Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-2qww-mx2p-2v4m

около 1 года назад

A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An attacker with user privileges may be able to read kernel memory.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2qww-cm69-c4w4

почти 4 года назад

Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2qwv-xp73-79cx

почти 3 года назад

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering.

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-2qwv-78pj-mrp7

больше 1 года назад

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'give_form' shortcode when used with a legacy form in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS3: 6.4
EPSS: Низкий
github логотип

GHSA-2qwv-4qw2-9pcq

около 2 лет назад

A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recency parameter in models/web_progress.py component.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2qwr-r6gf-vwxg

почти 4 года назад

Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open Desktop/Open Server 3.0 allows local users to gain root privileges.

EPSS: Низкий
github логотип

GHSA-2qwq-jpp7-c3cx

около 2 месяцев назад

The FunnelKit - Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'opid' parameter in all versions up to, and including, 3.13.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2qwq-gqpm-q83g

больше 3 лет назад

Rails is bad

CVSS3: 7.8
EPSS: Средний
github логотип

GHSA-2qwq-f37f-3q37

почти 4 года назад

Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CCW32.exe, which launches Notepad, or (2) the help button in the Carbon Copy Scheduler (CCSched.exe).

EPSS: Низкий
github логотип

GHSA-2qwp-p482-jjpc

больше 2 лет назад

Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encryption key, the information such as the server credentials may be obtained from the exported Address Book data. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

CVSS3: 5.9
EPSS: Низкий
github логотип

GHSA-2qwp-42gw-8pfq

почти 4 года назад

The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long header field.

EPSS: Средний
github логотип

GHSA-2qwm-9mg5-jwq8

около 3 лет назад

Liferay Portal and Liferay DXP Vulnerable to XSS via the Announcements Module

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-2qwm-44g6-g67q

больше 2 лет назад

In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

CVSS3: 4.4
EPSS: Низкий
github логотип

GHSA-2qwj-j885-gv4x

больше 3 лет назад

dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2qwj-2xpr-m26w

больше 3 лет назад

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Logging). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS3: 4.4
EPSS: Низкий
github логотип

GHSA-2qwg-cqpg-9qrr

почти 2 года назад

On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and some

CVSS3: 3.1
EPSS: Низкий
github логотип

GHSA-2qwg-c99h-5pxc

около 1 года назад

ECOVACS Robotics Deebot T20 OMNI and T20e OMNI before 1.24.0 was discovered to contain a WiFi Remote Code Execution vulnerability.

CVSS3: 7.4
EPSS: Низкий
github логотип

GHSA-2qwg-3h4c-44rq

больше 3 лет назад

Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVSS3: 5.9
EPSS: Низкий
github логотип

GHSA-2qwf-fhm6-c4w3

больше 3 лет назад

SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request.

EPSS: Низкий
github логотип

GHSA-2qwc-x3pr-2jgf

почти 4 года назад

Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote attackers to execute arbitrary code via a PNG image of certain color depths.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2qww-mx2p-2v4m

A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An attacker with user privileges may be able to read kernel memory.

CVSS3: 5.5
0%
Низкий
около 1 года назад
github логотип
GHSA-2qww-cm69-c4w4

Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control.

CVSS3: 9.8
0%
Низкий
почти 4 года назад
github логотип
GHSA-2qwv-xp73-79cx

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering.

CVSS3: 7.1
0%
Низкий
почти 3 года назад
github логотип
GHSA-2qwv-78pj-mrp7

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'give_form' shortcode when used with a legacy form in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS3: 6.4
0%
Низкий
больше 1 года назад
github логотип
GHSA-2qwv-4qw2-9pcq

A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recency parameter in models/web_progress.py component.

CVSS3: 9.8
1%
Низкий
около 2 лет назад
github логотип
GHSA-2qwr-r6gf-vwxg

Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open Desktop/Open Server 3.0 allows local users to gain root privileges.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2qwq-jpp7-c3cx

The FunnelKit - Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'opid' parameter in all versions up to, and including, 3.13.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVSS3: 7.5
0%
Низкий
около 2 месяцев назад
github логотип
CVSS3: 7.8
35%
Средний
больше 3 лет назад
github логотип
GHSA-2qwq-f37f-3q37

Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CCW32.exe, which launches Notepad, or (2) the help button in the Carbon Copy Scheduler (CCSched.exe).

0%
Низкий
почти 4 года назад
github логотип
GHSA-2qwp-p482-jjpc

Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encryption key, the information such as the server credentials may be obtained from the exported Address Book data. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

CVSS3: 5.9
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2qwp-42gw-8pfq

The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long header field.

15%
Средний
почти 4 года назад
github логотип
GHSA-2qwm-9mg5-jwq8

Liferay Portal and Liferay DXP Vulnerable to XSS via the Announcements Module

CVSS3: 6.1
0%
Низкий
около 3 лет назад
github логотип
GHSA-2qwm-44g6-g67q

In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

CVSS3: 4.4
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2qwj-j885-gv4x

dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2qwj-2xpr-m26w

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Logging). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS3: 4.4
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2qwg-cqpg-9qrr

On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and some

CVSS3: 3.1
0%
Низкий
почти 2 года назад
github логотип
GHSA-2qwg-c99h-5pxc

ECOVACS Robotics Deebot T20 OMNI and T20e OMNI before 1.24.0 was discovered to contain a WiFi Remote Code Execution vulnerability.

CVSS3: 7.4
0%
Низкий
около 1 года назад
github логотип
GHSA-2qwg-3h4c-44rq

Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVSS3: 5.9
2%
Низкий
больше 3 лет назад
github логотип
GHSA-2qwf-fhm6-c4w3

SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-2qwc-x3pr-2jgf

Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote attackers to execute arbitrary code via a PNG image of certain color depths.

3%
Низкий
почти 4 года назад

Уязвимостей на страницу