Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3354-gp3f-v5mx

почти 4 года назад

Buffer overflow in URI processing in HTTrack and WinHTTrack before 3.42-3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL.

EPSS: Низкий
github логотип

GHSA-3354-f842-x834

больше 3 лет назад

Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35834, CVE-2022-35835, CVE-2022-35840.

CVSS3: 8.8
EPSS: Средний
github логотип

GHSA-3353-r7vv-5vpp

больше 3 лет назад

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface.

CVSS3: 4.8
EPSS: Низкий
github логотип

GHSA-3353-p834-c8g2

почти 3 года назад

In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3353-8xh7-8f2x

8 месяцев назад

In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413201; Issue ID: MSV-3302.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3353-7c8r-w656

больше 3 лет назад

The mintToken function of a smart contract implementation for SuperEnergy (SEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3353-7c4m-qm7q

больше 3 лет назад

JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.

EPSS: Низкий
github логотип

GHSA-3352-m362-5wfx

больше 3 лет назад

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 8.13 before 14.9.4, and all versions starting from 8.14 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3352-gx8m-f7v5

больше 3 лет назад

In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.

CVSS3: 5.5
EPSS: Средний
github логотип

GHSA-3352-53wf-rvq5

почти 4 года назад

Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arbitrary code via a crafted HPGL file.

EPSS: Средний
github логотип

GHSA-334x-r396-c494

больше 3 лет назад

Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path.

EPSS: Низкий
github логотип

GHSA-334x-45wh-5m94

16 дней назад

In the Linux kernel, the following vulnerability has been resolved: nfsd: provide locking for v4_end_grace Writing to v4_end_grace can race with server shutdown and result in memory being accessed after it was freed - reclaim_str_hashtbl in particularly. We cannot hold nfsd_mutex across the nfsd4_end_grace() call as that is held while client_tracking_op->init() is called and that can wait for an upcall to nfsdcltrack which can write to v4_end_grace, resulting in a deadlock. nfsd4_end_grace() is also called by the landromat work queue and this doesn't require locking as server shutdown will stop the work and wait for it before freeing anything that nfsd4_end_grace() might access. However, we must be sure that writing to v4_end_grace doesn't restart the work item after shutdown has already waited for it. For this we add a new flag protected with nn->client_lock. It is set only while it is safe to make client tracking calls, and v4_end_grace only schedules work while the flag is...

EPSS: Низкий
github логотип

GHSA-334v-pf6c-gv95

почти 4 года назад

In cmdq driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05747150; Issue ID: ALPS05747150.

EPSS: Низкий
github логотип

GHSA-334q-pcqf-gvvf

больше 3 лет назад

Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: Gantt Server). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Common Applications accessible data as well as unauthorized access to critical data or complete access to all Oracle Common Applications accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

CVSS3: 9.1
EPSS: Низкий
github логотип

GHSA-334q-2j78-qm62

почти 4 года назад

Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id or (2) group_id parameter to forum.php, (3) project_task_id parameter to task.php, (4) id parameter to detail.php, (5) the text field on the search page, (6) group_id parameter to qrs.php, (7) form, (8) rows, (9) cols or (10) wrap parameter to notepad.php, or the login field on the login form.

EPSS: Низкий
github логотип

GHSA-334p-wv2m-w3vp

больше 5 лет назад

Denial of service in Apache Xerces2

EPSS: Низкий
github логотип

GHSA-334p-wmh8-9fqw

больше 3 лет назад

A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security (TLS), even if the WSA is configured to block connections to the website. Affected Products: This vulnerability affects Cisco Web Security Appliances if the HTTPS decryption options are enabled and configured for the device to block connections to certain websites. More Information: CSCvb49012. Known Affected Releases: 9.0.1-162 9.1.1-074.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-334m-928v-3v5x

почти 4 года назад

Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image.

EPSS: Низкий
github логотип

GHSA-334j-33qm-fwx4

4 месяца назад

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00422399; Issue ID: MSV-3748.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-334h-vcfc-hw2v

около 1 года назад

The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and including, 1.4.7. This makes it possible for unauthenticated attackers to retrieve draft post titles that should not be accessible to unauthenticated users.

