Количество 314 212
Количество 314 212
GHSA-3x26-rr7r-hp27
In btm_simple_pair_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142544079
GHSA-3x25-pc9c-mv8g
Cross-site scripting (XSS) vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search bar.
GHSA-3x25-57q8-33g5
The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file containing an invalid block of data at the beginning. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ZIP parser implementations.
GHSA-3wxx-q3gv-pvvv
LlamaIndex vulnerable to DoS attack through uncontrolled recursive JSON parsing
GHSA-3wxw-q9mc-652q
A security vulnerability in HPE OneView for VMware vCenter 9.5 could be exploited remotely to allow Cross-Site Scripting.
GHSA-3wxw-p7xf-3r35
Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password in the URL, which may allow local users to gain sensitive information from web logs or browser history.
GHSA-3wxw-jcf9-xgm3
The deploy directory in PingFederate runtime nodes is reachable to unauthorized users.
GHSA-3wxw-9pjm-38cr
A cross-site scripting (XSS) vulnerability in the /scroll.php endpoint of LafeLabs Chaos v0.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
GHSA-3wxw-5w97-2cvf
OpenVPN Access Server older than version 2.8.4 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.
GHSA-3wxv-wgwg-qwjr
Cross-site scripting (XSS) vulnerability in the AddToAny module 5.x before 5.x-2.4 and 6.x before 6.x-2.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via a node title.
GHSA-3wxv-vvvq-84p8
Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 allows remote attackers to set the password and obtain administrative access via unspecified vectors.
GHSA-3wxv-m6v8-9vx3
The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.
GHSA-3wxv-8cx4-wg98
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In non-secure mode, the user is unauthenticated.
GHSA-3wxq-grgm-m8r3
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emraan Cheema CubeWP allows Stored XSS. This issue affects CubeWP: from n/a through 1.1.26.
GHSA-3wxq-7r8m-qpmg
ffmepg is malware
GHSA-3wxq-76w9-ghcp
In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives
GHSA-3wxp-gf5c-jh8g
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
GHSA-3wxp-8m6g-m8x5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LiquidThemes Hub Core hub-core allows PHP Local File Inclusion.This issue affects Hub Core: from n/a through <= 5.0.8.
GHSA-3wxp-8cgp-vmq4
Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.
GHSA-3wxm-m9m4-cprj
Import of incorrectly embargoed keys could cause early publication
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-3x26-rr7r-hp27 In btm_simple_pair_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142544079 | 0% Низкий | больше 3 лет назад | |
| GHSA-3x25-pc9c-mv8g Cross-site scripting (XSS) vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search bar. | 0% Низкий | больше 3 лет назад | |
| GHSA-3x25-57q8-33g5 The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file containing an invalid block of data at the beginning. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ZIP parser implementations. | 8% Низкий | больше 3 лет назад | |
| GHSA-3wxx-q3gv-pvvv LlamaIndex vulnerable to DoS attack through uncontrolled recursive JSON parsing | CVSS3: 6.5 | 0% Низкий | 7 месяцев назад |
| GHSA-3wxw-q9mc-652q A security vulnerability in HPE OneView for VMware vCenter 9.5 could be exploited remotely to allow Cross-Site Scripting. | 1% Низкий | больше 3 лет назад | |
| GHSA-3wxw-p7xf-3r35 Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password in the URL, which may allow local users to gain sensitive information from web logs or browser history. | 1% Низкий | почти 4 года назад | |
| GHSA-3wxw-jcf9-xgm3 The deploy directory in PingFederate runtime nodes is reachable to unauthorized users. | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
| GHSA-3wxw-9pjm-38cr A cross-site scripting (XSS) vulnerability in the /scroll.php endpoint of LafeLabs Chaos v0.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | CVSS3: 5.4 | 0% Низкий | около 1 года назад |
| GHSA-3wxw-5w97-2cvf OpenVPN Access Server older than version 2.8.4 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp. | 0% Низкий | больше 3 лет назад | |
| GHSA-3wxv-wgwg-qwjr Cross-site scripting (XSS) vulnerability in the AddToAny module 5.x before 5.x-2.4 and 6.x before 6.x-2.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via a node title. | 0% Низкий | почти 4 года назад | |
| GHSA-3wxv-vvvq-84p8 Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 allows remote attackers to set the password and obtain administrative access via unspecified vectors. | 2% Низкий | почти 4 года назад | |
| GHSA-3wxv-m6v8-9vx3 The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. | 2% Низкий | больше 3 лет назад | |
| GHSA-3wxv-8cx4-wg98 Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In non-secure mode, the user is unauthenticated. | 0% Низкий | больше 3 лет назад | |
| GHSA-3wxq-grgm-m8r3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emraan Cheema CubeWP allows Stored XSS. This issue affects CubeWP: from n/a through 1.1.26. | CVSS3: 6.5 | 0% Низкий | 5 месяцев назад |
| GHSA-3wxq-7r8m-qpmg ffmepg is malware | CVSS3: 7.5 | 0% Низкий | больше 7 лет назад |
| GHSA-3wxq-76w9-ghcp In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives | CVSS3: 2.8 | 0% Низкий | около 2 лет назад |
| GHSA-3wxp-gf5c-jh8g The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive. | CVSS3: 7.8 | 17% Средний | больше 3 лет назад |
| GHSA-3wxp-8m6g-m8x5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LiquidThemes Hub Core hub-core allows PHP Local File Inclusion.This issue affects Hub Core: from n/a through <= 5.0.8. | CVSS3: 7.5 | 0% Низкий | около 2 месяцев назад |
| GHSA-3wxp-8cgp-vmq4 Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write. | CVSS3: 7.5 | 9% Низкий | больше 3 лет назад |
| GHSA-3wxm-m9m4-cprj Import of incorrectly embargoed keys could cause early publication | больше 4 лет назад |
Уязвимостей на страницу