Количество 312 573
Количество 312 573
GHSA-3w6g-24mq-35j6
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 and prior that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.
GHSA-3w6f-wrm9-g4x7
A Local File Inclusion (LFI) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the downloading of arbitrary files via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140.
GHSA-3w6f-855j-w5gg
Open redirect vulnerability in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
GHSA-3w69-wxxj-qc6r
In UsageStatsService, there is a possible way to read installed 3rd party apps due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
GHSA-3w69-j4hp-rvh4
This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities.
GHSA-3w68-p3xg-cp6h
The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remote attackers to obtain sensitive information by importing a crafted firmware file.
GHSA-3w68-cfg3-3gpj
A vulnerability, which was classified as critical, has been found in PHPGurukul Art Gallery Management System 1.1. This issue affects some unknown processing of the file /admin/changeimage3.php. The manipulation of the argument editid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
GHSA-3w67-q784-6w7c
Division by zero in TFLite's implementation of `GatherNd`
GHSA-3w67-hjc6-5xcc
The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ladiflow_save_hook() function in versions up to, and including, 4.3. This makes it possible for authenticated attackers with subscriber-level access and above to update the 'ladiflow_hook_configs' option.
GHSA-3w67-8p8m-wgqf
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP.
GHSA-3w67-7h76-28wg
Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
GHSA-3w66-p7cp-w8h7
TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/V3, and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlTimeSchedRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
GHSA-3w66-m37p-v74f
Missing Authorization vulnerability in Torod Holding LTD Torod allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Torod: from n/a through 1.7.
GHSA-3w66-jjx9-6wph
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Log Management). The supported version that is affected is 13.5.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Scor...
GHSA-3w66-96j7-fmcp
The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT.
GHSA-3w65-mh9h-3g82
wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the generated nonces.
GHSA-3w65-g885-345g
Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process.
GHSA-3w65-74c3-p8jp
Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic.
GHSA-3w65-72f9-frg9
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).
GHSA-3w64-72gj-893r
Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass.This issue affects Digital Yepas: before 1.0.1.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-3w6g-24mq-35j6 A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 and prior that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | 1% Низкий | больше 3 лет назад | ||
GHSA-3w6f-wrm9-g4x7 A Local File Inclusion (LFI) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the downloading of arbitrary files via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140. | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад | |
GHSA-3w6f-855j-w5gg Open redirect vulnerability in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 1% Низкий | больше 3 лет назад | ||
GHSA-3w69-wxxj-qc6r In UsageStatsService, there is a possible way to read installed 3rd party apps due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | CVSS3: 5.5 | 0% Низкий | больше 2 лет назад | |
GHSA-3w69-j4hp-rvh4 This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities. | CVSS3: 7.5 | 0% Низкий | 10 месяцев назад | |
GHSA-3w68-p3xg-cp6h The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remote attackers to obtain sensitive information by importing a crafted firmware file. | 0% Низкий | больше 3 лет назад | ||
GHSA-3w68-cfg3-3gpj A vulnerability, which was classified as critical, has been found in PHPGurukul Art Gallery Management System 1.1. This issue affects some unknown processing of the file /admin/changeimage3.php. The manipulation of the argument editid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | CVSS3: 6.3 | 0% Низкий | 8 месяцев назад | |
GHSA-3w67-q784-6w7c Division by zero in TFLite's implementation of `GatherNd` | CVSS3: 2.5 | 0% Низкий | больше 4 лет назад | |
GHSA-3w67-hjc6-5xcc The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ladiflow_save_hook() function in versions up to, and including, 4.3. This makes it possible for authenticated attackers with subscriber-level access and above to update the 'ladiflow_hook_configs' option. | CVSS3: 4.3 | 0% Низкий | почти 2 года назад | |
GHSA-3w67-8p8m-wgqf Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP. | 3% Низкий | больше 3 лет назад | ||
GHSA-3w67-7h76-28wg Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | CVSS3: 8.8 | 1% Низкий | больше 3 лет назад | |
GHSA-3w66-p7cp-w8h7 TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/V3, and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlTimeSchedRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад | |
GHSA-3w66-m37p-v74f Missing Authorization vulnerability in Torod Holding LTD Torod allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Torod: from n/a through 1.7. | CVSS3: 6.5 | 0% Низкий | около 1 года назад | |
GHSA-3w66-jjx9-6wph Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Log Management). The supported version that is affected is 13.5.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Scor... | CVSS3: 7.5 | 0% Низкий | почти 2 года назад | |
GHSA-3w66-96j7-fmcp The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT. | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад | |
GHSA-3w65-mh9h-3g82 wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the generated nonces. | 0% Низкий | больше 3 лет назад | ||
GHSA-3w65-g885-345g Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process. | CVSS3: 7.8 | 0% Низкий | 6 месяцев назад | |
GHSA-3w65-74c3-p8jp Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic. | CVSS3: 7.4 | 0% Низкий | больше 3 лет назад | |
GHSA-3w65-72f9-frg9 Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад | |
GHSA-3w64-72gj-893r Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass.This issue affects Digital Yepas: before 1.0.1. | CVSS3: 10 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу