Количество 314 375
Количество 314 375
GHSA-xwcj-h7v7-f6r9
An information disclosure vulnerability exists when "Kernel Remote Procedure Call Provider" driver improperly initializes objects in memory, aka "MSRPC Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
GHSA-xwcj-grfm-xm6q
VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
GHSA-xwcj-5r58-c5mv
Cross-site scripting (XSS) vulnerability in _error in Ability Mail Server 1.18 allows remote attackers to inject arbitrary web script or HTML via the erromsg parameter.
GHSA-xwch-xg3p-x5q5
Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php.
GHSA-xwch-qpr5-vp62
ServerIron switches by Foundry Networks have predictable TCP/IP sequence numbers, which allows remote attackers to spoof or hijack sessions.
GHSA-xwch-gx2x-qj27
Remote Desktop Client Remote Code Execution Vulnerability.
GHSA-xwch-5xjc-3j47
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges.
GHSA-xwcg-xmmg-hh8r
In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab
GHSA-xwcg-44xm-88h2
The BIOS onboard MiR's Computer is not protected by password, therefore, it allows a Bad Operator to modify settings such as boot order. This can be leveraged by a Malicious operator to boot from a Live Image.
GHSA-xwcg-2ff3-38xv
Rejected reason: Not used
GHSA-xwcf-mprh-wpvw
The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.
GHSA-xwcc-7hmc-296q
The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488.
GHSA-xwcc-427v-vm78
Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UN552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V964Q R2.000 and prior to it, C961Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it) allows an attacker to obtain root privileges and execute remote code by sending unintended parameters that contain specific characters in http request.
GHSA-xwc9-h47c-3q6w
A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service.
GHSA-xwc9-8235-mfg3
The Echo News (aka com.solo.report) 1.10 application (beta) for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
GHSA-xwc8-wmf6-jq93
Unspecified vulnerability in Ampache 3.3.2 and earlier, when register_globals is enabled, allows remote attackers to bypass security restrictions and gain guest access.
GHSA-xwc8-rf6m-xr86
hnswlib Double Free vulnerability
GHSA-xwc8-5q53-jg4p
An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5.
GHSA-xwc7-wmrh-7694
IBM Integrated Analytics System 1.0.0.0 through 1.0.30.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened.
GHSA-xwc7-pv4h-828f
The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attack
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-xwcj-h7v7-f6r9 An information disclosure vulnerability exists when "Kernel Remote Procedure Call Provider" driver improperly initializes objects in memory, aka "MSRPC Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | CVSS3: 5.5 | 1% Низкий | больше 3 лет назад | |
GHSA-xwcj-grfm-xm6q VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | CVSS3: 7.5 | 0% Низкий | около 1 года назад | |
GHSA-xwcj-5r58-c5mv Cross-site scripting (XSS) vulnerability in _error in Ability Mail Server 1.18 allows remote attackers to inject arbitrary web script or HTML via the erromsg parameter. | 1% Низкий | почти 4 года назад | ||
GHSA-xwch-xg3p-x5q5 Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php. | 1% Низкий | больше 3 лет назад | ||
GHSA-xwch-qpr5-vp62 ServerIron switches by Foundry Networks have predictable TCP/IP sequence numbers, which allows remote attackers to spoof or hijack sessions. | 1% Низкий | почти 4 года назад | ||
GHSA-xwch-gx2x-qj27 Remote Desktop Client Remote Code Execution Vulnerability. | CVSS3: 8.8 | 15% Средний | больше 3 лет назад | |
GHSA-xwch-5xjc-3j47 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. | CVSS3: 9.8 | 0% Низкий | около 3 лет назад | |
GHSA-xwcg-xmmg-hh8r In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab | CVSS3: 4.6 | 37% Средний | больше 1 года назад | |
GHSA-xwcg-44xm-88h2 The BIOS onboard MiR's Computer is not protected by password, therefore, it allows a Bad Operator to modify settings such as boot order. This can be leveraged by a Malicious operator to boot from a Live Image. | CVSS3: 4.6 | 0% Низкий | больше 3 лет назад | |
GHSA-xwcg-2ff3-38xv Rejected reason: Not used | 6 месяцев назад | |||
GHSA-xwcf-mprh-wpvw The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check. | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад | |
GHSA-xwcc-7hmc-296q The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488. | 0% Низкий | больше 3 лет назад | ||
GHSA-xwcc-427v-vm78 Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UN552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V964Q R2.000 and prior to it, C961Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it) allows an attacker to obtain root privileges and execute remote code by sending unintended parameters that contain specific characters in http request. | CVSS3: 9.8 | 0% Низкий | больше 3 лет назад | |
GHSA-xwc9-h47c-3q6w A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service. | CVSS3: 6.1 | 0% Низкий | 8 месяцев назад | |
GHSA-xwc9-8235-mfg3 The Echo News (aka com.solo.report) 1.10 application (beta) for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 0% Низкий | больше 3 лет назад | ||
GHSA-xwc8-wmf6-jq93 Unspecified vulnerability in Ampache 3.3.2 and earlier, when register_globals is enabled, allows remote attackers to bypass security restrictions and gain guest access. | 0% Низкий | почти 4 года назад | ||
GHSA-xwc8-rf6m-xr86 hnswlib Double Free vulnerability | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад | |
GHSA-xwc8-5q53-jg4p An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5. | CVSS3: 4.8 | 0% Низкий | больше 3 лет назад | |
GHSA-xwc7-wmrh-7694 IBM Integrated Analytics System 1.0.0.0 through 1.0.30.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened. | CVSS3: 8 | 0% Низкий | 6 месяцев назад | |
GHSA-xwc7-pv4h-828f The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attack | CVSS3: 6.5 | 0% Низкий | почти 4 года назад |
Уязвимостей на страницу