Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-2h3h-vw8r-82rp

почти 5 лет назад

Weak JSON Web Token in yapi-vendor

CVSS3: 5.1
EPSS: Низкий
github логотип

GHSA-2h3h-vpf4-f727

около 1 месяца назад

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roxnor PopupKit popup-builder-block allows Retrieve Embedded Sensitive Data.This issue affects PopupKit: from n/a through <= 2.1.5.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2h3h-q99f-3fhc

больше 4 лет назад

@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following

CVSS3: 8.2
EPSS: Низкий
github логотип

GHSA-2h3h-p2mp-rw5q

5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: cifs: prevent use-after-free by freeing the cfile later In smb2_compound_op we have a possible use-after-free which can cause hard to debug problems later on. This was revealed during stress testing with KASAN enabled kernel. Fixing it by moving the cfile free call to a few lines below, after the usage.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2h3h-37pp-x96w

почти 4 года назад

Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future.

EPSS: Низкий
github логотип

GHSA-2h3g-g3x2-rqwp

больше 3 лет назад

The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. When another user visits that page, the stored malicious script will execute in their session, hence allowing the attacker to compromise their confidentiality and integrity.

EPSS: Низкий
github логотип

GHSA-2h3f-cc2p-j8f8

больше 3 лет назад

In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.

EPSS: Низкий
github логотип

GHSA-2h3f-8vwc-4xv2

больше 3 лет назад

TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-2h3c-wrp2-qcxw

больше 3 лет назад

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVSS3: 5.9
EPSS: Низкий
github логотип

GHSA-2h3c-w4jr-c2mr

почти 4 года назад

Multiple SQL injection vulnerabilities in CodeWidgets.com Online Event Registration Template allow remote attackers to execute arbitrary SQL commands via the (1) Email Address and (2) Password fields in (a) login.asp and (b) admin_login.asp.

EPSS: Низкий
github логотип

GHSA-2h3c-qrcw-962q

8 месяцев назад

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, and Firefox ESR < 128.12.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2h3c-mgr2-2j6h

почти 4 года назад

Untrusted search path vulnerability in Microsoft Internet Explorer 8 might allow local users to gain privileges via a Trojan horse IEShims.dll in the current working directory, as demonstrated by a Desktop directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."

EPSS: Средний
github логотип

GHSA-2h3c-j9ff-jxhq

больше 2 лет назад

An issue was discovered in OBS-Studio 29.1.1, plaintext storage of passwords.

EPSS: Низкий
github логотип

GHSA-2h3c-gfwm-w3f3

больше 3 лет назад

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 5.3 (Confidentiality impacts).

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-2h3c-fqw7-c4jj

2 месяца назад

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: fix decoder disable pm crash Can't call pm_runtime_disable when the architecture support sub device for 'dev->pm.dev' is NUll, or will get below crash log. [ 10.771551] pc : _raw_spin_lock_irq+0x4c/0xa0 [ 10.771556] lr : __pm_runtime_disable+0x30/0x130 [ 10.771558] sp : ffffffc01e4cb800 [ 10.771559] x29: ffffffc01e4cb800 x28: ffffffdf082108a8 [ 10.771563] x27: ffffffc01e4cbd70 x26: ffffff8605df55f0 [ 10.771567] x25: 0000000000000002 x24: 0000000000000002 [ 10.771570] x23: ffffff85c0dc9c00 x22: 0000000000000001 [ 10.771573] x21: 0000000000000001 x20: 0000000000000000 [ 10.771577] x19: 00000000000000f4 x18: ffffffdf2e9fbe18 [ 10.771580] x17: 0000000000000000 x16: ffffffdf2df13c74 [ 10.771583] x15: 00000000000002ea x14: 0000000000000058 [ 10.771587] x13: ffffffdf2de1b62c x12: ffffffdf2e9e30e4 [ 10.771590] x11: 0000000000000000 x10: 0000000000000001 [ 10.771593] x9...

EPSS: Низкий
github логотип

GHSA-2h3c-5vqm-gqfh

больше 3 лет назад

Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-2h3c-3h32-6j65

9 месяцев назад

Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.php via the parameter pagedes.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-2h39-hw8g-2q24

больше 3 лет назад

An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request "resolve conflicts" page.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-2h39-9475-px89

больше 3 лет назад

An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2h39-8g97-pccq

больше 3 лет назад

Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2h3h-vw8r-82rp

Weak JSON Web Token in yapi-vendor

CVSS3: 5.1
0%
Низкий
почти 5 лет назад
github логотип
GHSA-2h3h-vpf4-f727

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roxnor PopupKit popup-builder-block allows Retrieve Embedded Sensitive Data.This issue affects PopupKit: from n/a through <= 2.1.5.

