device with cooli...

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-34xc-rrm5-3hhj

около 2 месяцев назад

SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during service startup.

CVSS3: 8.4
EPSS: Низкий
github логотип

GHSA-34xc-f3c2-9gxw

почти 2 года назад

Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to crash the application via crafted tcprewrite command.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-34x9-x6hh-cvvw

больше 1 года назад

In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08956986; Issue ID: MSV-1575.

CVSS3: 6.7
EPSS: Низкий
github логотип

GHSA-34x9-j9c6-9r2j

больше 3 лет назад

An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-34x9-8896-59v6

около 1 года назад

The AFI – The Easiest Integration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.92.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-34x8-rwh3-j65f

больше 3 лет назад

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-34x8-fgc3-8hvh

больше 2 лет назад

Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-34x8-9w75-jj85

больше 3 лет назад

PHP remote file inclusion vulnerability in panel/common/theme/default/header_setup.php in WebBiscuits Software Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the (1) path[docroot] and (2) component parameters.

EPSS: Низкий
github логотип

GHSA-34x7-vxc3-qvr6

9 месяцев назад

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the host_ip parameter in the web_snmp_v3host_add_post function.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-34x7-hfp2-rc4v

11 дней назад

node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal

CVSS3: 8.2
EPSS: Низкий
github логотип

GHSA-34x7-h5wm-79jf

больше 1 года назад

A cross-site scripting (XSS) vulnerability in the component UrlAccessibilityEvaluation.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contentHtml parameter.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-34x7-2qqc-3mxq

больше 3 лет назад

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-34x6-gmv7-8394

почти 4 года назад

SQL injection vulnerability in plugins/search/search.php in Neocrome Seditio CMS 121 and earlier allows remote attackers to execute arbitrary SQL commands via the pag_sub[] parameter to plug.php.

EPSS: Низкий
github логотип

GHSA-34x5-w6rv-c97v

больше 1 года назад

CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_order_items.php?id= .

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-34x5-h37x-3w3p

больше 3 лет назад

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field.

CVSS3: 7.2
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-34xh-3qm2-46mg

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to.

CVSS3: 6.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-34xg-fgjc-449p

In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.

CVSS3: 9.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-34xg-89cf-qr7j

In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-34xf-p252-q577

The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue.

CVSS3: 6.1
6%
Низкий
почти 4 года назад
github логотип
GHSA-34xf-292h-46f4

In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: # cat /sys/class/thermal/thermal_zone2/cdev0/type mlxsw_fan # cat /sys/class/thermal/thermal_zone2/cdev0/max_state 10 # echo 18 > /sys/class/thermal/thermal_zone2/cdev0/cur_state # echo $? 0 This results in out-of-bounds memory accesses when thermal state transition statistics are enabled (CONFIG_THERMAL_STATISTICS=y), as the transition table is accessed with a too large index (state) [1]. According to the thermal maintainer, it is the responsibility of the driver to reject such operations [2]. Therefore, return an error when the state to be set exceeds the maximum cooling state supported by the driver. To avoid dead code, as suggested by the thermal maintainer [3], partially revert commit a421ce088ac8 ("mlxsw: core: Extend cooling device with cooli...

CVSS3: 7.3
0%
Низкий
больше 1 года назад
github логотип
GHSA-34xc-rrm5-3hhj

SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during service startup.

CVSS3: 8.4
0%
Низкий
около 2 месяцев назад
github логотип
GHSA-34xc-f3c2-9gxw

Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to crash the application via crafted tcprewrite command.

CVSS3: 6.5
0%
Низкий
почти 2 года назад
github логотип
GHSA-34x9-x6hh-cvvw

In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08956986; Issue ID: MSV-1575.

CVSS3: 6.7
0%
Низкий
больше 1 года назад
github логотип
GHSA-34x9-j9c6-9r2j

An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.

CVSS3: 9.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-34x9-8896-59v6

The AFI – The Easiest Integration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.92.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS3: 6.1
1%
Низкий
около 1 года назад
github логотип
GHSA-34x8-rwh3-j65f

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.

CVSS3: 6.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-34x8-fgc3-8hvh

Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 7.8
0%
Низкий
больше 2 лет назад
github логотип
GHSA-34x8-9w75-jj85

PHP remote file inclusion vulnerability in panel/common/theme/default/header_setup.php in WebBiscuits Software Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the (1) path[docroot] and (2) component parameters.

8%
Низкий
больше 3 лет назад
github логотип
GHSA-34x7-vxc3-qvr6

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the host_ip parameter in the web_snmp_v3host_add_post function.

CVSS3: 9.8
0%
Низкий
9 месяцев назад
github логотип
GHSA-34x7-hfp2-rc4v

node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal

CVSS3: 8.2
0%
Низкий
11 дней назад
github логотип
GHSA-34x7-h5wm-79jf

A cross-site scripting (XSS) vulnerability in the component UrlAccessibilityEvaluation.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contentHtml parameter.

CVSS3: 6.1
0%
Низкий
больше 1 года назад
github логотип
GHSA-34x7-2qqc-3mxq

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVSS3: 6.5
8%
Низкий
больше 3 лет назад
github логотип
GHSA-34x6-gmv7-8394

SQL injection vulnerability in plugins/search/search.php in Neocrome Seditio CMS 121 and earlier allows remote attackers to execute arbitrary SQL commands via the pag_sub[] parameter to plug.php.

1%
Низкий
почти 4 года назад
github логотип
GHSA-34x5-w6rv-c97v

CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_order_items.php?id= .

CVSS3: 9.8
0%
Низкий
больше 1 года назад
github логотип
GHSA-34x5-h37x-3w3p

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field.

CVSS3: 7.2
0%
Низкий
больше 3 лет назад

Уязвимостей на страницу