Количество 314 458
Количество 314 458
GHSA-3w4p-cp93-7566
In the Linux kernel, the following vulnerability has been resolved: afs: Fix endless loop in directory parsing If a directory has a block with only ".__afsXXXX" files in it (from uncompleted silly-rename), these .__afsXXXX files are skipped but without advancing the file position in the dir_context. This leads to afs_dir_iterate() repeating the block again and again. Fix this by making the code that skips the .__afsXXXX file also manually advance the file position. The symptoms are a soft lookup: watchdog: BUG: soft lockup - CPU#3 stuck for 52s! [check:5737] ... RIP: 0010:afs_dir_iterate_block+0x39/0x1fd ... ? watchdog_timer_fn+0x1a6/0x213 ... ? asm_sysvec_apic_timer_interrupt+0x16/0x20 ? afs_dir_iterate_block+0x39/0x1fd afs_dir_iterate+0x10a/0x148 afs_readdir+0x30/0x4a iterate_dir+0x93/0xd3 __do_sys_getdents64+0x6b/0xd4 This is almost certainly the actual fix for: ...
GHSA-3w4p-5chr-2r8f
xterm through Patch #365 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
GHSA-3w4m-x79g-ghg6
Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327.
GHSA-3w4m-c8rq-62jj
In the Linux kernel, the following vulnerability has been resolved: net: phylink: add lock for serializing concurrent pl->phydev writes with resolver Currently phylink_resolve() protects itself against concurrent phylink_bringup_phy() or phylink_disconnect_phy() calls which modify pl->phydev by relying on pl->state_mutex. The problem is that in phylink_resolve(), pl->state_mutex is in a lock inversion state with pl->phydev->lock. So pl->phydev->lock needs to be acquired prior to pl->state_mutex. But that requires dereferencing pl->phydev in the first place, and without pl->state_mutex, that is racy. Hence the reason for the extra lock. Currently it is redundant, but it will serve a functional purpose once mutex_lock(&phy->lock) will be moved outside of the mutex_lock(&pl->state_mutex) section. Another alternative considered would have been to let phylink_resolve() acquire the rtnl_mutex, which is also held when phylink_bringup_phy() and phylink_disconnect_phy() are called. But ...
GHSA-3w4m-48x7-p9gx
Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06, on Mac OS X, allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. NOTE: it is highly likely that this item will be MERGED with CVE-2005-0836.
GHSA-3w4j-cfcj-wj69
XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files.
GHSA-3w4j-297m-588q
Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.
GHSA-3w4h-r27h-4r2w
TYPO3 Image Processing susceptible to Code Execution
GHSA-3w4g-jj6x-f73c
upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request.
GHSA-3w4g-9275-6hgj
WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
GHSA-3w4g-5j98-3hfr
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
GHSA-3w4f-q7vp-pgj5
Absolute path traversal vulnerability in a certain ActiveX control in Zune allows user-assisted remote attackers to overwrite arbitrary files via the SaveToFile method. NOTE: the victim must explicitly allow the code to run.
GHSA-3w4f-p666-hmhq
In getOrganizationNameForUser of DevicePolicyManagerService.java, there is a possible organization name disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192368508
GHSA-3w4f-995x-62ph
eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper access control for all /addons/mh/ pages.
GHSA-3w4f-86g3-p6vp
In the Linux kernel, the following vulnerability has been resolved: userns and mnt_idmap leak in open_tree_attr(2) Once want_mount_setattr() has returned a positive, it does require finish_mount_kattr() to release ->mnt_userns. Failing do_mount_setattr() does not change that. As the result, we can end up leaking userns and possibly mnt_idmap as well.
GHSA-3w4c-wppr-f3vj
In onCreate of ChooseLockGeneric.java, there is a possible permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-222684510
GHSA-3w4c-hqgp-9fj3
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. User interaction is required for exploitation, as a victim must visit a malicious link or input data into a vulnerable web application.
GHSA-3w4c-c864-mqgx
The decode_stringmap function in server_transport.cpp for UFO2000 svn 1057 allows remote attackers to cause a denial of service (daemon termination) via a large keysize or valsize, which causes a crash when the resize function cannot allocate sufficient memory.
GHSA-3w4c-53gw-r9pv
Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.
