Количество 314 529
Количество 314 529
GHSA-3rfh-rcxw-3xxf
A stored cross-site scripting (XSS) vulnerability in the /group/post component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title.
GHSA-3rfh-phff-7g8v
OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the update_user_permissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory.
GHSA-3rfh-cr92-3h5r
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'.
GHSA-3rfh-9f52-4ppx
Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.2.2.
GHSA-3rfh-48f2-ghv6
Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows remote attackers to inject arbitrary web script or HTML via a query keyword.
GHSA-3rfg-xvmc-cff9
The jigbrowser+ application before 1.5.0 for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.
GHSA-3rfg-x7h2-v33m
A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandled when endpoint analytics are enabled. An attacker could exploit this vulnerability by sending a crafted DHCP request through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: The attack vector is listed as network because a DHCP relay anywhere on the network could allow exploits from networks other than the adjacent one.
GHSA-3rff-xjq9-pg37
There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory leak.
GHSA-3rff-mqc6-jp26
Cross-Site Request Forgery (CSRF) vulnerability in Deepak Khokhar Listings for Buildium allows Stored XSS. This issue affects Listings for Buildium: from n/a through 0.1.4.
GHSA-3rff-g889-h6g3
The mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (panic) via a crafted Delete Block ACK (aka DELBA) packet, related to an erroneous "code shuffling patch."
GHSA-3rf9-jvj9-2299
Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
GHSA-3rf9-fc8c-hj8h
Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
GHSA-3rf7-cxmv-24rp
Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset in Snapdragon Mobile
GHSA-3rf7-6c99-mx43
An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8.
GHSA-3rf6-9xhv-wrqx
The Nigerias Business Directory (aka com.wNigeriasBusinessDirectory) application 0.70.13414.17619 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
GHSA-3rf6-3w37-m7h7
Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution.
GHSA-3rf6-3v84-w7f8
Cross-Site Request Forgery (CSRF) vulnerability in Moriyan Jay WP Site Protector plugin <= 2.0 versions.
GHSA-3rf5-gg5c-jh3p
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
GHSA-3rf5-756g-4w3q
Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters.
GHSA-3rf4-wqcv-f4q7
Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-3rfh-rcxw-3xxf A stored cross-site scripting (XSS) vulnerability in the /group/post component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title. | 0% Низкий | больше 3 лет назад | ||
GHSA-3rfh-phff-7g8v OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the update_user_permissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory. | CVSS3: 8.8 | 0% Низкий | 2 месяца назад | |
GHSA-3rfh-cr92-3h5r A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'. | 21% Средний | больше 3 лет назад | ||
GHSA-3rfh-9f52-4ppx Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.2.2. | 0% Низкий | около 4 лет назад | ||
GHSA-3rfh-48f2-ghv6 Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows remote attackers to inject arbitrary web script or HTML via a query keyword. | 1% Низкий | почти 4 года назад | ||
GHSA-3rfg-xvmc-cff9 The jigbrowser+ application before 1.5.0 for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | 0% Низкий | больше 3 лет назад | ||
GHSA-3rfg-x7h2-v33m A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandled when endpoint analytics are enabled. An attacker could exploit this vulnerability by sending a crafted DHCP request through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: The attack vector is listed as network because a DHCP relay anywhere on the network could allow exploits from networks other than the adjacent one. | CVSS3: 8.6 | 1% Низкий | почти 2 года назад | |
GHSA-3rff-xjq9-pg37 There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory leak. | 0% Низкий | больше 3 лет назад | ||
GHSA-3rff-mqc6-jp26 Cross-Site Request Forgery (CSRF) vulnerability in Deepak Khokhar Listings for Buildium allows Stored XSS. This issue affects Listings for Buildium: from n/a through 0.1.4. | CVSS3: 7.1 | 0% Низкий | 10 месяцев назад | |
GHSA-3rff-g889-h6g3 The mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (panic) via a crafted Delete Block ACK (aka DELBA) packet, related to an erroneous "code shuffling patch." | 1% Низкий | почти 4 года назад | ||
GHSA-3rf9-jvj9-2299 Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. | 3% Низкий | больше 3 лет назад | ||
GHSA-3rf9-fc8c-hj8h Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 5% Низкий | почти 4 года назад | ||
GHSA-3rf7-cxmv-24rp Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset in Snapdragon Mobile | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад | |
GHSA-3rf7-6c99-mx43 An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8. | 0% Низкий | около 4 лет назад | ||
GHSA-3rf6-9xhv-wrqx The Nigerias Business Directory (aka com.wNigeriasBusinessDirectory) application 0.70.13414.17619 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 0% Низкий | больше 3 лет назад | ||
GHSA-3rf6-3w37-m7h7 Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution. | CVSS3: 9.8 | 17% Средний | больше 3 лет назад | |
GHSA-3rf6-3v84-w7f8 Cross-Site Request Forgery (CSRF) vulnerability in Moriyan Jay WP Site Protector plugin <= 2.0 versions. | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад | |
GHSA-3rf5-gg5c-jh3p Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | 1% Низкий | больше 3 лет назад | ||
GHSA-3rf5-756g-4w3q Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters. | CVSS3: 9.8 | 0% Низкий | почти 4 года назад | |
GHSA-3rf4-wqcv-f4q7 Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293. | CVSS3: 7.5 | 2% Низкий | больше 3 лет назад |
Уязвимостей на страницу