Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-2rmr-vqgp-f8jv

4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata Following concurrent processes: P1(drop cache) P2(kworker) drop_caches_sysctl_handler drop_slab shrink_slab down_read(&shrinker_rwsem) - LOCK A do_shrink_slab super_cache_scan prune_icache_sb dispose_list evict ext4_evict_inode ext4_clear_inode ext4_discard_preallocations ext4_mb_load_buddy_gfp ext4_mb_init_cache ext4_read_block_bitmap_nowait ext4_read_bh_nowait submit_bh dm_submit_bio do_worker process_deferred_bios commit metadata_operation_failed dm_pool_abort_metadata down_write(&pmd->root_lock) - LOCK B __destroy_persistent_data_objects dm_block_manager_destroy dm_bufio_client_destroy unregister_shrinker ...

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2rmr-49w2-jxx7

больше 2 лет назад

Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details".

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2rmr-23wf-5jvq

почти 4 года назад

Buffer overflow in the LGServer service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary code via unspecified "command arguments."

EPSS: Средний
github логотип

GHSA-2rmq-m43q-chm7

12 месяцев назад

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Import Data From File feature in all versions up to, and including, 3.11.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS3: 6.4
EPSS: Низкий
github логотип

GHSA-2rmq-hwgh-xq34

больше 3 лет назад

SQL injection vulnerability in index.php in WebStudio eCatalogue allows remote attackers to execute arbitrary SQL commands via the pageid parameter.

EPSS: Низкий
github логотип

GHSA-2rmp-vm63-x8jm

почти 3 года назад

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the saveLang function. This makes it possible for unauthenticated attackers to change the plugin's quick language translation settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2rmp-qgp4-wg66

3 месяца назад

A weakness has been identified in bestfeng oa_git_free up to 9.5. This affects the function updateWriteBack of the file yimioa-oa9.5\server\c-flow\src\main\java\com\cloudweb\oa\controller\WorkflowPredefineController.java. This manipulation of the argument writeProp causes xml external entity reference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-2rmp-fw5r-j5qv

больше 4 лет назад

Improper Authentication in InfluxDB

CVSS3: 9.8
EPSS: Критический
github логотип

GHSA-2rmp-82h5-59gg

почти 4 года назад

eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module.

EPSS: Низкий
github логотип

GHSA-2rmm-r7j4-mw6g

больше 3 лет назад

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114.

CVSS3: 7.5
EPSS: Средний
github логотип

GHSA-2rmm-hwr3-75xq

почти 2 года назад

A vulnerability classified as problematic was found in Faraday GM8181 and GM828x up to 20240429. Affected by this vulnerability is an unknown functionality of the component Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-263305 was assigned to this vulnerability.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-2rmm-87v7-34rj

почти 4 года назад

Improper Restriction of XML External Entity Reference in Any23

CVSS3: 9.1
EPSS: Низкий
github логотип

GHSA-2rmj-mq67-h97g

больше 1 года назад

Spring Framework DoS via conditional HTTP request

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-2rmj-3gh3-p952

больше 3 лет назад

Untrusted search path vulnerability in UltraVNC 1.0.8.2 allows local users to gain privileges via a Trojan horse vnclang.dll file in the current working directory, as demonstrated by a directory that contains a .vnc file. NOTE: some of these details are obtained from third party information.

EPSS: Низкий
github логотип

GHSA-2rmh-3vpc-xqrj

почти 4 года назад

PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key (ADK) is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate.

EPSS: Низкий
github логотип

GHSA-2rmf-wj7v-g6m7

больше 3 лет назад

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference may lead to denial of service or possible escalation of privileges.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2rmf-9mpq-4vh6

больше 3 лет назад

The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP files, because the formmailer widget blocks .php files but not .php5 or .phtml files. This is related to /assets/php/formmailer/SendEmail.php and /assets/php/formmailer/functions.php.

CVSS3: 9.8
EPSS: Средний
github логотип

GHSA-2rmf-3rpp-rfgh

больше 1 года назад

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2rmc-v2mp-gxq4

около 4 лет назад

In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196970023

EPSS: Низкий
github логотип

GHSA-2rmc-r8fj-3p89

больше 1 года назад

Honeywell PC42t, PC42tp, and PC42d Printers, T10.19.020016 to T10.20.060398, contain a cross-site scripting vulnerability. A(n) attacker could potentially inject malicious code which may lead to information disclosure, session theft, or client-side request forgery. Honeywell recommends updating to the most recent version of this firmware, PC42 Printer Firmware Version 20.6 T10.20.060398.

