Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 852

Количество 312 852

github логотип

GHSA-2wvj-9m7h-43j3

больше 3 лет назад

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2wvj-7gj7-2j5w

больше 3 лет назад

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=.

CVSS3: 7.2
EPSS: Низкий
github логотип

GHSA-2wvh-w7fv-6223

почти 4 года назад

Cross-site scripting (XSS) vulnerability in the font tag in ezBoard 7.3u allows remote attackers to execute arbitrary script as other users, as demonstrated using the background:url in a (1) font color or (2) font face argument.

EPSS: Низкий
github логотип

GHSA-2wvh-6639-8hph

почти 2 года назад

O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2wvg-h2ww-x862

больше 3 лет назад

njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2wvf-vp7x-88v4

больше 3 лет назад

MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire.

EPSS: Низкий
github логотип

GHSA-2wvf-mfh8-69x7

почти 4 года назад

Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may allow local users to gain privileges via a long (1) XAPPLRESLANGPATH or (2) XAPPLRESDIR environment variable, or (3) command line argument.

EPSS: Низкий
github логотип

GHSA-2wv9-jq79-5p63

около 1 года назад

A vulnerability was found in Campcodes Student Grading System 1.0. It has been classified as critical. This affects an unknown part of the file /view_students.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-2wv9-4g7m-79pc

больше 3 лет назад

Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes.

CVSS3: 6.8
EPSS: Низкий
github логотип

GHSA-2wv8-xpqh-qr6j

больше 3 лет назад

Advanced Electron Forum (AEF) 1.0.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by languages/english/deletetopic_lang.php.

EPSS: Низкий
github логотип

GHSA-2wv8-x4w3-cpw3

больше 2 лет назад

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain L2TP packets. An attacker could exploit this vulnerability by sending crafted L2TP packets to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. Note: Only traffic directed to the affected system can be used to exploit this vulnerability.

CVSS3: 8.6
EPSS: Низкий
github логотип

GHSA-2wv8-r8jx-c9hx

больше 3 лет назад

The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call.

EPSS: Низкий
github логотип

GHSA-2wv7-wgx8-4hj7

10 месяцев назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Studi7 QR Master allows Reflected XSS. This issue affects QR Master: from n/a through 1.0.5.

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-2wv6-wmqj-wxmj

больше 3 лет назад

NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue is rated as high. Version: N/A. Android ID: A-37776156. References: N-CVE-2017-0869.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2wv6-fcqw-5h48

почти 4 года назад

Directory traversal vulnerability in the HTTP server for BPM Studio Pro 4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request.

EPSS: Низкий
github логотип

GHSA-2wv5-fxxc-g48c

почти 4 года назад

The Bug Genie before 3.2.6 has Multiple XSS and HTML Injection Vulnerabilities

EPSS: Низкий
github логотип

GHSA-2wv4-x82r-pj66

почти 4 года назад

Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to inject arbitrary web script or HTML via the letters parameter.

EPSS: Низкий
github логотип

GHSA-2wv3-fgjg-gj5w

больше 2 лет назад

Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may allow an unauthenticated user to conduct a denial of service via network access.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2wv3-6pw9-m6hw

почти 2 года назад

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-2wv3-4cg3-63g8

почти 2 года назад

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause DOS through stack overflow.

CVSS3: 3.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2wvj-9m7h-43j3

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.

CVSS3: 7.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2wvj-7gj7-2j5w

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=.

CVSS3: 7.2
8%
Низкий
больше 3 лет назад
github логотип
GHSA-2wvh-w7fv-6223

Cross-site scripting (XSS) vulnerability in the font tag in ezBoard 7.3u allows remote attackers to execute arbitrary script as other users, as demonstrated using the background:url in a (1) font color or (2) font face argument.

3%
Низкий
почти 4 года назад
github логотип
GHSA-2wvh-6639-8hph

O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler.

CVSS3: 9.8
0%
Низкий
почти 2 года назад
github логотип
GHSA-2wvg-h2ww-x862

njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2wvf-vp7x-88v4

MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2wvf-mfh8-69x7

Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may allow local users to gain privileges via a long (1) XAPPLRESLANGPATH or (2) XAPPLRESDIR environment variable, or (3) command line argument.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2wv9-jq79-5p63

A vulnerability was found in Campcodes Student Grading System 1.0. It has been classified as critical. This affects an unknown part of the file /view_students.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 6.3
0%
Низкий
около 1 года назад
github логотип
GHSA-2wv9-4g7m-79pc

Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes.

CVSS3: 6.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2wv8-xpqh-qr6j

Advanced Electron Forum (AEF) 1.0.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by languages/english/deletetopic_lang.php.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2wv8-x4w3-cpw3

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain L2TP packets. An attacker could exploit this vulnerability by sending crafted L2TP packets to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. Note: Only traffic directed to the affected system can be used to exploit this vulnerability.

CVSS3: 8.6
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2wv8-r8jx-c9hx

The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2wv7-wgx8-4hj7

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Studi7 QR Master allows Reflected XSS. This issue affects QR Master: from n/a through 1.0.5.

CVSS3: 7.1
0%
Низкий
10 месяцев назад
github логотип
GHSA-2wv6-wmqj-wxmj

NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue is rated as high. Version: N/A. Android ID: A-37776156. References: N-CVE-2017-0869.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2wv6-fcqw-5h48

Directory traversal vulnerability in the HTTP server for BPM Studio Pro 4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request.

3%
Низкий
почти 4 года назад
github логотип
GHSA-2wv5-fxxc-g48c

The Bug Genie before 3.2.6 has Multiple XSS and HTML Injection Vulnerabilities

0%
Низкий
почти 4 года назад
github логотип
GHSA-2wv4-x82r-pj66

Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to inject arbitrary web script or HTML via the letters parameter.

1%
Низкий
почти 4 года назад
github логотип
GHSA-2wv3-fgjg-gj5w

Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may allow an unauthenticated user to conduct a denial of service via network access.

CVSS3: 6.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2wv3-6pw9-m6hw

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).

CVSS3: 7.3
0%
Низкий
почти 2 года назад
github логотип
GHSA-2wv3-4cg3-63g8

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause DOS through stack overflow.

CVSS3: 3.3
0%
Низкий
почти 2 года назад

Уязвимостей на страницу