Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-32jc-9p58-p82x

почти 3 года назад

Moodle Improper Access Control vulnerability

CVSS3: 8.2
EPSS: Низкий
github логотип

GHSA-32jc-5c8m-p2c9

почти 4 года назад

The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-32jc-368c-fvg6

больше 2 лет назад

The ActivityPub WordPress plugin before 1.0.0 does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-32j9-px4f-v6vv

почти 4 года назад

Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.

EPSS: Низкий
github логотип

GHSA-32j9-8mq4-72ff

больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: netfs: Delete subtree of 'fs/netfs' when netfs module exits In netfs_init() or fscache_proc_init(), we create dentry under 'fs/netfs', but in netfs_exit(), we only delete the proc entry of 'fs/netfs' without deleting its subtree. This triggers the following WARNING: ================================================================== remove_proc_entry: removing non-empty directory 'fs/netfs', leaking at least 'requests' WARNING: CPU: 4 PID: 566 at fs/proc/generic.c:717 remove_proc_entry+0x160/0x1c0 Modules linked in: netfs(-) CPU: 4 UID: 0 PID: 566 Comm: rmmod Not tainted 6.11.0-rc3 #860 RIP: 0010:remove_proc_entry+0x160/0x1c0 Call Trace: <TASK> netfs_exit+0x12/0x620 [netfs] __do_sys_delete_module.isra.0+0x14c/0x2e0 do_syscall_64+0x4b/0x110 entry_SYSCALL_64_after_hwframe+0x76/0x7e ================================================================== Therefore use remove_proc_subtree() instead of remove_proc_entr...

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-32j9-6qqm-mq9g

почти 4 года назад

Unhandled case in node-lmdb

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-32j9-3fgh-fpcp

больше 3 лет назад

Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link.

CVSS3: 9.6
EPSS: Низкий
github логотип

GHSA-32j8-9xm2-fjvc

больше 3 лет назад

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148621.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-32j7-w96w-jq92

почти 4 года назад

Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.

EPSS: Низкий
github логотип

GHSA-32j7-h4wq-r683

больше 3 лет назад

Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-32j7-fc74-pjwq

почти 4 года назад

OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.

EPSS: Средний
github логотип

GHSA-32j6-x4jq-jq3x

больше 3 лет назад

Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-32j6-838m-7hxw

больше 3 лет назад

A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A user may be unexpectedly logged in to another user’s account.

EPSS: Низкий
github логотип

GHSA-32j6-235r-7fmm

больше 1 года назад

Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-32j5-jhjr-4699

больше 3 лет назад

Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3201.

CVSS3: 5.5
EPSS: Средний
github логотип

GHSA-32j3-hv3j-q9qq

больше 3 лет назад

An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'.

EPSS: Низкий
github логотип

GHSA-32j2-p2qq-hh3c

почти 2 года назад

An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the `Guest` role can change `Custom dashboard projects` settings contrary to permissions.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-32j2-c7mx-v4jj

около 2 лет назад

Cross-Site Request Forgery in JFinalCMS via /admin/nav/update

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-32hx-c5c7-mvf8

больше 1 года назад

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system privileges on the affected device. This vulnerability is due to an error in the software build process. An attacker could exploit this vulnerability by manipulating the system&rsquo;s configuration options to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass of the requirement to run Cisco signed images or alter the security properties of the running system.

CVSS3: 6.7
EPSS: Низкий
github логотип

GHSA-32hx-73r8-7rv4

почти 2 года назад

The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wt_pklist_reset_settings() function in all versions up to, and including, 4.4.2. This makes it possible for unauthenticated attackers to reset all of the plugin's settings.

CVSS3: 5.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-32jc-9p58-p82x

Moodle Improper Access Control vulnerability

CVSS3: 8.2
0%
Низкий
почти 3 года назад
github логотип
GHSA-32jc-5c8m-p2c9

The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting

CVSS3: 6.1
0%
Низкий
почти 4 года назад
github логотип
GHSA-32jc-368c-fvg6

The ActivityPub WordPress plugin before 1.0.0 does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks

CVSS3: 5.4
0%
Низкий
больше 2 лет назад
github логотип
GHSA-32j9-px4f-v6vv

Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.

1%
Низкий
почти 4 года назад
github логотип
GHSA-32j9-8mq4-72ff

In the Linux kernel, the following vulnerability has been resolved: netfs: Delete subtree of 'fs/netfs' when netfs module exits In netfs_init() or fscache_proc_init(), we create dentry under 'fs/netfs', but in netfs_exit(), we only delete the proc entry of 'fs/netfs' without deleting its subtree. This triggers the following WARNING: ================================================================== remove_proc_entry: removing non-empty directory 'fs/netfs', leaking at least 'requests' WARNING: CPU: 4 PID: 566 at fs/proc/generic.c:717 remove_proc_entry+0x160/0x1c0 Modules linked in: netfs(-) CPU: 4 UID: 0 PID: 566 Comm: rmmod Not tainted 6.11.0-rc3 #860 RIP: 0010:remove_proc_entry+0x160/0x1c0 Call Trace: <TASK> netfs_exit+0x12/0x620 [netfs] __do_sys_delete_module.isra.0+0x14c/0x2e0 do_syscall_64+0x4b/0x110 entry_SYSCALL_64_after_hwframe+0x76/0x7e ================================================================== Therefore use remove_proc_subtree() instead of remove_proc_entr...

CVSS3: 5.5
0%
Низкий
больше 1 года назад
github логотип
GHSA-32j9-6qqm-mq9g

Unhandled case in node-lmdb

CVSS3: 7.5
0%
Низкий
почти 4 года назад
github логотип
GHSA-32j9-3fgh-fpcp

Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link.

CVSS3: 9.6
1%
Низкий
больше 3 лет назад
github логотип
GHSA-32j8-9xm2-fjvc

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148621.

CVSS3: 6.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-32j7-w96w-jq92

Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.

0%
Низкий
почти 4 года назад
github логотип
GHSA-32j7-h4wq-r683

Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.

CVSS3: 8.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-32j7-fc74-pjwq

OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.

15%
Средний
почти 4 года назад
github логотип
GHSA-32j6-x4jq-jq3x

Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

CVSS3: 8.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-32j6-838m-7hxw

A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A user may be unexpectedly logged in to another user’s account.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-32j6-235r-7fmm

Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS3: 8.8
0%
Низкий
больше 1 года назад
github логотип
GHSA-32j5-jhjr-4699

Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3201.

CVSS3: 5.5
37%
Средний
больше 3 лет назад
github логотип
GHSA-32j3-hv3j-q9qq

An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-32j2-p2qq-hh3c

An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the `Guest` role can change `Custom dashboard projects` settings contrary to permissions.

CVSS3: 4.3
0%
Низкий
почти 2 года назад
github логотип
GHSA-32j2-c7mx-v4jj

Cross-Site Request Forgery in JFinalCMS via /admin/nav/update

CVSS3: 8.8
0%
Низкий
около 2 лет назад
github логотип
GHSA-32hx-c5c7-mvf8

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system privileges on the affected device. This vulnerability is due to an error in the software build process. An attacker could exploit this vulnerability by manipulating the system&rsquo;s configuration options to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass of the requirement to run Cisco signed images or alter the security properties of the running system.

CVSS3: 6.7
0%
Низкий
больше 1 года назад
github логотип
GHSA-32hx-73r8-7rv4

The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wt_pklist_reset_settings() function in all versions up to, and including, 4.4.2. This makes it possible for unauthenticated attackers to reset all of the plugin's settings.

CVSS3: 5.3
0%
Низкий
почти 2 года назад

Уязвимостей на страницу