Количество 312 573
Количество 312 573
GHSA-3rjx-cgpr-jrq6
SQL injection vulnerability in debug/query_results.jsp in Idetix Software Systems Revize CMS allows remote attackers to execute arbitrary SQL commands via the query parameter.
GHSA-3rjw-h7x9-663w
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access sensitive user data.
GHSA-3rjw-7wv2-m7wv
An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.
GHSA-3rjw-3839-fww4
Multiple SQL injection vulnerabilities in Hinton Design phpht Topsites 1.3 allow remote attackers to execute arbitrary SQL commands via multiple vectors including the username parameter.
GHSA-3rjv-37hg-wc7j
bb-hostsvc.sh in Big Brother 1.4h1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the HOSTSVC parameter.
GHSA-3rjr-c6q9-jm9c
SQL injection vulnerability in the xAdmin interface in EMC Document Sciences xPression 4.2 before P44 and 4.5 SP1 before P03 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
GHSA-3rjq-mvxx-wgcw
In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Image::byteSwap4 function in image.cpp. Remote attackers can exploit this vulnerability to disclose memory data or cause a denial of service via a crafted TIFF file.
GHSA-3rjq-9j9w-pxr3
OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to a cross-site request forgery that may be introduced on the PI Vision administration site.
GHSA-3rjp-hfjx-9689
In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.
GHSA-3rjp-6929-2mrw
HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request.
GHSA-3rjm-xww9-gmm6
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to bypass intended access restrictions via unspecified vectors.
GHSA-3rjm-q6hg-6jw8
RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file.
GHSA-3rjm-jwr3-fh58
Buffer overflow in the Napster client beta 5 allows remote attackers to cause a denial of service via a long message.
GHSA-3rjj-rpg2-4f2q
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1607.
GHSA-3rjh-fcp5-cg7v
In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit.
GHSA-3rjh-cgv2-5vr4
Directory traversal vulnerability in filemanager.asp for Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files, and execute commands, via a .. (dot dot) in the OpenPath parameter.
GHSA-3rjg-j65w-6v3j
Rejected reason: Not used
GHSA-3rjg-j575-7f6p
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
GHSA-3rjg-j22m-wrv3
A mediaforaction expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
GHSA-3rjg-g3j8-q837
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formLanguageChange. This vulnerability allows attackers to cause a Denial of Service (DoS) via the nextPage parameter.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-3rjx-cgpr-jrq6 SQL injection vulnerability in debug/query_results.jsp in Idetix Software Systems Revize CMS allows remote attackers to execute arbitrary SQL commands via the query parameter. | 4% Низкий | почти 4 года назад | ||
GHSA-3rjw-h7x9-663w A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access sensitive user data. | CVSS3: 7.5 | 0% Низкий | 3 месяца назад | |
GHSA-3rjw-7wv2-m7wv An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device. | CVSS3: 7.5 | 1% Низкий | около 3 лет назад | |
GHSA-3rjw-3839-fww4 Multiple SQL injection vulnerabilities in Hinton Design phpht Topsites 1.3 allow remote attackers to execute arbitrary SQL commands via multiple vectors including the username parameter. | 1% Низкий | почти 4 года назад | ||
GHSA-3rjv-37hg-wc7j bb-hostsvc.sh in Big Brother 1.4h1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the HOSTSVC parameter. | 7% Низкий | почти 4 года назад | ||
GHSA-3rjr-c6q9-jm9c SQL injection vulnerability in the xAdmin interface in EMC Document Sciences xPression 4.2 before P44 and 4.5 SP1 before P03 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 0% Низкий | больше 3 лет назад | ||
GHSA-3rjq-mvxx-wgcw In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Image::byteSwap4 function in image.cpp. Remote attackers can exploit this vulnerability to disclose memory data or cause a denial of service via a crafted TIFF file. | CVSS3: 8.1 | 1% Низкий | больше 3 лет назад | |
GHSA-3rjq-9j9w-pxr3 OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to a cross-site request forgery that may be introduced on the PI Vision administration site. | 0% Низкий | больше 3 лет назад | ||
GHSA-3rjp-hfjx-9689 In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. | CVSS3: 9.8 | 1% Низкий | больше 3 лет назад | |
GHSA-3rjp-6929-2mrw HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request. | 1% Низкий | почти 4 года назад | ||
GHSA-3rjm-xww9-gmm6 Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to bypass intended access restrictions via unspecified vectors. | CVSS3: 9.8 | 1% Низкий | больше 3 лет назад | |
GHSA-3rjm-q6hg-6jw8 RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file. | CVSS3: 5.5 | 0% Низкий | больше 3 лет назад | |
GHSA-3rjm-jwr3-fh58 Buffer overflow in the Napster client beta 5 allows remote attackers to cause a denial of service via a long message. | 0% Низкий | почти 4 года назад | ||
GHSA-3rjj-rpg2-4f2q Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1607. | 77% Высокий | больше 3 лет назад | ||
GHSA-3rjh-fcp5-cg7v In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit. | 0% Низкий | больше 3 лет назад | ||
GHSA-3rjh-cgv2-5vr4 Directory traversal vulnerability in filemanager.asp for Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files, and execute commands, via a .. (dot dot) in the OpenPath parameter. | 4% Низкий | почти 4 года назад | ||
GHSA-3rjg-j65w-6v3j Rejected reason: Not used | около 1 месяца назад | |||
GHSA-3rjg-j575-7f6p Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. | CVSS3: 4.7 | 1% Низкий | больше 3 лет назад | |
GHSA-3rjg-j22m-wrv3 A mediaforaction expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 1% Низкий | больше 3 лет назад | ||
GHSA-3rjg-g3j8-q837 D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formLanguageChange. This vulnerability allows attackers to cause a Denial of Service (DoS) via the nextPage parameter. | CVSS3: 7.5 | 0% Низкий | почти 4 года назад |
Уязвимостей на страницу