Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-34c4-q534-xwc3

11 месяцев назад

Rejected reason: Not used

EPSS: Низкий
github логотип

GHSA-34c4-jgq5-j63f

почти 2 года назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on allows Reflected XSS.This issue affects Contact Form 7 – PayPal & Stripe Add-on: from n/a through 2.0.

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-34c4-3wv9-23ch

почти 2 года назад

Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

CVSS3: 3.5
EPSS: Низкий
github логотип

GHSA-34c2-xgp5-5cjc

почти 4 года назад

Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this issue might be resultant from SQL injection.

EPSS: Низкий
github логотип

GHSA-34c2-924w-2mw6

больше 3 лет назад

arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-349x-pch6-942w

больше 3 лет назад

A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.

CVSS3: 4.6
EPSS: Низкий
github логотип

GHSA-349w-vchp-x42g

больше 1 года назад

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

EPSS: Низкий
github логотип

GHSA-349w-cgp3-287r

больше 3 лет назад

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-349v-f5rg-8wvg

больше 3 лет назад

A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code.

EPSS: Средний
github логотип

GHSA-349r-2jjf-f4j8

больше 3 лет назад

IBM Robotic Process Automation with Automation Anywhere 11.0 could allow an attacker on the network to obtain sensitive information or cause a denial of service through username enumeration. IBM X-Force ID: 190992.

EPSS: Низкий
github логотип

GHSA-349q-hp2f-r4hf

7 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayed_free The double free could happen in the following path. exfat_create_upcase_table() exfat_create_upcase_table() : return error exfat_free_upcase_table() : free ->vol_utbl exfat_load_default_upcase_table : return error exfat_kill_sb() delayed_free() exfat_free_upcase_table() <--------- double free This patch set ->vol_util as NULL after freeing it.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-349p-xjcr-7rwx

больше 3 лет назад

The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame().

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-349p-cc4x-9fv4

около 1 года назад

Insufficient control flow management in some Intel(R) VROC software before version 8.6.0.3001 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS3: 6.8
EPSS: Низкий
github логотип

GHSA-349p-7pf8-f465

больше 3 лет назад

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17102.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-349m-qg9r-c9hf

2 месяца назад

In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr: do not repeat pte_offset_map_lock() until success DAMON's virtual address space operation set implementation (vaddr) calls pte_offset_map_lock() inside the page table walk callback function. This is for reading and writing page table accessed bits. If pte_offset_map_lock() fails, it retries by returning the page table walk callback function with ACTION_AGAIN. pte_offset_map_lock() can continuously fail if the target is a pmd migration entry, though. Hence it could cause an infinite page table walk if the migration cannot be done until the page table walk is finished. This indeed caused a soft lockup when CPU hotplugging and DAMON were running in parallel. Avoid the infinite loop by simply not retrying the page table walk. DAMON is promising only a best-effort accuracy, so missing access to such pages is no problem.

EPSS: Низкий
github логотип

GHSA-349m-8f4q-rwxx

почти 3 года назад

SOLDR (System of Orchestration, Lifecycle control, Detection and Response) 1.1.0 allows stored XSS via the module editor.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-349j-r63j-r5g7

9 месяцев назад

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a stored cross-site scripting attack (XSS) on an affected system.&nbsp; This vulnerability is due to improper sanitization of user input to the web-based management interface. An attacker could exploit this vulnerability by submitting a malicious script through the interface. A successful exploit could allow the attacker to conduct a stored XSS attack on the affected system.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-349j-h89q-vvpp

около 1 года назад

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allow network-adjacent attackers to crash the MME via an S1AP `Initial UE Message` packet missing an expected `RRC Establishment Clause` field.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-349j-652r-ghg9

почти 4 года назад

The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 wireless protocol, when using DSSS transmission encoding, allows remote attackers to cause a denial of service via a certain RF signal that causes a channel to appear busy (aka "jabber"), which prevents devices from transmitting data.

EPSS: Низкий
github логотип

GHSA-349h-vrrw-f3cp

11 месяцев назад

IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVSS3: 5.4
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-34c4-q534-xwc3

Rejected reason: Not used

11 месяцев назад
github логотип
GHSA-34c4-jgq5-j63f

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on allows Reflected XSS.This issue affects Contact Form 7 – PayPal & Stripe Add-on: from n/a through 2.0.