GHSA-3w49-vm5v-775f
Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G running SCCP firmware might allow remote authenticated users to execute arbitrary code via a crafted command.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-3w4p-cp93-7566 In the Linux kernel, the following vulnerability has been resolved: afs: Fix endless loop in directory parsing If a directory has a block with only ".__afsXXXX" files in it (from uncompleted silly-rename), these .__afsXXXX files are skipped but without advancing the file position in the dir_context. This leads to afs_dir_iterate() repeating the block again and again. Fix this by making the code that skips the .__afsXXXX file also manually advance the file position. The symptoms are a soft lookup: watchdog: BUG: soft lockup - CPU#3 stuck for 52s! [check:5737] ... RIP: 0010:afs_dir_iterate_block+0x39/0x1fd ... ? watchdog_timer_fn+0x1a6/0x213 ... ? asm_sysvec_apic_timer_interrupt+0x16/0x20 ? afs_dir_iterate_block+0x39/0x1fd afs_dir_iterate+0x10a/0x148 afs_readdir+0x30/0x4a iterate_dir+0x93/0xd3 __do_sys_getdents64+0x6b/0xd4 This is almost certainly the actual fix for: ... | почти 2 года назад | |||
GHSA-3w4p-5chr-2r8f xterm through Patch #365 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted UTF-8 character sequence. | CVSS3: 9.8 | 2% Низкий | больше 3 лет назад | |
GHSA-3w4m-x79g-ghg6 Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327. | 0% Низкий | почти 4 года назад | ||
GHSA-3w4m-c8rq-62jj In the Linux kernel, the following vulnerability has been resolved: net: phylink: add lock for serializing concurrent pl->phydev writes with resolver Currently phylink_resolve() protects itself against concurrent phylink_bringup_phy() or phylink_disconnect_phy() calls which modify pl->phydev by relying on pl->state_mutex. The problem is that in phylink_resolve(), pl->state_mutex is in a lock inversion state with pl->phydev->lock. So pl->phydev->lock needs to be acquired prior to pl->state_mutex. But that requires dereferencing pl->phydev in the first place, and without pl->state_mutex, that is racy. Hence the reason for the extra lock. Currently it is redundant, but it will serve a functional purpose once mutex_lock(&phy->lock) will be moved outside of the mutex_lock(&pl->state_mutex) section. Another alternative considered would have been to let phylink_resolve() acquire the rtnl_mutex, which is also held when phylink_bringup_phy() and phylink_disconnect_phy() are called. But ... | CVSS3: 7 | 0% Низкий | 4 месяца назад | |
GHSA-3w4m-48x7-p9gx Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06, on Mac OS X, allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. NOTE: it is highly likely that this item will be MERGED with CVE-2005-0836. | 0% Низкий | почти 4 года назад | ||
GHSA-3w4j-cfcj-wj69 XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files. | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад | |
GHSA-3w4j-297m-588q Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264. | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад | |
GHSA-3w4h-r27h-4r2w TYPO3 Image Processing susceptible to Code Execution | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад | |
GHSA-3w4g-jj6x-f73c upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request. | 5% Низкий | почти 4 года назад | ||
GHSA-3w4g-9275-6hgj WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. | CVSS3: 6.5 | 0% Низкий | 2 месяца назад | |
GHSA-3w4g-5j98-3hfr Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 3% Низкий | больше 3 лет назад | ||
GHSA-3w4f-q7vp-pgj5 Absolute path traversal vulnerability in a certain ActiveX control in Zune allows user-assisted remote attackers to overwrite arbitrary files via the SaveToFile method. NOTE: the victim must explicitly allow the code to run. | 14% Средний | почти 4 года назад | ||
GHSA-3w4f-p666-hmhq In getOrganizationNameForUser of DevicePolicyManagerService.java, there is a possible organization name disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192368508 | CVSS3: 3.3 | 0% Низкий | около 4 лет назад | |
GHSA-3w4f-995x-62ph eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper access control for all /addons/mh/ pages. | 0% Низкий | больше 3 лет назад | ||
GHSA-3w4f-86g3-p6vp In the Linux kernel, the following vulnerability has been resolved: userns and mnt_idmap leak in open_tree_attr(2) Once want_mount_setattr() has returned a positive, it does require finish_mount_kattr() to release ->mnt_userns. Failing do_mount_setattr() does not change that. As the result, we can end up leaking userns and possibly mnt_idmap as well. | CVSS3: 5.5 | 0% Низкий | 7 месяцев назад | |
GHSA-3w4c-wppr-f3vj In onCreate of ChooseLockGeneric.java, there is a possible permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-222684510 | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад | |
GHSA-3w4c-hqgp-9fj3 Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. User interaction is required for exploitation, as a victim must visit a malicious link or input data into a vulnerable web application. | CVSS3: 5.4 | 1% Низкий | около 1 года назад | |
GHSA-3w4c-c864-mqgx The decode_stringmap function in server_transport.cpp for UFO2000 svn 1057 allows remote attackers to cause a denial of service (daemon termination) via a large keysize or valsize, which causes a crash when the resize function cannot allocate sufficient memory. | 3% Низкий | почти 4 года назад | ||
GHSA-3w4c-53gw-r9pv Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. | CVSS3: 7.8 | 0% Низкий | больше 1 года назад | |
GHSA-3w49-vm5v-775f Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G running SCCP firmware might allow remote authenticated users to execute arbitrary code via a crafted command. | 7% Низкий | почти 4 года назад |
Уязвимостей на страницу