CVSS3: 3.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2rmr-vqgp-f8jv

In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata Following concurrent processes: P1(drop cache) P2(kworker) drop_caches_sysctl_handler drop_slab shrink_slab down_read(&shrinker_rwsem) - LOCK A do_shrink_slab super_cache_scan prune_icache_sb dispose_list evict ext4_evict_inode ext4_clear_inode ext4_discard_preallocations ext4_mb_load_buddy_gfp ext4_mb_init_cache ext4_read_block_bitmap_nowait ext4_read_bh_nowait submit_bh dm_submit_bio do_worker process_deferred_bios commit metadata_operation_failed dm_pool_abort_metadata down_write(&pmd->root_lock) - LOCK B __destroy_persistent_data_objects dm_block_manager_destroy dm_bufio_client_destroy unregister_shrinker ...

CVSS3: 5.5
0%
Низкий
4 месяца назад
github логотип
GHSA-2rmr-49w2-jxx7

Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details".

CVSS3: 7.5
2%
Низкий
больше 2 лет назад
github логотип
GHSA-2rmr-23wf-5jvq

Buffer overflow in the LGServer service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary code via unspecified "command arguments."

17%
Средний
почти 4 года назад
github логотип
GHSA-2rmq-m43q-chm7

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Import Data From File feature in all versions up to, and including, 3.11.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS3: 6.4
0%
Низкий
12 месяцев назад
github логотип
GHSA-2rmq-hwgh-xq34

SQL injection vulnerability in index.php in WebStudio eCatalogue allows remote attackers to execute arbitrary SQL commands via the pageid parameter.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2rmp-vm63-x8jm

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the saveLang function. This makes it possible for unauthenticated attackers to change the plugin's quick language translation settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS3: 4.3
0%
Низкий
почти 3 года назад
github логотип
GHSA-2rmp-qgp4-wg66

A weakness has been identified in bestfeng oa_git_free up to 9.5. This affects the function updateWriteBack of the file yimioa-oa9.5\server\c-flow\src\main\java\com\cloudweb\oa\controller\WorkflowPredefineController.java. This manipulation of the argument writeProp causes xml external entity reference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.

CVSS3: 6.3
0%
Низкий
3 месяца назад
github логотип
GHSA-2rmp-fw5r-j5qv

Improper Authentication in InfluxDB

CVSS3: 9.8
94%
Критический
больше 4 лет назад
github логотип
GHSA-2rmp-82h5-59gg

eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module.

1%
Низкий
почти 4 года назад
github логотип
GHSA-2rmm-r7j4-mw6g

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114.

CVSS3: 7.5
17%
Средний
больше 3 лет назад
github логотип
GHSA-2rmm-hwr3-75xq

A vulnerability classified as problematic was found in Faraday GM8181 and GM828x up to 20240429. Affected by this vulnerability is an unknown functionality of the component Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-263305 was assigned to this vulnerability.

CVSS3: 5.3
0%
Низкий
почти 2 года назад
github логотип
GHSA-2rmm-87v7-34rj

Improper Restriction of XML External Entity Reference in Any23

CVSS3: 9.1
2%
Низкий
почти 4 года назад
github логотип
GHSA-2rmj-mq67-h97g

Spring Framework DoS via conditional HTTP request

CVSS3: 5.3
0%
Низкий
больше 1 года назад
github логотип
GHSA-2rmj-3gh3-p952

Untrusted search path vulnerability in UltraVNC 1.0.8.2 allows local users to gain privileges via a Trojan horse vnclang.dll file in the current working directory, as demonstrated by a directory that contains a .vnc file. NOTE: some of these details are obtained from third party information.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2rmh-3vpc-xqrj

PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key (ADK) is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2rmf-wj7v-g6m7

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference may lead to denial of service or possible escalation of privileges.

CVSS3: 8.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2rmf-9mpq-4vh6

The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP files, because the formmailer widget blocks .php files but not .php5 or .phtml files. This is related to /assets/php/formmailer/SendEmail.php and /assets/php/formmailer/functions.php.

CVSS3: 9.8
37%
Средний
больше 3 лет назад
github логотип
GHSA-2rmf-3rpp-rfgh

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVSS3: 8.8
8%
Низкий
больше 1 года назад
github логотип
GHSA-2rmc-v2mp-gxq4

In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196970023

0%
Низкий
около 4 лет назад
github логотип
GHSA-2rmc-r8fj-3p89

Honeywell PC42t, PC42tp, and PC42d Printers, T10.19.020016 to T10.20.060398, contain a cross-site scripting vulnerability. A(n) attacker could potentially inject malicious code which may lead to information disclosure, session theft, or client-side request forgery. Honeywell recommends updating to the most recent version of this firmware, PC42 Printer Firmware Version 20.6 T10.20.060398.

CVSS3: 3.5
0%
Низкий
больше 1 года назад

Уязвимостей на страницу