CVSS3: 5.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3354-gp3f-v5mx

Buffer overflow in URI processing in HTTrack and WinHTTrack before 3.42-3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL.

4%
Низкий
почти 4 года назад
github логотип
GHSA-3354-f842-x834

Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35834, CVE-2022-35835, CVE-2022-35840.

CVSS3: 8.8
13%
Средний
больше 3 лет назад
github логотип
GHSA-3353-r7vv-5vpp

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface.

CVSS3: 4.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3353-p834-c8g2

In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.

CVSS3: 5.5
0%
Низкий
почти 3 года назад
github логотип
GHSA-3353-8xh7-8f2x

In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413201; Issue ID: MSV-3302.

CVSS3: 5.5
0%
Низкий
8 месяцев назад
github логотип
GHSA-3353-7c8r-w656

The mintToken function of a smart contract implementation for SuperEnergy (SEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3353-7c4m-qm7q

JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3352-m362-5wfx

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 8.13 before 14.9.4, and all versions starting from 8.14 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs

CVSS3: 4.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3352-gx8m-f7v5

In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.

CVSS3: 5.5
53%
Средний
больше 3 лет назад
github логотип
GHSA-3352-53wf-rvq5

Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arbitrary code via a crafted HPGL file.

23%
Средний
почти 4 года назад
github логотип
GHSA-334x-r396-c494

Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-334x-45wh-5m94

In the Linux kernel, the following vulnerability has been resolved: nfsd: provide locking for v4_end_grace Writing to v4_end_grace can race with server shutdown and result in memory being accessed after it was freed - reclaim_str_hashtbl in particularly. We cannot hold nfsd_mutex across the nfsd4_end_grace() call as that is held while client_tracking_op->init() is called and that can wait for an upcall to nfsdcltrack which can write to v4_end_grace, resulting in a deadlock. nfsd4_end_grace() is also called by the landromat work queue and this doesn't require locking as server shutdown will stop the work and wait for it before freeing anything that nfsd4_end_grace() might access. However, we must be sure that writing to v4_end_grace doesn't restart the work item after shutdown has already waited for it. For this we add a new flag protected with nn->client_lock. It is set only while it is safe to make client tracking calls, and v4_end_grace only schedules work while the flag is...

0%
Низкий
16 дней назад
github логотип
GHSA-334v-pf6c-gv95

In cmdq driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05747150; Issue ID: ALPS05747150.

0%
Низкий
почти 4 года назад
github логотип
GHSA-334q-pcqf-gvvf

Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: Gantt Server). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Common Applications accessible data as well as unauthorized access to critical data or complete access to all Oracle Common Applications accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

CVSS3: 9.1
2%
Низкий
больше 3 лет назад
github логотип
GHSA-334q-2j78-qm62

Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id or (2) group_id parameter to forum.php, (3) project_task_id parameter to task.php, (4) id parameter to detail.php, (5) the text field on the search page, (6) group_id parameter to qrs.php, (7) form, (8) rows, (9) cols or (10) wrap parameter to notepad.php, or the login field on the login form.

1%
Низкий
почти 4 года назад
github логотип
GHSA-334p-wv2m-w3vp

Denial of service in Apache Xerces2

0%
Низкий
больше 5 лет назад
github логотип
GHSA-334p-wmh8-9fqw

A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security (TLS), even if the WSA is configured to block connections to the website. Affected Products: This vulnerability affects Cisco Web Security Appliances if the HTTPS decryption options are enabled and configured for the device to block connections to certain websites. More Information: CSCvb49012. Known Affected Releases: 9.0.1-162 9.1.1-074.

CVSS3: 7.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-334m-928v-3v5x

Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image.

1%
Низкий
почти 4 года назад
github логотип
GHSA-334j-33qm-fwx4

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00422399; Issue ID: MSV-3748.

CVSS3: 8.8
0%
Низкий
4 месяца назад
github логотип
GHSA-334h-vcfc-hw2v

The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and including, 1.4.7. This makes it possible for unauthenticated attackers to retrieve draft post titles that should not be accessible to unauthenticated users.

CVSS3: 5.3
1%
Низкий
около 1 года назад

Уязвимостей на страницу