CVSS3: 4.3
0%
Низкий
около 1 месяца назад
github логотип
GHSA-2h3h-q99f-3fhc

@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following

CVSS3: 8.2
1%
Низкий
больше 4 лет назад
github логотип
GHSA-2h3h-p2mp-rw5q

In the Linux kernel, the following vulnerability has been resolved: cifs: prevent use-after-free by freeing the cfile later In smb2_compound_op we have a possible use-after-free which can cause hard to debug problems later on. This was revealed during stress testing with KASAN enabled kernel. Fixing it by moving the cfile free call to a few lines below, after the usage.

CVSS3: 7.8
0%
Низкий
5 месяцев назад
github логотип
GHSA-2h3h-37pp-x96w

Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future.

1%
Низкий
почти 4 года назад
github логотип
GHSA-2h3g-g3x2-rqwp

The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. When another user visits that page, the stored malicious script will execute in their session, hence allowing the attacker to compromise their confidentiality and integrity.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2h3f-cc2p-j8f8

In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.

2%
Низкий
больше 3 лет назад
github логотип
GHSA-2h3f-8vwc-4xv2

TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2h3c-wrp2-qcxw

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVSS3: 5.9
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2h3c-w4jr-c2mr

Multiple SQL injection vulnerabilities in CodeWidgets.com Online Event Registration Template allow remote attackers to execute arbitrary SQL commands via the (1) Email Address and (2) Password fields in (a) login.asp and (b) admin_login.asp.

1%
Низкий
почти 4 года назад
github логотип
GHSA-2h3c-qrcw-962q

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, and Firefox ESR < 128.12.

CVSS3: 4.3
0%
Низкий
8 месяцев назад
github логотип
GHSA-2h3c-mgr2-2j6h

Untrusted search path vulnerability in Microsoft Internet Explorer 8 might allow local users to gain privileges via a Trojan horse IEShims.dll in the current working directory, as demonstrated by a Desktop directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."

31%
Средний
почти 4 года назад
github логотип
GHSA-2h3c-j9ff-jxhq

An issue was discovered in OBS-Studio 29.1.1, plaintext storage of passwords.

больше 2 лет назад
github логотип
GHSA-2h3c-gfwm-w3f3

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 5.3 (Confidentiality impacts).

CVSS3: 5.3
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2h3c-fqw7-c4jj

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: fix decoder disable pm crash Can't call pm_runtime_disable when the architecture support sub device for 'dev->pm.dev' is NUll, or will get below crash log. [ 10.771551] pc : _raw_spin_lock_irq+0x4c/0xa0 [ 10.771556] lr : __pm_runtime_disable+0x30/0x130 [ 10.771558] sp : ffffffc01e4cb800 [ 10.771559] x29: ffffffc01e4cb800 x28: ffffffdf082108a8 [ 10.771563] x27: ffffffc01e4cbd70 x26: ffffff8605df55f0 [ 10.771567] x25: 0000000000000002 x24: 0000000000000002 [ 10.771570] x23: ffffff85c0dc9c00 x22: 0000000000000001 [ 10.771573] x21: 0000000000000001 x20: 0000000000000000 [ 10.771577] x19: 00000000000000f4 x18: ffffffdf2e9fbe18 [ 10.771580] x17: 0000000000000000 x16: ffffffdf2df13c74 [ 10.771583] x15: 00000000000002ea x14: 0000000000000058 [ 10.771587] x13: ffffffdf2de1b62c x12: ffffffdf2e9e30e4 [ 10.771590] x11: 0000000000000000 x10: 0000000000000001 [ 10.771593] x9...

0%
Низкий
2 месяца назад
github логотип
GHSA-2h3c-5vqm-gqfh

Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.

CVSS3: 6.1
2%
Низкий
больше 3 лет назад
github логотип
GHSA-2h3c-3h32-6j65

Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.php via the parameter pagedes.

CVSS3: 6.1
0%
Низкий
9 месяцев назад
github логотип
GHSA-2h39-hw8g-2q24

An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request "resolve conflicts" page.

CVSS3: 5.4
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2h39-9475-px89

An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability.

CVSS3: 8.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2h39-8g97-pccq

Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section.

0%
Низкий
больше 3 лет назад

Уязвимостей на страницу