Количество 314 375
Количество 314 375
GHSA-3m9x-xqwx-4x9c
A vulnerability classified as critical has been found in D-Link DCS-5020L 1.01_B2. This affects the function websReadEvent of the file /rame/ptdc.cgi. The manipulation of the argument Authorization leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
GHSA-3m9x-qjwr-9h5x
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
GHSA-3m9x-7phq-w66g
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567.
GHSA-3m9x-2qfj-xvq4
PHPExcel XXE Vulnerability
GHSA-3m9w-44xv-rc3v
Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777.
GHSA-3m9v-ghrv-898r
Microsoft Excel Security Feature Bypass Vulnerability.
GHSA-3m9q-xm72-wq62
Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3
GHSA-3m9q-w3gq-68j3
bgERP v22.31 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.
GHSA-3m9q-9522-7fx6
Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.
GHSA-3m9p-gg83-8m75
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-038)
GHSA-3m9p-8m3g-ppxv
Windows Installer Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28440.
GHSA-3m9m-hq7w-gxvp
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero.
GHSA-3m9m-c43p-g4h3
A vulnerability was found in itsourcecode Monbela Tourist Inn Online Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The identifier VDB-268865 was assigned to this vulnerability.
GHSA-3m9j-v59x-pvvm
File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file.
GHSA-3m9j-mhpf-84wj
Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the cache is not cleared after the files of one account are exported.
GHSA-3m9j-9gr2-vv75
Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script.
GHSA-3m9j-8q5f-868v
The MailUp Auto Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the mas_options function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
GHSA-3m9j-7hqr-2v6h
SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action.
GHSA-3m9h-8r9r-7c84
Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
GHSA-3m9h-22j9-8m85
In the Linux kernel, the following vulnerability has been resolved: NFS: Check the TLS certificate fields in nfs_match_client() If the TLS security policy is of type RPC_XPRTSEC_TLS_X509, then the cert_serial and privkey_serial fields need to match as well since they define the client's identity, as presented to the server.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-3m9x-xqwx-4x9c A vulnerability classified as critical has been found in D-Link DCS-5020L 1.01_B2. This affects the function websReadEvent of the file /rame/ptdc.cgi. The manipulation of the argument Authorization leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | CVSS3: 8.8 | 0% Низкий | 9 месяцев назад | |
GHSA-3m9x-qjwr-9h5x Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | CVSS3: 5 | 0% Низкий | почти 2 года назад | |
GHSA-3m9x-7phq-w66g IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567. | CVSS3: 6.7 | 0% Низкий | больше 3 лет назад | |
GHSA-3m9x-2qfj-xvq4 PHPExcel XXE Vulnerability | около 1 года назад | |||
GHSA-3m9w-44xv-rc3v Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777. | 15% Средний | почти 4 года назад | ||
GHSA-3m9v-ghrv-898r Microsoft Excel Security Feature Bypass Vulnerability. | CVSS3: 7.3 | 2% Низкий | больше 3 лет назад | |
GHSA-3m9q-xm72-wq62 Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3 | CVSS3: 7.6 | 0% Низкий | больше 1 года назад | |
GHSA-3m9q-w3gq-68j3 bgERP v22.31 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter. | CVSS3: 6.1 | 0% Низкий | почти 3 года назад | |
GHSA-3m9q-9522-7fx6 Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log. | CVSS3: 2.3 | 0% Низкий | больше 3 лет назад | |
GHSA-3m9p-gg83-8m75 A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-038) | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад | |
GHSA-3m9p-8m3g-ppxv Windows Installer Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28440. | CVSS3: 7.8 | 11% Средний | больше 3 лет назад | |
GHSA-3m9m-hq7w-gxvp In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero. | CVSS3: 5.5 | 0% Низкий | больше 3 лет назад | |
GHSA-3m9m-c43p-g4h3 A vulnerability was found in itsourcecode Monbela Tourist Inn Online Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The identifier VDB-268865 was assigned to this vulnerability. | CVSS3: 7.3 | 0% Низкий | больше 1 года назад | |
GHSA-3m9j-v59x-pvvm File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file. | CVSS3: 8.8 | 2% Низкий | почти 2 года назад | |
GHSA-3m9j-mhpf-84wj Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the cache is not cleared after the files of one account are exported. | CVSS3: 7.5 | 0% Низкий | 6 месяцев назад | |
GHSA-3m9j-9gr2-vv75 Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. | 2% Низкий | больше 3 лет назад | ||
GHSA-3m9j-8q5f-868v The MailUp Auto Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the mas_options function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | CVSS3: 6.1 | 0% Низкий | около 1 года назад | |
GHSA-3m9j-7hqr-2v6h SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action. | 1% Низкий | почти 4 года назад | ||
GHSA-3m9h-8r9r-7c84 Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | CVSS3: 8.8 | 2% Низкий | около 4 лет назад | |
GHSA-3m9h-22j9-8m85 In the Linux kernel, the following vulnerability has been resolved: NFS: Check the TLS certificate fields in nfs_match_client() If the TLS security policy is of type RPC_XPRTSEC_TLS_X509, then the cert_serial and privkey_serial fields need to match as well since they define the client's identity, as presented to the server. | 0% Низкий | около 2 месяцев назад |
Уязвимостей на страницу