Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-2x2h-53cj-6jjx

больше 1 года назад

Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2x2g-qj89-46xx

почти 4 года назад

Cisco devices running Application and Content Networking System (ACNS) 5.0, 5.1 before 5.1.13.7, or 5.2 before 5.2.3.9 allow remote attackers to cause a denial of service (bandwidth consumption) via "crafted IP packets" that are continuously forwarded.

EPSS: Низкий
github логотип

GHSA-2x2g-32r7-p4x8

около 1 года назад

Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2x2c-h542-whv5

больше 3 лет назад

An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2x29-88x9-wfrj

7 месяцев назад

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bayraktar Solar Energies ScadaWatt Otopilot allows SQL Injection.This issue affects ScadaWatt Otopilot: before 27.05.2025.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2x28-xwcm-wq72

почти 3 года назад

TXOne StellarOne has an improper access control privilege escalation vulnerability in every version before V2.0.1160 that could allow a malicious, falsely authenticated user to escalate his privileges to administrator level. With these privileges, an attacker could perform actions they are not authorized to. Please note: an attacker must first obtain a low-privileged authenticated user's profile on the target system in order to exploit this vulnerability.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2x28-c7j7-23gv

больше 2 лет назад

Subrion remote command execution vulnerability

CVSS3: 7.2
EPSS: Низкий
github логотип

GHSA-2x28-576q-2wr5

больше 1 года назад

Missing Authorization vulnerability in Afzal Multani WP Clone Menu.This issue affects WP Clone Menu: from n/a through 1.0.1.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-2x28-2cqf-228j

больше 3 лет назад

Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

EPSS: Низкий
github логотип

GHSA-2x27-qff4-6hf8

больше 3 лет назад

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.

EPSS: Низкий
github логотип

GHSA-2x27-jmf7-8fj3

16 дней назад

Rejected reason: Not used

EPSS: Низкий
github логотип

GHSA-2x27-jcrc-gj3p

больше 3 лет назад

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8422.

CVSS3: 6.5
EPSS: Средний
github логотип

GHSA-2x26-r374-v69m

3 месяца назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Tadlock Query Posts query-posts allows Stored XSS.This issue affects Query Posts: from n/a through <= 0.3.2.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-2x26-cf8j-qvpf

больше 3 лет назад

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2x25-w5h9-6hg2

больше 3 лет назад

The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2x24-vjrm-p9g2

около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: drm/i915: fix race condition UAF in i915_perf_add_config_ioctl Userspace can guess the id value and try to race oa_config object creation with config remove, resulting in a use-after-free if we dereference the object after unlocking the metrics_lock. For that reason, unlocking the metrics_lock must be done after we are done dereferencing the object. [tursulin: Manually added stable tag.] (cherry picked from commit 49f6f6483b652108bcb73accd0204a464b922395)

EPSS: Низкий
github логотип

GHSA-2x24-jm45-5wc6

почти 4 года назад

mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not allow protected operators to access channels that have been locked out by a key, which allows IRC users to cause a denial of service.

EPSS: Низкий
github логотип

GHSA-2x24-gfqp-9jhx

больше 3 лет назад

Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response.

CVSS3: 9.8
EPSS: Средний
github логотип

GHSA-2x22-g3rw-p4g9

около 3 лет назад

In Bestechnic Bluetooth Mesh SDK (BES2300) V1.0, a buffer overflow vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2wxx-6f5h-cwcg

почти 4 года назад

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9 through Bundle #26 allows remote authenticated users to affect confidentiality via unknown vectors related to eCompensation.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2x2h-53cj-6jjx

Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.

CVSS3: 4.3
0%
Низкий
больше 1 года назад
github логотип
GHSA-2x2g-qj89-46xx

Cisco devices running Application and Content Networking System (ACNS) 5.0, 5.1 before 5.1.13.7, or 5.2 before 5.2.3.9 allow remote attackers to cause a denial of service (bandwidth consumption) via "crafted IP packets" that are continuously forwarded.

1%
Низкий
почти 4 года назад
github логотип
GHSA-2x2g-32r7-p4x8

Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider

CVSS3: 6.5
0%
Низкий
около 1 года назад
github логотип
GHSA-2x2c-h542-whv5

An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend.

CVSS3: 8.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2x29-88x9-wfrj

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bayraktar Solar Energies ScadaWatt Otopilot allows SQL Injection.This issue affects ScadaWatt Otopilot: before 27.05.2025.

CVSS3: 9.8
0%
Низкий
7 месяцев назад
github логотип
GHSA-2x28-xwcm-wq72

TXOne StellarOne has an improper access control privilege escalation vulnerability in every version before V2.0.1160 that could allow a malicious, falsely authenticated user to escalate his privileges to administrator level. With these privileges, an attacker could perform actions they are not authorized to. Please note: an attacker must first obtain a low-privileged authenticated user's profile on the target system in order to exploit this vulnerability.

CVSS3: 8.8
0%
Низкий
почти 3 года назад
github логотип
GHSA-2x28-c7j7-23gv

Subrion remote command execution vulnerability

CVSS3: 7.2
2%
Низкий
больше 2 лет назад
github логотип
GHSA-2x28-576q-2wr5

Missing Authorization vulnerability in Afzal Multani WP Clone Menu.This issue affects WP Clone Menu: from n/a through 1.0.1.

CVSS3: 5.4
0%
Низкий
больше 1 года назад
github логотип
GHSA-2x28-2cqf-228j

Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-2x27-qff4-6hf8

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.

4%
Низкий
больше 3 лет назад
github логотип
GHSA-2x27-jmf7-8fj3

Rejected reason: Not used

16 дней назад
github логотип
GHSA-2x27-jcrc-gj3p

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8422.

CVSS3: 6.5
18%
Средний
больше 3 лет назад
github логотип
GHSA-2x26-r374-v69m

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Tadlock Query Posts query-posts allows Stored XSS.This issue affects Query Posts: from n/a through <= 0.3.2.

CVSS3: 5.4
0%
Низкий
3 месяца назад
github логотип
GHSA-2x26-cf8j-qvpf

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections.

CVSS3: 7.5
5%
Низкий
больше 3 лет назад
github логотип
GHSA-2x25-w5h9-6hg2

The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2x24-vjrm-p9g2

In the Linux kernel, the following vulnerability has been resolved: drm/i915: fix race condition UAF in i915_perf_add_config_ioctl Userspace can guess the id value and try to race oa_config object creation with config remove, resulting in a use-after-free if we dereference the object after unlocking the metrics_lock. For that reason, unlocking the metrics_lock must be done after we are done dereferencing the object. [tursulin: Manually added stable tag.] (cherry picked from commit 49f6f6483b652108bcb73accd0204a464b922395)

0%
Низкий
около 1 месяца назад
github логотип
GHSA-2x24-jm45-5wc6

mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not allow protected operators to access channels that have been locked out by a key, which allows IRC users to cause a denial of service.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2x24-gfqp-9jhx

Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response.

CVSS3: 9.8
28%
Средний
больше 3 лет назад
github логотип
GHSA-2x22-g3rw-p4g9

In Bestechnic Bluetooth Mesh SDK (BES2300) V1.0, a buffer overflow vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU.

CVSS3: 8.8
0%
Низкий
около 3 лет назад
github логотип
GHSA-2wxx-6f5h-cwcg

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9 through Bundle #26 allows remote authenticated users to affect confidentiality via unknown vectors related to eCompensation.

0%
Низкий
почти 4 года назад

Уязвимостей на страницу