Количество 288 896
Количество 288 896
GHSA-25vc-3hfp-rp87
Stack overflow vulnerability in the NFC module.Successful exploitation of this vulnerability may affect service availability and integrity.
GHSA-25v9-5xh2-9q3m
Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment.
GHSA-25v7-q3wp-pg2v
Cross-Site Request Forgery (CSRF) vulnerability in Andrei Ivasiuc Fontific | Google Fonts allows Stored XSS.This issue affects Fontific | Google Fonts: from n/a through 0.1.6.
GHSA-25v5-24mh-gcpq
statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages.
GHSA-25v4-mcx4-hh35
Cross-Site Scripting in atlasboard-atlassian-package
GHSA-25v4-gjx4-5p9g
osCommerce2 before v2.3.4.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the function tep_db_error().
GHSA-25v3-jwjr-m5j2
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) param parameter to admin/load.php or (2) user, (3) email, or (4) name parameter in a Save Settings action to admin/settings.php.
GHSA-25v3-h5h6-v7q3
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php.
GHSA-25v3-7r56-53xj
Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
GHSA-25v3-4g35-grj3
Cross-site scripting (XSS) vulnerability in the web interface on Huawei Echo Life HG8247 routers with software before V100R006C00SPC127 allows remote attackers to inject arbitrary web script or HTML via an invalid TELNET connection attempt with a crafted username that is not properly handled during construction of the "failed log-in attempts over telnet" log view.
GHSA-25v3-3ww8-wr27
The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector
GHSA-25v2-v763-x228
In the Linux kernel, the following vulnerability has been resolved: io_uring/sqpoll: work around a potential audit memory leak kmemleak complains that there's a memory leak related to connect handling: unreferenced object 0xffff0001093bdf00 (size 128): comm "iou-sqp-455", pid 457, jiffies 4294894164 hex dump (first 32 bytes): 02 00 fa ea 7f 00 00 01 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 2e481b1a): [<00000000c0a26af4>] kmemleak_alloc+0x30/0x38 [<000000009c30bb45>] kmalloc_trace+0x228/0x358 [<000000009da9d39f>] __audit_sockaddr+0xd0/0x138 [<0000000089a93e34>] move_addr_to_kernel+0x1a0/0x1f8 [<000000000b4e80e6>] io_connect_prep+0x1ec/0x2d4 [<00000000abfbcd99>] io_submit_sqes+0x588/0x1e48 [<00000000e7c25e07>] io_sq_thread+0x8a4/0x10e4 [<00000000d999b491>] ret_from_fork+0x10/0x20 which can can happen if: 1) The command type does something on the prep side that triggers an audit call. 2) The threa...
GHSA-25v2-qgvr-2hwq
A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11919)
GHSA-25v2-jc2r-qvqg
Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access.
GHSA-25rx-8qj3-xr2w
Karmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated access which could allow an unauthenticated attacker to modificate logs.
GHSA-25rw-wcg9-79jh
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin
GHSA-25rw-v6g3-5hgc
Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore.
GHSA-25rw-qhcc-7gp7
The ARD-9808 DVR card security camera stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing usernames and passwords via a direct request for dvr.ini.
