Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-2g99-pch7-3284

около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again Commit 028ddcac477b ("bcache: Remove unnecessary NULL point check in node allocations") leads a NULL pointer deference in cache_set_flush(). 1721 if (!IS_ERR_OR_NULL(c->root)) 1722 list_add(&c->root->list, &c->btree_cache); >From the above code in cache_set_flush(), if previous registration code fails before allocating c->root, it is possible c->root is NULL as what it is initialized. __bch_btree_node_alloc() never returns NULL but c->root is possible to be NULL at above line 1721. This patch replaces IS_ERR() by IS_ERR_OR_NULL() to fix this.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2g99-g8qj-f679

больше 2 лет назад

A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2g99-c67p-56hm

больше 3 лет назад

XML Signature/Encryption Not Validated in Apache CXF

EPSS: Низкий
github логотип

GHSA-2g99-86hw-gx4m

около 2 лет назад

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2g98-g66w-rvrw

больше 3 лет назад

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2g98-f9jv-w8c5

больше 1 года назад

robrichards/xmlseclibs XPath injection

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2g98-7fch-w3c5

больше 3 лет назад

HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified vectors.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2g98-3278-2w66

почти 4 года назад

ELOG before 2.5.7 allows remote attackers to bypass authentication and download a configuration file that contains a sensitive write password via a modified URL.

EPSS: Низкий
github логотип

GHSA-2g97-qvhf-wqw3

больше 3 лет назад

VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed.

EPSS: Низкий
github логотип

GHSA-2g97-q8g6-fm75

около 1 месяца назад

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.

EPSS: Низкий
github логотип

GHSA-2g95-q4q6-2mjq

8 месяцев назад

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to insufficient authorization enforcement mechanisms for users created by SAML SSO integration with an external identity provider. An attacker could exploit this vulnerability by submitting a series of specific commands to an affected device. A successful exploit could allow the attacker to modify a limited number of system settings, including some that would result in a system restart. In single-node Cisco ISE deployments, devices that are not authenticated to the network will not be able to authenticate until the Cisco ISE system comes back online. 

CVSS3: 6.4
EPSS: Низкий
github логотип

GHSA-2g95-fmgh-m88h

больше 3 лет назад

Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).

CVSS3: 8.2
EPSS: Низкий
github логотип

GHSA-2g94-h6v4-9h46

почти 4 года назад

Buffer overflow in su in Tru64 Unix 5.x allows local users to gain root privileges via a long username and argument.

EPSS: Низкий
github логотип

GHSA-2g94-f2r5-7pmr

около 1 года назад

The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the removeorder AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete Buy one click WooCommerce orders.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2g94-9xch-xc29

больше 2 лет назад

** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2g94-3f9v-vjg8

больше 1 года назад

Missing Authorization vulnerability in solwin User Activity Log Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Activity Log Pro: from n/a through 2.3.4.

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-2g93-xqpg-j265

больше 3 лет назад

The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to gain privileges via a crafted application, aka "Windows Mount Point Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0007.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-2g92-xwm3-3x93

больше 1 года назад

Missing Authorization vulnerability in AddonMaster Load More Anything.This issue affects Load More Anything: from n/a through 3.3.3.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-2g92-xfq2-c7ph

больше 3 лет назад

Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2g92-fxg4-7jq9

больше 3 лет назад

Improper Authorization in GitHub repository chatwoot/chatwoot prior to 2.8.

CVSS3: 7.1
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2g99-pch7-3284

In the Linux kernel, the following vulnerability has been resolved: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again Commit 028ddcac477b ("bcache: Remove unnecessary NULL point check in node allocations") leads a NULL pointer deference in cache_set_flush(). 1721 if (!IS_ERR_OR_NULL(c->root)) 1722 list_add(&c->root->list, &c->btree_cache); >From the above code in cache_set_flush(), if previous registration code fails before allocating c->root, it is possible c->root is NULL as what it is initialized. __bch_btree_node_alloc() never returns NULL but c->root is possible to be NULL at above line 1721. This patch replaces IS_ERR() by IS_ERR_OR_NULL() to fix this.

CVSS3: 5.5
0%
Низкий
около 1 года назад
github логотип
GHSA-2g99-g8qj-f679

A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.

CVSS3: 6.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2g99-c67p-56hm

XML Signature/Encryption Not Validated in Apache CXF

4%
Низкий
больше 3 лет назад
github логотип
GHSA-2g99-86hw-gx4m

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.

CVSS3: 9.8
0%
Низкий
около 2 лет назад
github логотип
GHSA-2g98-g66w-rvrw

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2g98-f9jv-w8c5

robrichards/xmlseclibs XPath injection

CVSS3: 7.5
больше 1 года назад
github логотип
GHSA-2g98-7fch-w3c5

HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified vectors.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2g98-3278-2w66

ELOG before 2.5.7 allows remote attackers to bypass authentication and download a configuration file that contains a sensitive write password via a modified URL.

1%
Низкий
почти 4 года назад
github логотип
GHSA-2g97-qvhf-wqw3

VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2g97-q8g6-fm75

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.

около 1 месяца назад
github логотип
GHSA-2g95-q4q6-2mjq

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to insufficient authorization enforcement mechanisms for users created by SAML SSO integration with an external identity provider. An attacker could exploit this vulnerability by submitting a series of specific commands to an affected device. A successful exploit could allow the attacker to modify a limited number of system settings, including some that would result in a system restart. In single-node Cisco ISE deployments, devices that are not authenticated to the network will not be able to authenticate until the Cisco ISE system comes back online. 

CVSS3: 6.4
0%
Низкий
8 месяцев назад
github логотип
GHSA-2g95-fmgh-m88h

Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).

CVSS3: 8.2
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2g94-h6v4-9h46

Buffer overflow in su in Tru64 Unix 5.x allows local users to gain root privileges via a long username and argument.

1%
Низкий
почти 4 года назад
github логотип
GHSA-2g94-f2r5-7pmr

The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the removeorder AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete Buy one click WooCommerce orders.

CVSS3: 4.3
0%
Низкий
около 1 года назад
github логотип
GHSA-2g94-9xch-xc29

** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS3: 9.8
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2g94-3f9v-vjg8

Missing Authorization vulnerability in solwin User Activity Log Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Activity Log Pro: from n/a through 2.3.4.

CVSS3: 6.3
0%
Низкий
больше 1 года назад
github логотип
GHSA-2g93-xqpg-j265

The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to gain privileges via a crafted application, aka "Windows Mount Point Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0007.

CVSS3: 7.3
5%
Низкий
больше 3 лет назад
github логотип
GHSA-2g92-xwm3-3x93

Missing Authorization vulnerability in AddonMaster Load More Anything.This issue affects Load More Anything: from n/a through 3.3.3.

CVSS3: 5.4
0%
Низкий
больше 1 года назад
github логотип
GHSA-2g92-xfq2-c7ph

Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS3: 8.8
4%
Низкий
больше 3 лет назад
github логотип
GHSA-2g92-fxg4-7jq9

Improper Authorization in GitHub repository chatwoot/chatwoot prior to 2.8.

CVSS3: 7.1
0%
Низкий
больше 3 лет назад

Уязвимостей на страницу