Количество 314 458
Количество 314 458
GHSA-3rh8-f4gv-8c37
Cross-site scripting (XSS) vulnerability in vud_term.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via taxonomy terms.
GHSA-3rh7-vm4x-q2hp
sqlserver is malware
GHSA-3rh7-494q-3mjq
A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code.
GHSA-3rh6-vqr9-vpx5
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted.
GHSA-3rh6-mpmf-236w
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.
GHSA-3rh6-4p5j-qqfp
An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can retrieve recently used and running applications, their icons, and their file paths. This information is sent in cleartext and is not protected by any authentication logic.
GHSA-3rh5-9p47-7947
The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core.
GHSA-3rh4-hgwg-p5c2
Windows Connected Devices Platform Service Information Disclosure Vulnerability.
GHSA-3rh3-x38g-8fjx
Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0975.
GHSA-3rh3-wfr4-76mj
Regular expression Denial of Service in multiple packages
GHSA-3rh3-mwf4-58r4
In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance.
GHSA-3rh2-mmpx-4299
The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4.7.x, a different vulnerability than CVE-2014-2316.
GHSA-3rh2-hpf7-3mm7
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling xfa.event.rest XFA JavaScript due to accessing a wild pointer.
GHSA-3rgx-xp66-8w52
Cross-site scripting (XSS) vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the script into the resulting error message.
GHSA-3rgx-c7jv-r7q6
A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attacker to read files from the underlying filesystem. More Information: CSCvc90335. Known Affected Releases: 12.1.
GHSA-3rgw-2q84-rfvm
Unspecified vulnerability in Apple File Protocol (AFP) server in Apple Mac OS X 10.4 up to 10.4.6 includes the names of restricted files and folders within search results, which might allow remote attackers to obtain sensitive information.
GHSA-3rgw-2fpg-85mq
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
GHSA-3rgw-269v-xpvx
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NinjaTeam WP Chat App allows Stored XSS.This issue affects WP Chat App: from n/a through 3.4.4.
GHSA-3rgv-vw7x-2j23
Windows Remote Desktop Services Denial of Service Vulnerability
GHSA-3rgv-v89r-wjff
Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-3rh8-f4gv-8c37 Cross-site scripting (XSS) vulnerability in vud_term.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via taxonomy terms. | 0% Низкий | больше 3 лет назад | ||
GHSA-3rh7-vm4x-q2hp sqlserver is malware | CVSS3: 7.5 | 0% Низкий | около 7 лет назад | |
GHSA-3rh7-494q-3mjq A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code. | CVSS3: 8.8 | 1% Низкий | больше 3 лет назад | |
GHSA-3rh6-vqr9-vpx5 Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted. | CVSS3: 5.5 | 0% Низкий | больше 3 лет назад | |
GHSA-3rh6-mpmf-236w iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php. | CVSS3: 9.8 | 0% Низкий | больше 2 лет назад | |
GHSA-3rh6-4p5j-qqfp An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can retrieve recently used and running applications, their icons, and their file paths. This information is sent in cleartext and is not protected by any authentication logic. | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад | |
GHSA-3rh5-9p47-7947 The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. | 1% Низкий | больше 3 лет назад | ||
GHSA-3rh4-hgwg-p5c2 Windows Connected Devices Platform Service Information Disclosure Vulnerability. | CVSS3: 4.7 | 0% Низкий | больше 3 лет назад | |
GHSA-3rh3-x38g-8fjx Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0975. | 54% Средний | почти 4 года назад | ||
GHSA-3rh3-wfr4-76mj Regular expression Denial of Service in multiple packages | CVSS3: 6.5 | 8% Низкий | почти 5 лет назад | |
GHSA-3rh3-mwf4-58r4 In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance. | CVSS3: 7.2 | 4% Низкий | больше 3 лет назад | |
GHSA-3rh2-mmpx-4299 The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4.7.x, a different vulnerability than CVE-2014-2316. | CVSS3: 9.8 | 1% Низкий | больше 3 лет назад | |
GHSA-3rh2-hpf7-3mm7 An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling xfa.event.rest XFA JavaScript due to accessing a wild pointer. | 0% Низкий | больше 3 лет назад | ||
GHSA-3rgx-xp66-8w52 Cross-site scripting (XSS) vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the script into the resulting error message. | 0% Низкий | почти 4 года назад | ||
GHSA-3rgx-c7jv-r7q6 A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attacker to read files from the underlying filesystem. More Information: CSCvc90335. Known Affected Releases: 12.1. | CVSS3: 6.5 | 1% Низкий | больше 3 лет назад | |
GHSA-3rgw-2q84-rfvm Unspecified vulnerability in Apple File Protocol (AFP) server in Apple Mac OS X 10.4 up to 10.4.6 includes the names of restricted files and folders within search results, which might allow remote attackers to obtain sensitive information. | 1% Низкий | почти 4 года назад | ||
GHSA-3rgw-2fpg-85mq libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. | 0% Низкий | больше 3 лет назад | ||
GHSA-3rgw-269v-xpvx Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NinjaTeam WP Chat App allows Stored XSS.This issue affects WP Chat App: from n/a through 3.4.4. | CVSS3: 5.9 | 0% Низкий | почти 2 года назад | |
GHSA-3rgv-vw7x-2j23 Windows Remote Desktop Services Denial of Service Vulnerability | CVSS3: 7.5 | 28% Средний | больше 3 лет назад | |
GHSA-3rgv-v89r-wjff Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 1% Низкий | почти 4 года назад |
Уязвимостей на страницу