Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 212

Количество 314 212

github логотип

GHSA-2vxp-rq9r-5v72

около 4 лет назад

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190839.

EPSS: Низкий
github логотип

GHSA-2vxm-vp4c-fjfw

почти 4 года назад

Authentication Bypass in Apache Cassandra

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2vxm-9c9f-7q2m

около 1 года назад

Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. On successful exploitation, the attacker can read or modify any file and/or make the entire system unavailable.

CVSS3: 9.1
EPSS: Низкий
github логотип

GHSA-2vxj-pxvw-7hx9

6 месяцев назад

Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2vxj-2qq6-h8r7

больше 3 лет назад

Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-2vxh-hj65-9hr4

около 4 лет назад

There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause the attacker to obtain a higher privilege

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2vxh-hc45-2qhm

больше 3 лет назад

The Newphoria Koritore application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-2vxg-v3f5-p55m

больше 3 лет назад

Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

EPSS: Низкий
github логотип

GHSA-2vxg-7c3m-cgf3

больше 3 лет назад

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).

EPSS: Низкий
github логотип

GHSA-2vxc-vwwx-rxpx

больше 3 лет назад

NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which improper access control may lead to denial of service and information disclosure.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-2vxc-gxjp-wx62

почти 4 года назад

Cross-site scripting (XSS) vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-2vx9-p4fj-xxq6

8 месяцев назад

A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges. This vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2vx9-hmx8-pgxj

больше 2 лет назад

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Onclick show popup plugin <= 8.1 versions.

CVSS3: 5.9
EPSS: Низкий
github логотип

GHSA-2vx9-h65m-6rg8

больше 3 лет назад

An exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw, resulting in a firmware downgrade. An attacker can insert an SD card to trigger this vulnerability.

CVSS3: 4.6
EPSS: Низкий
github логотип

GHSA-2vx8-jgq6-85cm

почти 3 года назад

WangEditor v5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /dist/index.js.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-2vx8-fp5p-f94q

почти 4 года назад

Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS, a different vulnerability than CVE-2009-2673.

EPSS: Низкий
github логотип

GHSA-2vx8-9hgx-f8cj

около 1 года назад

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2vx8-24mr-f6q5

почти 4 года назад

Cross-site scripting (XSS) vulnerability in index.php in Winn Guestbook 2.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

EPSS: Низкий
github логотип

GHSA-2vx7-8vwr-vppx

больше 3 лет назад

Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.

EPSS: Средний
github логотип

GHSA-2vx6-mxq6-c2rw

больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntfs_set_label() error: __builtin_memcpy() 'uni->name' too small (20 vs 256)

CVSS3: 9.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2vxp-rq9r-5v72

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190839.

0%
Низкий
около 4 лет назад
github логотип
GHSA-2vxm-vp4c-fjfw

Authentication Bypass in Apache Cassandra

CVSS3: 7.5
1%
Низкий
почти 4 года назад
github логотип
GHSA-2vxm-9c9f-7q2m

Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. On successful exploitation, the attacker can read or modify any file and/or make the entire system unavailable.

CVSS3: 9.1
0%
Низкий
около 1 года назад
github логотип
GHSA-2vxj-pxvw-7hx9

Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 5.5
0%
Низкий
6 месяцев назад
github логотип
GHSA-2vxj-2qq6-h8r7

Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2vxh-hj65-9hr4

There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause the attacker to obtain a higher privilege

CVSS3: 7.8
0%
Низкий
около 4 лет назад
github логотип
GHSA-2vxh-hc45-2qhm

The Newphoria Koritore application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2vxg-v3f5-p55m

Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2vxg-7c3m-cgf3

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).

2%
Низкий
больше 3 лет назад
github логотип
GHSA-2vxc-vwwx-rxpx

NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which improper access control may lead to denial of service and information disclosure.

CVSS3: 5.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2vxc-gxjp-wx62

Cross-site scripting (XSS) vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2vx9-p4fj-xxq6

A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges. This vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device.

CVSS3: 8.8
0%
Низкий
8 месяцев назад
github логотип
GHSA-2vx9-hmx8-pgxj

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Onclick show popup plugin <= 8.1 versions.

CVSS3: 5.9
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2vx9-h65m-6rg8

An exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw, resulting in a firmware downgrade. An attacker can insert an SD card to trigger this vulnerability.

CVSS3: 4.6
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2vx8-jgq6-85cm

WangEditor v5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /dist/index.js.

CVSS3: 5.4
0%
Низкий
почти 3 года назад
github логотип
GHSA-2vx8-fp5p-f94q

Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS, a different vulnerability than CVE-2009-2673.

1%
Низкий
почти 4 года назад
github логотип
GHSA-2vx8-9hgx-f8cj

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVSS3: 7.8
0%
Низкий
около 1 года назад
github логотип
GHSA-2vx8-24mr-f6q5

Cross-site scripting (XSS) vulnerability in index.php in Winn Guestbook 2.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

2%
Низкий
почти 4 года назад
github логотип
GHSA-2vx7-8vwr-vppx

Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.

16%
Средний
больше 3 лет назад
github логотип
GHSA-2vx6-mxq6-c2rw

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntfs_set_label() error: __builtin_memcpy() 'uni->name' too small (20 vs 256)

CVSS3: 9.8
0%
Низкий
больше 1 года назад

Уязвимостей на страницу