Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 212

Количество 314 212

github логотип

GHSA-2rqw-mg55-mp69

около 4 лет назад

An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS).

EPSS: Низкий
github логотип

GHSA-2rqw-cvq5-cpcc

больше 2 лет назад

Improper authorization in the Intel(R) EMA software before version 1.9.0.0 may allow an authenticated user to potentially enable denial of service via local access.

CVSS3: 5
EPSS: Низкий
github логотип

GHSA-2rqw-cfhc-35fh

больше 1 года назад

CKAN may leak Solr credentials via error message in package_search action

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-2rqw-4rc9-x55v

больше 3 лет назад

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-2rqv-6w76-hjxv

больше 3 лет назад

SQL injection vulnerability in ndetail.php in Shahrood allows remote attackers to execute arbitrary SQL commands via the id parameter.

EPSS: Низкий
github логотип

GHSA-2rqr-64j8-q8px

больше 3 лет назад

In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack.

CVSS3: 4.7
EPSS: Низкий
github логотип

GHSA-2rqq-wmcv-3phw

больше 3 лет назад

The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation check.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2rqq-v9v7-f3mq

около 1 года назад

Mattermost Mobile Apps versions <=2.22.0 fail to properly handle specially crafted attachment names, which allows an attacker to crash the mobile app for any user who opened a channel containing the specially crafted attachment

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2rqq-cg89-vq87

больше 3 лет назад

Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on systems that have vulnerable versions of Bamboo.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2rqp-mqvp-96gv

почти 2 года назад

S-Lang 2.3.2 was discovered to contain a segmentation fault via the function fixup_tgetstr().

CVSS3: 9.1
EPSS: Низкий
github логотип

GHSA-2rqp-7mg5-p5j7

больше 3 лет назад

The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.

EPSS: Низкий
github логотип

GHSA-2rqp-6r59-hpfg

больше 2 лет назад

Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.

CVSS3: 6.8
EPSS: Низкий
github логотип

GHSA-2rqj-66p3-64g9

больше 3 лет назад

SQL injection vulnerability in inc_pollingboothmanager.asp in DMXReady Polling Booth Manager allows remote attackers to execute arbitrary SQL commands via the QuestionID parameter in a results action.

EPSS: Низкий
github логотип

GHSA-2rqj-34g2-6fp3

10 месяцев назад

Cross-Site Request Forgery (CSRF) vulnerability in appointy Appointy Appointment Scheduler allows Cross Site Request Forgery. This issue affects Appointy Appointment Scheduler: from n/a through 4.2.1.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2rqg-r6g4-rvxh

почти 4 года назад

Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2_MSG_DEBUG packet with a modified stringlen parameter, which leads to a buffer overflow.

EPSS: Средний
github логотип

GHSA-2rqg-qj27-3wj5

около 3 лет назад

Logrhythm Web Console 7.4.9 allows for HTML tag injection through Contextualize Action -> Create a new Contextualize Action -> Inject your HTML tag in the name field.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-2rqg-pj4m-7gvr

больше 3 лет назад

net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product.

EPSS: Низкий
github логотип

GHSA-2rqg-jxw5-fmmm

больше 3 лет назад

X-Plane 11.41 and earlier has multiple improper path validations that could allow reading and writing files from/to arbitrary paths (or a leak of OS credentials to a remote system) via crafted network packets. This could be used to execute arbitrary commands on the system.

EPSS: Низкий
github логотип

GHSA-2rqg-gm2p-h7rr

около 3 лет назад

AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2rqf-vpg2-x2pw

почти 4 года назад

Memory leak in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allows remote attackers to cause a denial of service (memory exhaustion) via crafted TCP packets.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2rqw-mg55-mp69

An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS).

0%
Низкий
около 4 лет назад
github логотип
GHSA-2rqw-cvq5-cpcc

Improper authorization in the Intel(R) EMA software before version 1.9.0.0 may allow an authenticated user to potentially enable denial of service via local access.

CVSS3: 5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2rqw-cfhc-35fh

CKAN may leak Solr credentials via error message in package_search action

CVSS3: 5.3
0%
Низкий
больше 1 года назад
github логотип
GHSA-2rqw-4rc9-x55v

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS3: 5.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2rqv-6w76-hjxv

SQL injection vulnerability in ndetail.php in Shahrood allows remote attackers to execute arbitrary SQL commands via the id parameter.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2rqr-64j8-q8px

In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack.

CVSS3: 4.7
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2rqq-wmcv-3phw

The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation check.

CVSS3: 4.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2rqq-v9v7-f3mq

Mattermost Mobile Apps versions <=2.22.0 fail to properly handle specially crafted attachment names, which allows an attacker to crash the mobile app for any user who opened a channel containing the specially crafted attachment

CVSS3: 4.3
0%
Низкий
около 1 года назад
github логотип
GHSA-2rqq-cg89-vq87

Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on systems that have vulnerable versions of Bamboo.

CVSS3: 8.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2rqp-mqvp-96gv

S-Lang 2.3.2 was discovered to contain a segmentation fault via the function fixup_tgetstr().

CVSS3: 9.1
0%
Низкий
почти 2 года назад
github логотип
GHSA-2rqp-7mg5-p5j7

The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.

2%
Низкий
больше 3 лет назад
github логотип
GHSA-2rqp-6r59-hpfg

Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.

CVSS3: 6.8
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2rqj-66p3-64g9

SQL injection vulnerability in inc_pollingboothmanager.asp in DMXReady Polling Booth Manager allows remote attackers to execute arbitrary SQL commands via the QuestionID parameter in a results action.

2%
Низкий
больше 3 лет назад
github логотип
GHSA-2rqj-34g2-6fp3

Cross-Site Request Forgery (CSRF) vulnerability in appointy Appointy Appointment Scheduler allows Cross Site Request Forgery. This issue affects Appointy Appointment Scheduler: from n/a through 4.2.1.

CVSS3: 6.5
0%
Низкий
10 месяцев назад
github логотип
GHSA-2rqg-r6g4-rvxh

Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2_MSG_DEBUG packet with a modified stringlen parameter, which leads to a buffer overflow.

21%
Средний
почти 4 года назад
github логотип
GHSA-2rqg-qj27-3wj5

Logrhythm Web Console 7.4.9 allows for HTML tag injection through Contextualize Action -> Create a new Contextualize Action -> Inject your HTML tag in the name field.

CVSS3: 6.1
0%
Низкий
около 3 лет назад
github логотип
GHSA-2rqg-pj4m-7gvr

net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product.

6%
Низкий
больше 3 лет назад
github логотип
GHSA-2rqg-jxw5-fmmm

X-Plane 11.41 and earlier has multiple improper path validations that could allow reading and writing files from/to arbitrary paths (or a leak of OS credentials to a remote system) via crafted network packets. This could be used to execute arbitrary commands on the system.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2rqg-gm2p-h7rr

AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1.

CVSS3: 7.5
1%
Низкий
около 3 лет назад
github логотип
GHSA-2rqf-vpg2-x2pw

Memory leak in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allows remote attackers to cause a denial of service (memory exhaustion) via crafted TCP packets.

1%
Низкий
почти 4 года назад

Уязвимостей на страницу