Количество 312 573
Количество 312 573
GHSA-3rq5-2g8h-59hc
Potential DoS via the Tudoor mechanism in eventlet and dnspython
GHSA-3rq4-xx94-7cf9
HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory.
GHSA-3rq3-j32x-vjg4
PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content.
GHSA-3rq3-f864-789r
Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote authenticated users, with group owner permissions, to inject arbitrary web script or HTML via unspecified vectors.
GHSA-3rq3-6pw2-f97f
A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.
GHSA-3rq2-j576-xv9r
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Error Handling). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
GHSA-3rq2-6mpq-54m8
The link-log plugin before 2.1 for WordPress has SQL injection.
GHSA-3rq2-3cgx-j4rh
Heap-based buffer overflow in the get_answer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP (MMSH) server response.
GHSA-3rpx-pgmf-j96h
Microweber Business Logic Errors
GHSA-3rpw-c8rg-p3f5
Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends.
GHSA-3rpv-j58g-7jfj
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271.
GHSA-3rpr-mg43-xhq4
auth0-js Privilege Escalation Vulnerability
GHSA-3rpr-jfwv-ch87
Unspecified vulnerability in the Services API in Firebird before 2.0.2 allows remote attackers to cause a denial of service, aka CORE-1149.
GHSA-3rpq-hq8j-r42p
Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
GHSA-3rpq-2xpx-53c4
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors.
GHSA-3rpp-wj27-m2p9
Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.
GHSA-3rpp-4v39-5h22
Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
GHSA-3rpm-wgqm-r264
Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category parameter to index.php.
GHSA-3rpm-h4f9-j349
Cross-Site Request Forgery (CSRF) vulnerability in TinyPNG.This issue affects TinyPNG: from n/a through 3.4.3.
GHSA-3rpm-6p6h-45fh
Windows Resilient File System Elevation of Privilege.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-3rq5-2g8h-59hc Potential DoS via the Tudoor mechanism in eventlet and dnspython | CVSS3: 5.9 | 5% Низкий | почти 2 года назад | |
GHSA-3rq4-xx94-7cf9 HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory. | CVSS3: 8.8 | 1% Низкий | больше 3 лет назад | |
GHSA-3rq3-j32x-vjg4 PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content. | CVSS3: 8.8 | 1% Низкий | больше 3 лет назад | |
GHSA-3rq3-f864-789r Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote authenticated users, with group owner permissions, to inject arbitrary web script or HTML via unspecified vectors. | 0% Низкий | почти 4 года назад | ||
GHSA-3rq3-6pw2-f97f A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests. | CVSS3: 4.7 | 0% Низкий | 10 месяцев назад | |
GHSA-3rq2-j576-xv9r Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Error Handling). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 0% Низкий | больше 3 лет назад | ||
GHSA-3rq2-6mpq-54m8 The link-log plugin before 2.1 for WordPress has SQL injection. | CVSS3: 9.8 | 1% Низкий | больше 3 лет назад | |
GHSA-3rq2-3cgx-j4rh Heap-based buffer overflow in the get_answer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP (MMSH) server response. | 4% Низкий | больше 3 лет назад | ||
GHSA-3rpx-pgmf-j96h Microweber Business Logic Errors | CVSS3: 5.9 | 0% Низкий | около 2 лет назад | |
GHSA-3rpw-c8rg-p3f5 Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends. | CVSS3: 7.2 | 0% Низкий | больше 1 года назад | |
GHSA-3rpv-j58g-7jfj ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271. | CVSS3: 8.3 | 1% Низкий | около 2 лет назад | |
GHSA-3rpr-mg43-xhq4 auth0-js Privilege Escalation Vulnerability | CVSS3: 7.5 | 0% Низкий | около 8 лет назад | |
GHSA-3rpr-jfwv-ch87 Unspecified vulnerability in the Services API in Firebird before 2.0.2 allows remote attackers to cause a denial of service, aka CORE-1149. | 2% Низкий | почти 4 года назад | ||
GHSA-3rpq-hq8j-r42p Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS3: 3.3 | 0% Низкий | около 2 лет назад | |
GHSA-3rpq-2xpx-53c4 Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors. | 0% Низкий | больше 3 лет назад | ||
GHSA-3rpp-wj27-m2p9 Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow. | CVSS3: 8.1 | 0% Низкий | больше 3 лет назад | |
GHSA-3rpp-4v39-5h22 Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2% Низкий | больше 3 лет назад | ||
GHSA-3rpm-wgqm-r264 Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category parameter to index.php. | 0% Низкий | больше 3 лет назад | ||
GHSA-3rpm-h4f9-j349 Cross-Site Request Forgery (CSRF) vulnerability in TinyPNG.This issue affects TinyPNG: from n/a through 3.4.3. | CVSS3: 5.4 | 0% Низкий | больше 1 года назад | |
GHSA-3rpm-6p6h-45fh Windows Resilient File System Elevation of Privilege. | CVSS3: 7.8 | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу