Количество 312 573
Количество 312 573
GHSA-3hjh-r8jh-f6p4
Directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
GHSA-3hjh-p587-3c92
A vulnerability classified as problematic has been found in Bug Finder MineStack 1.0. This affects an unknown part of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
GHSA-3hjh-jh2h-vrg6
Denial of service in langchain-community
GHSA-3hjh-cjx8-8c83
A flaw was found in the Linux kernel's ksmbd component. A memory leak can occur if a client sends a session setup request with an unknown NTLMSSP message type, potentially leading to resource exhaustion.
GHSA-3hjh-9vcg-w788
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:309:7.
GHSA-3hjh-72vp-2mx6
The web interface in BitTorrent allows remote attackers to execute arbitrary commands by leveraging knowledge of the pairing values and a crafted request to port 10000.
GHSA-3hjh-5hgx-f5wh
Path traversal vulnerability in glance
GHSA-3hjh-36cf-mgj5
Improper array index verification vulnerability in the audio codec module. Impact: Successful exploitation of this vulnerability may affect the audio decoding function.
GHSA-3hjg-vc7r-rcrw
Denial of Service vulnerability in @podium/layout and @podium/proxy
GHSA-3hjg-cghv-22ww
org.xwiki.platform:xwiki-platform-attachment-ui vulnerable to Code Injection
GHSA-3hjg-c8jc-c68f
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature.
GHSA-3hjf-m6vc-vh7h
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() We handle errors here properly, ENOMEM isn't fatal, return the error.
GHSA-3hjf-h43w-9frf
PDF-XChange Editor Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-20891.
GHSA-3hjc-gv2m-96gh
Windows SMB Witness Service Security Feature Bypass Vulnerability
GHSA-3hj9-v3ch-6rc4
In __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
GHSA-3hj8-7626-3gc8
Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a crafted username.
GHSA-3hj7-rw79-jh5m
Improper locking vulnerability in Softing Industrial Automation GmbH gateways allows infected memory and/or resource leak exposure.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31
GHSA-3hj7-97m3-822h
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Subscribers.jsp" has reflected XSS via the ConnPoolName or GroupId parameter.
GHSA-3hj6-r5c9-q8f3
Frappe has possibility of SQL injection due to improper validations
GHSA-3hj6-89vp-w89r
Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-3hjh-r8jh-f6p4 Directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | 7% Низкий | почти 4 года назад | ||
GHSA-3hjh-p587-3c92 A vulnerability classified as problematic has been found in Bug Finder MineStack 1.0. This affects an unknown part of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS3: 3.5 | 0% Низкий | больше 2 лет назад | |
GHSA-3hjh-jh2h-vrg6 Denial of service in langchain-community | CVSS3: 4.2 | 0% Низкий | больше 1 года назад | |
GHSA-3hjh-cjx8-8c83 A flaw was found in the Linux kernel's ksmbd component. A memory leak can occur if a client sends a session setup request with an unknown NTLMSSP message type, potentially leading to resource exhaustion. | CVSS3: 5.3 | 0% Низкий | 6 месяцев назад | |
GHSA-3hjh-9vcg-w788 libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:309:7. | CVSS3: 9.8 | 0% Низкий | больше 3 лет назад | |
GHSA-3hjh-72vp-2mx6 The web interface in BitTorrent allows remote attackers to execute arbitrary commands by leveraging knowledge of the pairing values and a crafted request to port 10000. | 1% Низкий | больше 3 лет назад | ||
GHSA-3hjh-5hgx-f5wh Path traversal vulnerability in glance | CVSS3: 6.5 | 0% Низкий | почти 3 года назад | |
GHSA-3hjh-36cf-mgj5 Improper array index verification vulnerability in the audio codec module. Impact: Successful exploitation of this vulnerability may affect the audio decoding function. | CVSS3: 4.2 | 0% Низкий | 6 месяцев назад | |
GHSA-3hjg-vc7r-rcrw Denial of Service vulnerability in @podium/layout and @podium/proxy | CVSS3: 7.5 | 1% Низкий | почти 4 года назад | |
GHSA-3hjg-cghv-22ww org.xwiki.platform:xwiki-platform-attachment-ui vulnerable to Code Injection | CVSS3: 8.8 | 16% Средний | почти 3 года назад | |
GHSA-3hjg-c8jc-c68f Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature. | 0% Низкий | больше 3 лет назад | ||
GHSA-3hjf-m6vc-vh7h In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() We handle errors here properly, ENOMEM isn't fatal, return the error. | CVSS3: 5.5 | 0% Низкий | больше 1 года назад | |
GHSA-3hjf-h43w-9frf PDF-XChange Editor Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-20891. | CVSS3: 3.3 | 0% Низкий | почти 2 года назад | |
GHSA-3hjc-gv2m-96gh Windows SMB Witness Service Security Feature Bypass Vulnerability | CVSS3: 7.1 | 2% Низкий | больше 2 лет назад | |
GHSA-3hj9-v3ch-6rc4 In __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад | |
GHSA-3hj8-7626-3gc8 Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a crafted username. | 0% Низкий | больше 3 лет назад | ||
GHSA-3hj7-rw79-jh5m Improper locking vulnerability in Softing Industrial Automation GmbH gateways allows infected memory and/or resource leak exposure.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31 | 0% Низкий | 3 месяца назад | ||
GHSA-3hj7-97m3-822h Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Subscribers.jsp" has reflected XSS via the ConnPoolName or GroupId parameter. | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад | |
GHSA-3hj6-r5c9-q8f3 Frappe has possibility of SQL injection due to improper validations | 0% Низкий | 11 месяцев назад | ||
GHSA-3hj6-89vp-w89r Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root. | CVSS3: 8.8 | 2% Низкий | больше 3 лет назад |
Уязвимостей на страницу