Количество 289 610
Количество 289 610
GHSA-27vf-v322-7qf5
Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as used in products such as KchmViewer, has unknown impact and attack vectors.
GHSA-27vf-8fw5-36p7
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, a similar vulnerability to CVE-2010-4670.
GHSA-27vf-3g4f-6jp7
LibreNMS Ports Stored Cross-site Scripting vulnerability
GHSA-27vc-vrhq-mf4c
SQL injection vulnerability in annonces-p-f.php in the MyAnnonces 1.8 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the lid parameter in an ImprAnn action.
GHSA-27vc-rww5-64v8
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
GHSA-27v9-jf76-68p4
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=dashboard/position/edit&op=member. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239260.
GHSA-27v9-6wwc-82r3
Possible out of bound read due to improper validation of certificate chain in SSL or Internet key exchange in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
GHSA-27v9-58mg-8v43
A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL.
GHSA-27v7-qhfv-rqq8
Insecure Credential Storage in web3
GHSA-27v6-gmmm-5qf3
Buffer overflow in petris before 1.0.1 allows remote attackers to execute arbitrary code via unspecified attack vectors.
GHSA-27v6-4m9p-3qq4
Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress.
GHSA-27v5-v9w4-6pr5
Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."
GHSA-27v5-q384-ff55
find_theni_home.php in E-theni allows remote attackers to obtain sensitive system information via a URL request which executes phpinfo.
GHSA-27v4-w7r4-68vg
Directory traversal vulnerability exists in Mailing List Search CGI (pmmls.exe) included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a remote attacker may obtain arbitrary files on the server.
GHSA-27v4-m256-2g57
File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function.
GHSA-27v4-jvv2-r77h
SQL injection vulnerability in the Multisite Search module 6.x-2.2 for Drupal allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the Site table prefix field.
GHSA-27v4-h6gj-f3w5
A vulnerability in the Cisco Nexus 9000 Series Fabric Switches running in Application-Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms of user-supplied input sent to an affected device. A successful exploit could allow the attacker unauthorized access to read arbitrary files on an affected device. This vulnerability has been fixed in version 14.0(1h).
GHSA-27v4-cjp2-mwc4
Cisco Unified Communications Domain Manager Platform Software 4.4(.3) and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending crafted TCP packets quickly, aka Bug ID CSCuo42063.
GHSA-27v4-8jv4-3cp6
Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown
GHSA-27v4-4p5h-63xx
Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-27vf-v322-7qf5 Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as used in products such as KchmViewer, has unknown impact and attack vectors. | 1% Низкий | больше 3 лет назад | |
| GHSA-27vf-8fw5-36p7 The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, a similar vulnerability to CVE-2010-4670. | 0% Низкий | больше 3 лет назад | |
| GHSA-27vf-3g4f-6jp7 LibreNMS Ports Stored Cross-site Scripting vulnerability | CVSS3: 4.6 | 0% Низкий | 7 месяцев назад |
| GHSA-27vc-vrhq-mf4c SQL injection vulnerability in annonces-p-f.php in the MyAnnonces 1.8 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the lid parameter in an ImprAnn action. | 0% Низкий | больше 3 лет назад | |
| GHSA-27vc-rww5-64v8 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | CVSS3: 7.5 | 0% Низкий | 11 месяцев назад |
| GHSA-27v9-jf76-68p4 A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=dashboard/position/edit&op=member. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239260. | CVSS3: 6.3 | 0% Низкий | почти 2 года назад |
| GHSA-27v9-6wwc-82r3 Possible out of bound read due to improper validation of certificate chain in SSL or Internet key exchange in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | CVSS3: 9.1 | 0% Низкий | около 3 лет назад |
| GHSA-27v9-58mg-8v43 A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL. | 0% Низкий | около 3 лет назад | |
| GHSA-27v7-qhfv-rqq8 Insecure Credential Storage in web3 | CVSS3: 3.3 | около 6 лет назад | |
| GHSA-27v6-gmmm-5qf3 Buffer overflow in petris before 1.0.1 allows remote attackers to execute arbitrary code via unspecified attack vectors. | 4% Низкий | больше 3 лет назад | |
| GHSA-27v6-4m9p-3qq4 Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress. | CVSS3: 7.2 | 3% Низкий | почти 3 года назад |
| GHSA-27v5-v9w4-6pr5 Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF." | CVSS3: 5.5 | 0% Низкий | больше 3 лет назад |
| GHSA-27v5-q384-ff55 find_theni_home.php in E-theni allows remote attackers to obtain sensitive system information via a URL request which executes phpinfo. | 0% Низкий | больше 3 лет назад | |
| GHSA-27v4-w7r4-68vg Directory traversal vulnerability exists in Mailing List Search CGI (pmmls.exe) included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a remote attacker may obtain arbitrary files on the server. | CVSS3: 3.7 | 0% Низкий | больше 1 года назад |
| GHSA-27v4-m256-2g57 File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function. | CVSS3: 9.8 | 13% Средний | почти 2 года назад |
| GHSA-27v4-jvv2-r77h SQL injection vulnerability in the Multisite Search module 6.x-2.2 for Drupal allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the Site table prefix field. | 1% Низкий | больше 3 лет назад | |
| GHSA-27v4-h6gj-f3w5 A vulnerability in the Cisco Nexus 9000 Series Fabric Switches running in Application-Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms of user-supplied input sent to an affected device. A successful exploit could allow the attacker unauthorized access to read arbitrary files on an affected device. This vulnerability has been fixed in version 14.0(1h). | CVSS3: 4.4 | 0% Низкий | больше 3 лет назад |
| GHSA-27v4-cjp2-mwc4 Cisco Unified Communications Domain Manager Platform Software 4.4(.3) and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending crafted TCP packets quickly, aka Bug ID CSCuo42063. | 0% Низкий | больше 3 лет назад | |
| GHSA-27v4-8jv4-3cp6 Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown | 0% Низкий | около 3 лет назад | |
| GHSA-27v4-4p5h-63xx Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php. | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу