Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-2gw5-9px7-vp56

больше 2 лет назад

In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox < 118.

CVSS3: 7.4
EPSS: Низкий
github логотип

GHSA-2gw3-mxrj-jwhh

больше 3 лет назад

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in keystone.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2gw2-qgjg-xh6p

12 месяцев назад

Namada-apps allows Post-Genesis Validator Bypass

EPSS: Низкий
github логотип

GHSA-2gw2-8q9w-cw8p

больше 7 лет назад

Ruby-ffi has a DLL loading issue

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2gvx-rx63-w97c

больше 3 лет назад

Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802.

EPSS: Низкий
github логотип

GHSA-2gvx-cpxc-42hj

больше 3 лет назад

Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstrated by .php.txt or .php%20.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2gvx-5frj-6px5

почти 2 года назад

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/addressNat.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2gvw-w6fj-7m3c

почти 2 года назад

Argo CD's API server does not enforce project sourceNamespaces

CVSS3: 4.8
EPSS: Низкий
github логотип

GHSA-2gvw-r9m5-r3m7

больше 1 года назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

EPSS: Низкий
github логотип

GHSA-2gvw-95cm-ffm9

больше 3 лет назад

provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.

EPSS: Низкий
github логотип

GHSA-2gvv-xcmg-4m9m

больше 3 лет назад

OX App Suite through 7.10.2 has Incorrect Access Control.

EPSS: Низкий
github логотип

GHSA-2gvv-fwhv-83hw

больше 3 лет назад

An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-2gvv-8pww-2c2x

больше 3 лет назад

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-2gvv-5vxj-jrw7

больше 3 лет назад

A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

EPSS: Низкий
github логотип

GHSA-2gvr-pmm6-8pmw

больше 3 лет назад

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4051.

EPSS: Средний
github логотип

GHSA-2gvr-mfrj-8q6g

больше 3 лет назад

A vulnerability exists in the Aruba ClearPass C1000 S-1200 R4 HW-Based Appliance Analytics and Location Engine (ALE) web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily modify files as an underlying privileged operating system user.

EPSS: Низкий
github логотип

GHSA-2gvr-f7wx-9x96

больше 3 лет назад

Buffer overflow in Kingsoft Writer 2007 and 2010 before 2724 allows remote attackers to execute arbitrary code via a crafted RTF document.

EPSS: Средний
github логотип

GHSA-2gvr-cr49-92f3

почти 4 года назад

Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in (1) FTP server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information.

EPSS: Низкий
github логотип

GHSA-2gvq-m8qv-55jf

почти 4 года назад

The WebSiteTool shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

EPSS: Низкий
github логотип

GHSA-2gvq-92c2-xj2h

больше 3 лет назад

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS3: 4.9
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2gw5-9px7-vp56

In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox < 118.

CVSS3: 7.4
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2gw3-mxrj-jwhh

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in keystone.

CVSS3: 9.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2gw2-qgjg-xh6p

Namada-apps allows Post-Genesis Validator Bypass

12 месяцев назад
github логотип
GHSA-2gw2-8q9w-cw8p

Ruby-ffi has a DLL loading issue

CVSS3: 7.8
0%
Низкий
больше 7 лет назад
github логотип
GHSA-2gvx-rx63-w97c

Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2gvx-cpxc-42hj

Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstrated by .php.txt or .php%20.

CVSS3: 8.8
2%
Низкий
больше 3 лет назад
github логотип
GHSA-2gvx-5frj-6px5

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/addressNat.

CVSS3: 9.8
0%
Низкий
почти 2 года назад
github логотип
GHSA-2gvw-w6fj-7m3c

Argo CD's API server does not enforce project sourceNamespaces

CVSS3: 4.8
0%
Низкий
почти 2 года назад
github логотип
GHSA-2gvw-r9m5-r3m7

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

больше 1 года назад
github логотип
GHSA-2gvw-95cm-ffm9

provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2gvv-xcmg-4m9m

OX App Suite through 7.10.2 has Incorrect Access Control.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2gvv-fwhv-83hw

An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product.

CVSS3: 5.4
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2gvv-8pww-2c2x

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.

2%
Низкий
больше 3 лет назад
github логотип
GHSA-2gvv-5vxj-jrw7

A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-2gvr-pmm6-8pmw

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4051.

19%
Средний
больше 3 лет назад
github логотип
GHSA-2gvr-mfrj-8q6g

A vulnerability exists in the Aruba ClearPass C1000 S-1200 R4 HW-Based Appliance Analytics and Location Engine (ALE) web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily modify files as an underlying privileged operating system user.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2gvr-f7wx-9x96

Buffer overflow in Kingsoft Writer 2007 and 2010 before 2724 allows remote attackers to execute arbitrary code via a crafted RTF document.

11%
Средний
больше 3 лет назад
github логотип
GHSA-2gvr-cr49-92f3

Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in (1) FTP server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information.

2%
Низкий
почти 4 года назад
github логотип
GHSA-2gvq-m8qv-55jf

The WebSiteTool shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

1%
Низкий
почти 4 года назад
github логотип
GHSA-2gvq-92c2-xj2h

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS3: 4.9
0%
Низкий
больше 3 лет назад

Уязвимостей на страницу