Количество 312 573
Количество 312 573
GHSA-3p73-75xq-v9wv
An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization.
GHSA-3p72-rmv7-7jc9
The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
GHSA-3p72-mm77-r69w
Format string vulnerability in Foxmail Server 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the USER command.
GHSA-3p6x-mw8p-qjh9
An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.
GHSA-3p6x-7vmm-w6rr
The ceee-vip/cockybook repository through 2015-04-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
GHSA-3p6w-gv5g-xjw9
MongoDB Rust Driver has certificate validation disabled when `tlsInsecure=False` appears in connection string
GHSA-3p6w-82x2-65rf
An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16934, CVE-2020-16955.
GHSA-3p6v-qx4g-mwhp
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.
GHSA-3p6v-hrg8-8qj7
@mozilla/readability Denial of Service through Regex
GHSA-3p6v-922c-mrw6
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later
GHSA-3p6r-56fp-3cwc
Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter.
GHSA-3p6r-3579-wxm9
Cross-Site Request Forgery (CSRF) vulnerability in aakash1911 WP likes allows Reflected XSS. This issue affects WP likes: from n/a through 3.1.1.
GHSA-3p6q-h5pg-fcv3
Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls.
GHSA-3p6p-pp2j-3qr6
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm field that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
GHSA-3p6p-6hwj-52g9
A Reflected Cross-site Scripting (XSS) vulnerability exists in the themeSet.php file of ProjectsAndPrograms School Management System 1.0. The application fails to sanitize user-supplied input in the theme POST parameter, allowing an attacker to inject and execute arbitrary JavaScript in a victim's browser.
GHSA-3p6p-69fx-rphw
Windows Installer Elevation of Privilege Vulnerability.
GHSA-3p6j-m8j2-m6rc
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by passing any string as the backup code.
GHSA-3p6j-m43h-3g48
In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.
GHSA-3p6j-fg99-x2wr
In AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution in external apps with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111603051
GHSA-3p6j-59jx-xr88
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-3p73-75xq-v9wv An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization. | CVSS3: 7.4 | 1% Низкий | почти 2 года назад | |
GHSA-3p72-rmv7-7jc9 The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 1% Низкий | больше 3 лет назад | ||
GHSA-3p72-mm77-r69w Format string vulnerability in Foxmail Server 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the USER command. | 6% Низкий | почти 4 года назад | ||
GHSA-3p6x-mw8p-qjh9 An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. | CVSS3: 4.4 | 1% Низкий | почти 4 года назад | |
GHSA-3p6x-7vmm-w6rr The ceee-vip/cockybook repository through 2015-04-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | CVSS3: 9.3 | 0% Низкий | больше 3 лет назад | |
GHSA-3p6w-gv5g-xjw9 MongoDB Rust Driver has certificate validation disabled when `tlsInsecure=False` appears in connection string | CVSS3: 8 | 0% Низкий | 4 месяца назад | |
GHSA-3p6w-82x2-65rf An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16934, CVE-2020-16955. | CVSS3: 7.8 | 11% Средний | больше 3 лет назад | |
GHSA-3p6v-qx4g-mwhp A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found. | CVSS3: 5.5 | 1% Низкий | больше 3 лет назад | |
GHSA-3p6v-hrg8-8qj7 @mozilla/readability Denial of Service through Regex | 11 месяцев назад | |||
GHSA-3p6v-922c-mrw6 An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later | CVSS3: 7.2 | 0% Низкий | 11 месяцев назад | |
GHSA-3p6r-56fp-3cwc Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter. | CVSS3: 9.8 | 0% Низкий | больше 3 лет назад | |
GHSA-3p6r-3579-wxm9 Cross-Site Request Forgery (CSRF) vulnerability in aakash1911 WP likes allows Reflected XSS. This issue affects WP likes: from n/a through 3.1.1. | CVSS3: 7.1 | 0% Низкий | 5 месяцев назад | |
GHSA-3p6q-h5pg-fcv3 Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls. | CVSS3: 7.5 | 0% Низкий | около 1 месяца назад | |
GHSA-3p6p-pp2j-3qr6 Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm field that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | 21% Средний | больше 3 лет назад | ||
GHSA-3p6p-6hwj-52g9 A Reflected Cross-site Scripting (XSS) vulnerability exists in the themeSet.php file of ProjectsAndPrograms School Management System 1.0. The application fails to sanitize user-supplied input in the theme POST parameter, allowing an attacker to inject and execute arbitrary JavaScript in a victim's browser. | CVSS3: 6.1 | 0% Низкий | 5 месяцев назад | |
GHSA-3p6p-69fx-rphw Windows Installer Elevation of Privilege Vulnerability. | CVSS3: 7.8 | 1% Низкий | почти 4 года назад | |
GHSA-3p6j-m8j2-m6rc An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by passing any string as the backup code. | CVSS3: 9.8 | 0% Низкий | почти 3 года назад | |
GHSA-3p6j-m43h-3g48 In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing. | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад | |
GHSA-3p6j-fg99-x2wr In AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution in external apps with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111603051 | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад | |
GHSA-3p6j-59jx-xr88 Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors. | CVSS3: 5.6 | 13% Средний | больше 3 лет назад |
Уязвимостей на страницу