CVSS3: 7.1
0%
Низкий
почти 2 года назад
github логотип
GHSA-34c4-3wv9-23ch

Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

CVSS3: 3.5
0%
Низкий
почти 2 года назад
github логотип
GHSA-34c2-xgp5-5cjc

Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this issue might be resultant from SQL injection.

0%
Низкий
почти 4 года назад
github логотип
GHSA-34c2-924w-2mw6

arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-349x-pch6-942w

A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.

CVSS3: 4.6
0%
Низкий
больше 3 лет назад
github логотип
GHSA-349w-vchp-x42g

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

больше 1 года назад
github логотип
GHSA-349w-cgp3-287r

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

CVSS3: 7.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-349v-f5rg-8wvg

A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code.

16%
Средний
больше 3 лет назад
github логотип
GHSA-349r-2jjf-f4j8

IBM Robotic Process Automation with Automation Anywhere 11.0 could allow an attacker on the network to obtain sensitive information or cause a denial of service through username enumeration. IBM X-Force ID: 190992.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-349q-hp2f-r4hf

In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayed_free The double free could happen in the following path. exfat_create_upcase_table() exfat_create_upcase_table() : return error exfat_free_upcase_table() : free ->vol_utbl exfat_load_default_upcase_table : return error exfat_kill_sb() delayed_free() exfat_free_upcase_table() <--------- double free This patch set ->vol_util as NULL after freeing it.

CVSS3: 7.8
0%
Низкий
7 месяцев назад
github логотип
GHSA-349p-xjcr-7rwx

The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame().

CVSS3: 9.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-349p-cc4x-9fv4

Insufficient control flow management in some Intel(R) VROC software before version 8.6.0.3001 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS3: 6.8
0%
Низкий
около 1 года назад
github логотип
GHSA-349p-7pf8-f465

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17102.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-349m-qg9r-c9hf

In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr: do not repeat pte_offset_map_lock() until success DAMON's virtual address space operation set implementation (vaddr) calls pte_offset_map_lock() inside the page table walk callback function. This is for reading and writing page table accessed bits. If pte_offset_map_lock() fails, it retries by returning the page table walk callback function with ACTION_AGAIN. pte_offset_map_lock() can continuously fail if the target is a pmd migration entry, though. Hence it could cause an infinite page table walk if the migration cannot be done until the page table walk is finished. This indeed caused a soft lockup when CPU hotplugging and DAMON were running in parallel. Avoid the infinite loop by simply not retrying the page table walk. DAMON is promising only a best-effort accuracy, so missing access to such pages is no problem.

0%
Низкий
2 месяца назад
github логотип
GHSA-349m-8f4q-rwxx

SOLDR (System of Orchestration, Lifecycle control, Detection and Response) 1.1.0 allows stored XSS via the module editor.

CVSS3: 5.4
0%
Низкий
почти 3 года назад
github логотип
GHSA-349j-r63j-r5g7

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a stored cross-site scripting attack (XSS) on an affected system.&nbsp; This vulnerability is due to improper sanitization of user input to the web-based management interface. An attacker could exploit this vulnerability by submitting a malicious script through the interface. A successful exploit could allow the attacker to conduct a stored XSS attack on the affected system.

CVSS3: 5.4
0%
Низкий
9 месяцев назад
github логотип
GHSA-349j-h89q-vvpp

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allow network-adjacent attackers to crash the MME via an S1AP `Initial UE Message` packet missing an expected `RRC Establishment Clause` field.

CVSS3: 6.5
0%
Низкий
около 1 года назад
github логотип
GHSA-349j-652r-ghg9

The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 wireless protocol, when using DSSS transmission encoding, allows remote attackers to cause a denial of service via a certain RF signal that causes a channel to appear busy (aka "jabber"), which prevents devices from transmitting data.

4%
Низкий
почти 4 года назад
github логотип
GHSA-349h-vrrw-f3cp

IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVSS3: 5.4
0%
Низкий
11 месяцев назад

Уязвимостей на страницу