Количество 312 573
Количество 312 573
GHSA-3wc6-3hc2-3wc8
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.
GHSA-3wc5-j3q5-m2xc
In the Linux kernel, the following vulnerability has been resolved: md: don't dereference mddev after export_rdev() Except for initial reference, mddev->kobject is referenced by rdev->kobject, and if the last rdev is freed, there is no guarantee that mddev is still valid. Hence mddev should not be used anymore after export_rdev(). This problem can be triggered by following test for mdadm at very low rate: New file: mdadm/tests/23rdev-lifetime devname=${dev0##*/} devt=`cat /sys/block/$devname/dev` pid="" runtime=2 clean_up_test() { pill -9 $pid echo clear > /sys/block/md0/md/array_state } trap 'clean_up_test' EXIT add_by_sysfs() { while true; do echo $devt > /sys/block/md0/md/new_dev done } remove_by_sysfs(){ while true; do echo remove > /sys/block/md0/md/dev-${devname}/state done } echo md0 > /sys/module/md_mod/parameters/new_array || die "create md0 failed" add_by_sysfs & pid="$pid $!" remov...
GHSA-3wc5-fcw2-2329
KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocols
GHSA-3wc3-w43j-x6wh
IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data.
GHSA-3wc2-cmwj-m278
Uncaught exception in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable information disclosure via local access.
GHSA-3wc2-c7g8-w9pm
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
GHSA-3wc2-46vx-hw8w
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin <= 2.0.9 versions.
GHSA-3w9x-7c3c-4gxq
EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q parameter in the search web interface.
GHSA-3w9w-9833-gcpv
Security bug in ConvertToSinglePlane when used with untrusted content from the DDS loader
GHSA-3w9v-r68q-8qm7
A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This impacts the function sub_403198 of the file /cgi-bin/wireless.cgi of the component SetName Page. The manipulation of the argument mac_5g leads to command injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
GHSA-3w9v-g7vm-2m73
BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments.
GHSA-3w9v-5hv6-vvfx
Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands.
GHSA-3w9v-5f2g-97c5
XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.
GHSA-3w9r-m576-jv7x
Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the "to" and "from" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE.
GHSA-3w9r-7m69-42xv
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later
GHSA-3w9r-2mqj-cf5c
Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).
GHSA-3w9q-v2w9-rrmm
A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination.
GHSA-3w9q-c44j-37jj
High severity vulnerability that affects Microsoft.ChakraCore
GHSA-3w9p-x4pg-9hc2
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function switch_debug_info_set.
GHSA-3w9p-v94j-2ggh
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-3wc6-3hc2-3wc8 In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753. | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад | |
GHSA-3wc5-j3q5-m2xc In the Linux kernel, the following vulnerability has been resolved: md: don't dereference mddev after export_rdev() Except for initial reference, mddev->kobject is referenced by rdev->kobject, and if the last rdev is freed, there is no guarantee that mddev is still valid. Hence mddev should not be used anymore after export_rdev(). This problem can be triggered by following test for mdadm at very low rate: New file: mdadm/tests/23rdev-lifetime devname=${dev0##*/} devt=`cat /sys/block/$devname/dev` pid="" runtime=2 clean_up_test() { pill -9 $pid echo clear > /sys/block/md0/md/array_state } trap 'clean_up_test' EXIT add_by_sysfs() { while true; do echo $devt > /sys/block/md0/md/new_dev done } remove_by_sysfs(){ while true; do echo remove > /sys/block/md0/md/dev-${devname}/state done } echo md0 > /sys/module/md_mod/parameters/new_array || die "create md0 failed" add_by_sysfs & pid="$pid $!" remov... | 0% Низкий | 4 месяца назад | ||
GHSA-3wc5-fcw2-2329 KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocols | CVSS3: 5.5 | 0% Низкий | почти 2 года назад | |
GHSA-3wc3-w43j-x6wh IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data. | CVSS3: 7.1 | 0% Низкий | 9 месяцев назад | |
GHSA-3wc2-cmwj-m278 Uncaught exception in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable information disclosure via local access. | CVSS3: 5.5 | 0% Низкий | почти 4 года назад | |
GHSA-3wc2-c7g8-w9pm Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. | CVSS3: 7.8 | 0% Низкий | около 3 лет назад | |
GHSA-3wc2-46vx-hw8w Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin <= 2.0.9 versions. | CVSS3: 7.1 | 0% Низкий | больше 2 лет назад | |
GHSA-3w9x-7c3c-4gxq EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q parameter in the search web interface. | CVSS3: 9.8 | 85% Высокий | больше 1 года назад | |
GHSA-3w9w-9833-gcpv Security bug in ConvertToSinglePlane when used with untrusted content from the DDS loader | CVSS3: 6.1 | около 3 лет назад | ||
GHSA-3w9v-r68q-8qm7 A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This impacts the function sub_403198 of the file /cgi-bin/wireless.cgi of the component SetName Page. The manipulation of the argument mac_5g leads to command injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | CVSS3: 6.3 | 0% Низкий | 5 месяцев назад | |
GHSA-3w9v-g7vm-2m73 BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments. | 0% Низкий | почти 4 года назад | ||
GHSA-3w9v-5hv6-vvfx Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands. | CVSS3: 7.5 | 0% Низкий | 2 месяца назад | |
GHSA-3w9v-5f2g-97c5 XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1. | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад | |
GHSA-3w9r-m576-jv7x Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the "to" and "from" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE. | 1% Низкий | почти 4 года назад | ||
GHSA-3w9r-7m69-42xv A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later | CVSS3: 6.5 | 0% Низкий | 5 месяцев назад | |
GHSA-3w9r-2mqj-cf5c Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS). | CVSS3: 5.5 | 0% Низкий | больше 2 лет назад | |
GHSA-3w9q-v2w9-rrmm A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination. | CVSS3: 9.8 | 0% Низкий | 6 месяцев назад | |
GHSA-3w9q-c44j-37jj High severity vulnerability that affects Microsoft.ChakraCore | CVSS3: 7.5 | 4% Низкий | почти 7 лет назад | |
GHSA-3w9p-x4pg-9hc2 H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function switch_debug_info_set. | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад | |
GHSA-3w9p-v94j-2ggh An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050. | CVSS3: 6.5 | 8% Низкий | больше 3 лет назад |
Уязвимостей на страницу