GHSA-25rw-5w3f-v9vr
Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
GHSA-25rv-hrr2-4wx8
An authenticated user can modify application state data.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-25vc-3hfp-rp87 Stack overflow vulnerability in the NFC module.Successful exploitation of this vulnerability may affect service availability and integrity. | CVSS3: 9.1 | 0% Низкий | больше 1 года назад |
| GHSA-25v9-5xh2-9q3m Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment. | 0% Низкий | около 3 лет назад | |
| GHSA-25v7-q3wp-pg2v Cross-Site Request Forgery (CSRF) vulnerability in Andrei Ivasiuc Fontific | Google Fonts allows Stored XSS.This issue affects Fontific | Google Fonts: from n/a through 0.1.6. | CVSS3: 7.1 | 0% Низкий | больше 1 года назад |
| GHSA-25v5-24mh-gcpq statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages. | CVSS3: 5.9 | 29% Средний | около 3 лет назад |
| GHSA-25v4-mcx4-hh35 Cross-Site Scripting in atlasboard-atlassian-package | почти 5 лет назад | ||
| GHSA-25v4-gjx4-5p9g osCommerce2 before v2.3.4.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the function tep_db_error(). | CVSS3: 6.1 | 1% Низкий | почти 3 года назад |
| GHSA-25v3-jwjr-m5j2 Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) param parameter to admin/load.php or (2) user, (3) email, or (4) name parameter in a Save Settings action to admin/settings.php. | 3% Низкий | около 3 лет назад | |
| GHSA-25v3-h5h6-v7q3 SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php. | CVSS3: 5.1 | 0% Низкий | 5 месяцев назад |
| GHSA-25v3-7r56-53xj Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | CVSS3: 6.5 | 0% Низкий | 7 месяцев назад |
| GHSA-25v3-4g35-grj3 Cross-site scripting (XSS) vulnerability in the web interface on Huawei Echo Life HG8247 routers with software before V100R006C00SPC127 allows remote attackers to inject arbitrary web script or HTML via an invalid TELNET connection attempt with a crafted username that is not properly handled during construction of the "failed log-in attempts over telnet" log view. | 0% Низкий | около 3 лет назад | |
| GHSA-25v3-3ww8-wr27 The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад |
| GHSA-25v2-v763-x228 In the Linux kernel, the following vulnerability has been resolved: io_uring/sqpoll: work around a potential audit memory leak kmemleak complains that there's a memory leak related to connect handling: unreferenced object 0xffff0001093bdf00 (size 128): comm "iou-sqp-455", pid 457, jiffies 4294894164 hex dump (first 32 bytes): 02 00 fa ea 7f 00 00 01 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 2e481b1a): [<00000000c0a26af4>] kmemleak_alloc+0x30/0x38 [<000000009c30bb45>] kmalloc_trace+0x228/0x358 [<000000009da9d39f>] __audit_sockaddr+0xd0/0x138 [<0000000089a93e34>] move_addr_to_kernel+0x1a0/0x1f8 [<000000000b4e80e6>] io_connect_prep+0x1ec/0x2d4 [<00000000abfbcd99>] io_submit_sqes+0x588/0x1e48 [<00000000e7c25e07>] io_sq_thread+0x8a4/0x10e4 [<00000000d999b491>] ret_from_fork+0x10/0x20 which can can happen if: 1) The command type does something on the prep side that triggers an audit call. 2) The threa... | CVSS3: 5.5 | 0% Низкий | около 1 года назад |
| GHSA-25v2-qgvr-2hwq A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11919) | 0% Низкий | около 3 лет назад | |
| GHSA-25v2-jc2r-qvqg Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access. | CVSS3: 5.5 | 0% Низкий | больше 3 лет назад |
| GHSA-25rx-8qj3-xr2w Karmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated access which could allow an unauthenticated attacker to modificate logs. | CVSS3: 5.3 | 0% Низкий | больше 2 лет назад |
| GHSA-25rw-wcg9-79jh In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin | CVSS3: 3.7 | 1% Низкий | 12 месяцев назад |
| GHSA-25rw-v6g3-5hgc Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore. | 0% Низкий | больше 3 лет назад | |
| GHSA-25rw-qhcc-7gp7 The ARD-9808 DVR card security camera stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing usernames and passwords via a direct request for dvr.ini. | 1% Низкий | больше 3 лет назад | |
| GHSA-25rw-5w3f-v9vr Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | CVSS3: 6.1 | 0% Низкий | около 3 лет назад |
| GHSA-25rv-hrr2-4wx8 An authenticated user can modify application state data. | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
Уязвимостей на страницу