Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-2gg9-xrg4-cvq2

больше 3 лет назад

IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.6 could allow an authenticated user to cause a denial of service during deployment or upgrade if GUI specific services are enabled. IBM X-Force ID: 179162.

EPSS: Низкий
github логотип

GHSA-2gg9-87cr-qr23

почти 3 года назад

Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-2gg9-3h86-cjx3

почти 4 года назад

PHP remote file inclusion vulnerability in includes/abbc/abbc.class.php in the LoudMouth Component for Mambo 4.0j, and possibly other versions including 4.1, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

EPSS: Низкий
github логотип

GHSA-2gg8-w5vr-ghvj

больше 1 года назад

Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Team SpeedyCache.This issue affects SpeedyCache: from n/a through 1.1.8.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-2gg8-85m5-8r2p

5 месяцев назад

Chaos Mesh's Chaos Controller Manager is Missing Authentication for Critical Function

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2gg7-xjh5-r762

больше 3 лет назад

Apple Safari cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.

EPSS: Низкий
github логотип

GHSA-2gg7-fmrc-x55w

почти 3 года назад

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/traveller_details.php. The manipulation of the argument address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222983.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-2gg6-7q9p-2qrr

почти 2 года назад

In the Linux kernel, the following vulnerability has been resolved: clk: hisilicon: hi3559a: Fix an erroneous devm_kfree() 'p_clk' is an array allocated just before the for loop for all clk that need to be registered. It is incremented at each loop iteration. If a clk_register() call fails, 'p_clk' may point to something different from what should be freed. The best we can do, is to avoid this wrong release of memory.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2gg6-558h-xjf8

больше 3 лет назад

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical access to an iOS device may be able to access photos from the lock screen.

CVSS3: 2.4
EPSS: Низкий
github логотип

GHSA-2gg5-p9w4-vr2g

почти 4 года назад

Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1.

EPSS: Низкий
github логотип

GHSA-2gg5-7c4v-6xx2

больше 3 лет назад

Duplicate of GHSA-m77f-652q-wwp4

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2gg5-68f2-4qvg

больше 2 лет назад

An issue in the sqlc_make_policy_trig component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2gg5-4wg8-wvxp

8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage: ============================================ WARNING: possible recursive locking detected 5.18.0 #3 Not tainted -------------------------------------------- kworker/1:3/1205 is trying to acquire lock: ffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, at: usb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230 but task is already holding lock: ffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, at: usb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230 ... stack backtrace: CPU: 1 PID: 1205 Comm: kworker/1:3 Not tainted 5.18.0 #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Workqueue: usb_hub_wq hub_event Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_deadlock_bug kerne...

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2gg4-v645-j922

почти 2 года назад

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62.

CVSS3: 6
EPSS: Низкий
github логотип

GHSA-2gg4-ghg8-24r5

больше 3 лет назад

IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-2gg3-vm5q-jcq2

12 месяцев назад

There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specific action using ArcGIS ArcGIS Pro , the file could execute and run malicious commands under the context of the victim.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-2gg3-j2hg-72f4

около 2 месяцев назад

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulating directory path traversal in download requests.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2gg3-23vh-j2pg

почти 4 года назад

An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS).

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2gg2-rxgg-jj9h

около 1 года назад

The Role Includer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘user_id’ parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-2gg2-qwgv-qfvc

больше 3 лет назад

Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7038.

EPSS: Средний

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2gg9-xrg4-cvq2

IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.6 could allow an authenticated user to cause a denial of service during deployment or upgrade if GUI specific services are enabled. IBM X-Force ID: 179162.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2gg9-87cr-qr23

Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.

CVSS3: 5.4
1%
Низкий
почти 3 года назад
github логотип
GHSA-2gg9-3h86-cjx3

PHP remote file inclusion vulnerability in includes/abbc/abbc.class.php in the LoudMouth Component for Mambo 4.0j, and possibly other versions including 4.1, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6%
Низкий
почти 4 года назад
github логотип
GHSA-2gg8-w5vr-ghvj

Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Team SpeedyCache.This issue affects SpeedyCache: from n/a through 1.1.8.

CVSS3: 5.4
0%
Низкий
больше 1 года назад
github логотип
GHSA-2gg8-85m5-8r2p

Chaos Mesh's Chaos Controller Manager is Missing Authentication for Critical Function

CVSS3: 7.5
0%
Низкий
5 месяцев назад
github логотип
GHSA-2gg7-xjh5-r762

Apple Safari cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2gg7-fmrc-x55w

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/traveller_details.php. The manipulation of the argument address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222983.

CVSS3: 6.1
0%
Низкий
почти 3 года назад
github логотип
GHSA-2gg6-7q9p-2qrr

In the Linux kernel, the following vulnerability has been resolved: clk: hisilicon: hi3559a: Fix an erroneous devm_kfree() 'p_clk' is an array allocated just before the for loop for all clk that need to be registered. It is incremented at each loop iteration. If a clk_register() call fails, 'p_clk' may point to something different from what should be freed. The best we can do, is to avoid this wrong release of memory.

CVSS3: 5.5
0%
Низкий
почти 2 года назад
github логотип
GHSA-2gg6-558h-xjf8

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical access to an iOS device may be able to access photos from the lock screen.

CVSS3: 2.4
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2gg5-p9w4-vr2g

Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1.

2%
Низкий
почти 4 года назад
github логотип
GHSA-2gg5-7c4v-6xx2

Duplicate of GHSA-m77f-652q-wwp4

CVSS3: 7.5
больше 3 лет назад
github логотип
GHSA-2gg5-68f2-4qvg

An issue in the sqlc_make_policy_trig component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVSS3: 7.5
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2gg5-4wg8-wvxp

In the Linux kernel, the following vulnerability has been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage: ============================================ WARNING: possible recursive locking detected 5.18.0 #3 Not tainted -------------------------------------------- kworker/1:3/1205 is trying to acquire lock: ffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, at: usb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230 but task is already holding lock: ffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, at: usb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230 ... stack backtrace: CPU: 1 PID: 1205 Comm: kworker/1:3 Not tainted 5.18.0 #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Workqueue: usb_hub_wq hub_event Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_deadlock_bug kerne...

CVSS3: 5.5
0%
Низкий
8 месяцев назад
github логотип
GHSA-2gg4-v645-j922

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62.

CVSS3: 6
0%
Низкий
почти 2 года назад
github логотип
GHSA-2gg4-ghg8-24r5

IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVSS3: 5.4
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2gg3-vm5q-jcq2

There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specific action using ArcGIS ArcGIS Pro , the file could execute and run malicious commands under the context of the victim.

CVSS3: 7.3
0%
Низкий
12 месяцев назад
github логотип
GHSA-2gg3-j2hg-72f4

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulating directory path traversal in download requests.

CVSS3: 6.5
1%
Низкий
около 2 месяцев назад
github логотип
GHSA-2gg3-23vh-j2pg

An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS).

CVSS3: 7.5
1%
Низкий
почти 4 года назад
github логотип
GHSA-2gg2-rxgg-jj9h

The Role Includer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘user_id’ parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS3: 6.1
около 1 года назад
github логотип
GHSA-2gg2-qwgv-qfvc

Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7038.

27%
Средний
больше 3 лет назад

Уязвимостей на страницу