Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-2cgw-c87g-ww8q

больше 3 лет назад

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.

CVSS3: 7.4
EPSS: Низкий
github логотип

GHSA-2cgv-xp72-gv7r

больше 2 лет назад

A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2cgv-wgf2-f376

около 4 лет назад

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. ModifyUser param is not object. An attacker can send an HTTP request to trigger this vulnerability.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2cgv-9p9x-26g8

больше 3 лет назад

Possible out of bound access due to lack of validation of page offset before page is inserted in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

EPSS: Низкий
github логотип

GHSA-2cgv-7m8h-63j7

почти 4 года назад

Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.

EPSS: Средний
github логотип

GHSA-2cgv-28vr-rv6j

2 месяца назад

libcrux incorrectly calculates on aarch64

EPSS: Низкий
github логотип

GHSA-2cgr-rv3r-g9vw

около 1 года назад

Missing Authorization vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3.

CVSS3: 5.3
EPSS: Низкий
github логотип

GHSA-2cgq-rm2f-x3x7

больше 3 лет назад

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a baseband heap overflow. The Samsung ID is SVE-2018-13187 (February 2019).

EPSS: Низкий
github логотип

GHSA-2cgq-hh5m-vc66

больше 3 лет назад

An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerability could run this task as SYSTEM.To exploit the vulnerability, an authenticated attacker would need to place a specially crafted file in a specific location, thereby allowing arbitrary file corruption.The security update addresses the vulnerability by correcting how the process validates the log file., aka 'Microsoft Office Tampering Vulnerability'.

EPSS: Низкий
github логотип

GHSA-2cgq-h8xw-2v5j

почти 2 года назад

CRI-O vulnerable to an arbitrary systemd property injection

CVSS3: 7.2
EPSS: Низкий
github логотип

GHSA-2cgq-g7f7-mc82

больше 3 лет назад

The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 26494907.

CVSS3: 7
EPSS: Низкий
github логотип

GHSA-2cgq-5ww9-3c6v

больше 2 лет назад

XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2cgp-x82p-v5h2

10 месяцев назад

Cross-Site Request Forgery (CSRF) vulnerability in ninotheme Nino Social Connect allows Stored XSS. This issue affects Nino Social Connect: from n/a through 2.0.

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-2cgp-p7jr-3hv7

почти 3 года назад

An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to break out of its sandbox

CVSS3: 8.6
EPSS: Низкий
github логотип

GHSA-2cgp-j8vp-ww2f

больше 1 года назад

In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS3: 6.2
EPSS: Низкий
github логотип

GHSA-2cgp-h7jq-hhwj

больше 3 лет назад

A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2cgp-5g8f-36f9

почти 4 года назад

The RealServer RealSubscriber on Cisco devices running Application and Content Networking System (ACNS) 5.1 allow remote attackers to cause a denial of service (CPU consumption) via malformed packets.

EPSS: Низкий
github логотип

GHSA-2cgm-vmgv-mqwg

5 месяцев назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SAPO SAPO Feed allows Stored XSS. This issue affects SAPO Feed: from n/a through 2.4.2.

CVSS3: 5.9
EPSS: Низкий
github логотип

GHSA-2cgm-r77w-c7r9

больше 3 лет назад

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted file.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2cgm-qw4f-q8cr

почти 4 года назад

TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php.

CVSS3: 9.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2cgw-c87g-ww8q

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.

CVSS3: 7.4
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2cgv-xp72-gv7r

A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0.

CVSS3: 7.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2cgv-wgf2-f376

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. ModifyUser param is not object. An attacker can send an HTTP request to trigger this vulnerability.

CVSS3: 6.5
0%
Низкий
около 4 лет назад
github логотип
GHSA-2cgv-9p9x-26g8

Possible out of bound access due to lack of validation of page offset before page is inserted in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2cgv-7m8h-63j7

Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.

54%
Средний
почти 4 года назад
github логотип
GHSA-2cgv-28vr-rv6j

libcrux incorrectly calculates on aarch64

2 месяца назад
github логотип
GHSA-2cgr-rv3r-g9vw

Missing Authorization vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3.

CVSS3: 5.3
0%
Низкий
около 1 года назад
github логотип
GHSA-2cgq-rm2f-x3x7

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a baseband heap overflow. The Samsung ID is SVE-2018-13187 (February 2019).

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2cgq-hh5m-vc66

An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerability could run this task as SYSTEM.To exploit the vulnerability, an authenticated attacker would need to place a specially crafted file in a specific location, thereby allowing arbitrary file corruption.The security update addresses the vulnerability by correcting how the process validates the log file., aka 'Microsoft Office Tampering Vulnerability'.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2cgq-h8xw-2v5j

CRI-O vulnerable to an arbitrary systemd property injection

CVSS3: 7.2
0%
Низкий
почти 2 года назад
github логотип
GHSA-2cgq-g7f7-mc82

The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 26494907.

CVSS3: 7
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2cgq-5ww9-3c6v

XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.

CVSS3: 7.8
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2cgp-x82p-v5h2

Cross-Site Request Forgery (CSRF) vulnerability in ninotheme Nino Social Connect allows Stored XSS. This issue affects Nino Social Connect: from n/a through 2.0.

CVSS3: 7.1
0%
Низкий
10 месяцев назад
github логотип
GHSA-2cgp-p7jr-3hv7

An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to break out of its sandbox

CVSS3: 8.6
0%
Низкий
почти 3 года назад
github логотип
GHSA-2cgp-j8vp-ww2f

In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS3: 6.2
0%
Низкий
больше 1 года назад
github логотип
GHSA-2cgp-h7jq-hhwj

A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2cgp-5g8f-36f9

The RealServer RealSubscriber on Cisco devices running Application and Content Networking System (ACNS) 5.1 allow remote attackers to cause a denial of service (CPU consumption) via malformed packets.

3%
Низкий
почти 4 года назад
github логотип
GHSA-2cgm-vmgv-mqwg

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SAPO SAPO Feed allows Stored XSS. This issue affects SAPO Feed: from n/a through 2.4.2.

CVSS3: 5.9
0%
Низкий
5 месяцев назад
github логотип
GHSA-2cgm-r77w-c7r9

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted file.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2cgm-qw4f-q8cr

TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php.

CVSS3: 9.8
0%
Низкий
почти 4 года назад

Уязвимостей на страницу