Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-2gcw-452g-jcfj

около 4 лет назад

Wasm3 0.5.0 has an out-of-bounds write in Runtime_Release (called from EvaluateExpression and InitDataSegments).

EPSS: Низкий
github логотип

GHSA-2gcv-8ccj-f7px

около 3 лет назад

Improper input validation vulnerability in DualOutFocusViewer prior to SMR Nov-2022 Release 1 allows local attacker to perform an arbitrary code execution.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2gcv-3qpf-c5qr

5 месяцев назад

Chaos Controller Manager is vulnerable to OS command injection

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2gcr-c4hm-4645

больше 3 лет назад

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: HTML Area). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-2gcr-59f3-88f9

около 2 месяцев назад

LSC Smart Connect Indoor IP Camera 1.4.13 contains a RCE vulnerability in start_app.sh.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2gcq-vqxg-c7xv

больше 3 лет назад

gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2gcq-qrr4-wc8f

больше 3 лет назад

SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. Limited knowledge of payload is required for an attacker to exploit the vulnerability and perform tasks related to contact and interaction data which impacts Confidentiality and Integrity of data in the application.

EPSS: Низкий
github логотип

GHSA-2gcq-g27g-mx27

около 2 лет назад

Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers.This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-2gcq-cww3-j4hr

около 1 года назад

A type confusion in the nas_message_decode function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted NAS packet.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2gcp-xwxg-hqg3

больше 3 лет назад

Dolibarr Unrestricted Upload of File with Dangerous Type

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2gcm-q5j8-5j8g

больше 2 лет назад

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rescue Themes Rescue Shortcodes plugin <= 2.5 versions.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2gcm-q52r-gph2

больше 1 года назад

In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2gcm-4527-j663

почти 4 года назад

Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-2gch-6fpv-fjxp

около 3 лет назад

An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On QFX10k Series Inter-Chassis Control Protocol (ICCP) is used in MC-LAG topologies to exchange control information between the devices in the topology. ICCP connection flaps and sync issues will be observed due to excessive specific traffic to the local device. This issue affects Juniper Networks Junos OS: All versions prior to 20.2R3-S7; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2gch-58xm-v8m8

больше 3 лет назад

Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.

EPSS: Низкий
github логотип

GHSA-2gcf-97jm-737m

больше 3 лет назад

The Fly Photo Pro Android device with a build fingerprint of Fly/PhotoPro/Photo_Pro:8.1.0/O11019/1528117003:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.

EPSS: Низкий
github логотип

GHSA-2gcc-r844-pr65

почти 4 года назад

Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a DNS request with a self-referencing compressed name pointer, which triggers an infinite loop.

EPSS: Низкий
github логотип

GHSA-2gc9-pwg3-hg5r

больше 3 лет назад

The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel module in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions does not properly handle errors, which allows attackers to cause a denial of service via unknown vectors. NOTE: some of these details are obtained from third party information.

EPSS: Низкий
github логотип

GHSA-2gc9-pm58-wfqw

больше 3 лет назад

A vulnerability in the Device Manager web interface of Cisco Industrial Ethernet 1000 Series Switches 1.3 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the Device Manager web interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow the attacker to submit arbitrary requests to an affected device via the Device Manager web interface and with the privileges of the user. Cisco Bug IDs: CSCvc88811.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2gc9-2cfg-w7jm

около 2 лет назад

There is elevation of privilege.

CVSS3: 9.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2gcw-452g-jcfj

Wasm3 0.5.0 has an out-of-bounds write in Runtime_Release (called from EvaluateExpression and InitDataSegments).

0%
Низкий
около 4 лет назад
github логотип
GHSA-2gcv-8ccj-f7px

Improper input validation vulnerability in DualOutFocusViewer prior to SMR Nov-2022 Release 1 allows local attacker to perform an arbitrary code execution.

CVSS3: 7.8
0%
Низкий
около 3 лет назад
github логотип
GHSA-2gcv-3qpf-c5qr

Chaos Controller Manager is vulnerable to OS command injection

CVSS3: 9.8
1%
Низкий
5 месяцев назад
github логотип
GHSA-2gcr-c4hm-4645

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: HTML Area). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

CVSS3: 6.1
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2gcr-59f3-88f9

LSC Smart Connect Indoor IP Camera 1.4.13 contains a RCE vulnerability in start_app.sh.

CVSS3: 8.8
0%
Низкий
около 2 месяцев назад
github логотип
GHSA-2gcq-vqxg-c7xv

gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2gcq-qrr4-wc8f

SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. Limited knowledge of payload is required for an attacker to exploit the vulnerability and perform tasks related to contact and interaction data which impacts Confidentiality and Integrity of data in the application.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2gcq-g27g-mx27

Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers.This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0.

CVSS3: 5.3
0%
Низкий
около 2 лет назад
github логотип
GHSA-2gcq-cww3-j4hr

A type confusion in the nas_message_decode function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted NAS packet.

CVSS3: 9.8
0%
Низкий
около 1 года назад
github логотип
GHSA-2gcp-xwxg-hqg3

Dolibarr Unrestricted Upload of File with Dangerous Type

CVSS3: 8.8
10%
Низкий
больше 3 лет назад
github логотип
GHSA-2gcm-q5j8-5j8g

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rescue Themes Rescue Shortcodes plugin <= 2.5 versions.

CVSS3: 6.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2gcm-q52r-gph2

In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS3: 5.5
0%
Низкий
больше 1 года назад
github логотип
GHSA-2gcm-4527-j663

Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

1%
Низкий
почти 4 года назад
github логотип
GHSA-2gch-6fpv-fjxp

An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On QFX10k Series Inter-Chassis Control Protocol (ICCP) is used in MC-LAG topologies to exchange control information between the devices in the topology. ICCP connection flaps and sync issues will be observed due to excessive specific traffic to the local device. This issue affects Juniper Networks Junos OS: All versions prior to 20.2R3-S7; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2.

CVSS3: 7.5
0%
Низкий
около 3 лет назад
github логотип
GHSA-2gch-58xm-v8m8

Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2gcf-97jm-737m

The Fly Photo Pro Android device with a build fingerprint of Fly/PhotoPro/Photo_Pro:8.1.0/O11019/1528117003:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2gcc-r844-pr65

Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a DNS request with a self-referencing compressed name pointer, which triggers an infinite loop.

1%
Низкий
почти 4 года назад
github логотип
GHSA-2gc9-pwg3-hg5r

The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel module in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions does not properly handle errors, which allows attackers to cause a denial of service via unknown vectors. NOTE: some of these details are obtained from third party information.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-2gc9-pm58-wfqw

A vulnerability in the Device Manager web interface of Cisco Industrial Ethernet 1000 Series Switches 1.3 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the Device Manager web interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow the attacker to submit arbitrary requests to an affected device via the Device Manager web interface and with the privileges of the user. Cisco Bug IDs: CSCvc88811.

CVSS3: 8.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2gc9-2cfg-w7jm

There is elevation of privilege.

CVSS3: 9.8
0%
Низкий
около 2 лет назад

Уязвимостей на страницу