Количество 312 573
Количество 312 573
GHSA-3jr7-qfmv-8m22
An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 allows a remote attacker to obtain sensitive information via the firmware update process.
GHSA-3jr7-c545-vx3x
Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter.
GHSA-3jr7-57xj-6hhm
A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.
GHSA-3jr6-jfqc-mjcf
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18677.
GHSA-3jr5-px2c-8j7c
On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
GHSA-3jr4-xjq3-prxp
Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS allow remote attackers to inject arbitrary web script or HTML via the id_str parameter to (1) index.php and (2) a_index.php.
GHSA-3jr4-m4hq-g63x
Multiple cross-site scripting (XSS) vulnerabilities in WebProcess.srv in IBM TRIRIGA Application Platform 3.2.x and 3.3.x before 3.3.1.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
GHSA-3jr3-8hm5-hxqw
The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'generate_unique_string' due to insufficient randomness of the generated file name. This makes it possible for unauthenticated attackers to extract sensitive data including files protected by the plugin if the attacker can determine the file name.
GHSA-3jqw-vv45-mjhh
XSS/Script injection vulnerability in matestack
GHSA-3jqw-qj8r-mjgp
HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest may cause denial of service.
GHSA-3jqw-hwhx-6fx6
Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the (1) title and (2) newspost parameters to (a) newsadd.php, and the (3) name, title, and (4) comment parameters to (b) news.php, a different set of vectors than CVE-2006-1818. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
GHSA-3jqw-crqj-w8qw
Denial of service in django
GHSA-3jqw-73hh-rjm4
Code-projects Online Class and Exam Scheduling System 1.0 is vulnerable to SQL Injection in exam_save.php via the parameters member and first.
GHSA-3jqw-5j52-c5fj
Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769.
GHSA-3jqw-4vj5-9v72
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
GHSA-3jqv-w6qj-4vh7
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
GHSA-3jqv-qv35-ch59
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."
GHSA-3jqv-j83m-6qhf
When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs, causing the routing protocol daemon (rpd) process to crash with a core file being generated. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 15.1 versions prior to 15.1R3; 15.1F versions prior to 15.1F3; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400.
GHSA-3jqv-hhhv-7wp5
PHP remote file inclusion vulnerability in administrator/components/com_mgm/help.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
GHSA-3jqv-cvgq-g32j
Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-3jr7-qfmv-8m22 An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 allows a remote attacker to obtain sensitive information via the firmware update process. | CVSS3: 7.5 | 0% Низкий | больше 1 года назад | |
GHSA-3jr7-c545-vx3x Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter. | 1% Низкий | почти 4 года назад | ||
GHSA-3jr7-57xj-6hhm A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields. | 0% Низкий | больше 3 лет назад | ||
GHSA-3jr6-jfqc-mjcf This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18677. | CVSS3: 7.8 | 2% Низкий | около 3 лет назад | |
GHSA-3jr5-px2c-8j7c On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 0% Низкий | около 4 лет назад | ||
GHSA-3jr4-xjq3-prxp Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS allow remote attackers to inject arbitrary web script or HTML via the id_str parameter to (1) index.php and (2) a_index.php. | 0% Низкий | почти 4 года назад | ||
GHSA-3jr4-m4hq-g63x Multiple cross-site scripting (XSS) vulnerabilities in WebProcess.srv in IBM TRIRIGA Application Platform 3.2.x and 3.3.x before 3.3.1.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 0% Низкий | больше 3 лет назад | ||
GHSA-3jr3-8hm5-hxqw The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'generate_unique_string' due to insufficient randomness of the generated file name. This makes it possible for unauthenticated attackers to extract sensitive data including files protected by the plugin if the attacker can determine the file name. | CVSS3: 5.3 | 0% Низкий | 10 месяцев назад | |
GHSA-3jqw-vv45-mjhh XSS/Script injection vulnerability in matestack | CVSS3: 7.7 | 0% Низкий | почти 6 лет назад | |
GHSA-3jqw-qj8r-mjgp HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest may cause denial of service. | CVSS3: 6.8 | 0% Низкий | больше 2 лет назад | |
GHSA-3jqw-hwhx-6fx6 Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the (1) title and (2) newspost parameters to (a) newsadd.php, and the (3) name, title, and (4) comment parameters to (b) news.php, a different set of vectors than CVE-2006-1818. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 0% Низкий | почти 4 года назад | ||
GHSA-3jqw-crqj-w8qw Denial of service in django | CVSS3: 7.5 | 2% Низкий | больше 7 лет назад | |
GHSA-3jqw-73hh-rjm4 Code-projects Online Class and Exam Scheduling System 1.0 is vulnerable to SQL Injection in exam_save.php via the parameters member and first. | CVSS3: 5.5 | 0% Низкий | 11 месяцев назад | |
GHSA-3jqw-5j52-c5fj Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769. | 9% Низкий | почти 4 года назад | ||
GHSA-3jqw-4vj5-9v72 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version. | CVSS3: 8.8 | 3% Низкий | больше 3 лет назад | |
GHSA-3jqv-w6qj-4vh7 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | CVSS3: 4.9 | 0% Низкий | 7 месяцев назад | |
GHSA-3jqv-qv35-ch59 Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability." | 11% Средний | больше 3 лет назад | ||
GHSA-3jqv-j83m-6qhf When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs, causing the routing protocol daemon (rpd) process to crash with a core file being generated. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 15.1 versions prior to 15.1R3; 15.1F versions prior to 15.1F3; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400. | CVSS3: 5.9 | 1% Низкий | больше 3 лет назад | |
GHSA-3jqv-hhhv-7wp5 PHP remote file inclusion vulnerability in administrator/components/com_mgm/help.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 16% Средний | почти 4 года назад | ||
GHSA-3jqv-cvgq-g32j Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу