Количество 314 458
Количество 314 458
GHSA-3mc8-8xr7-cw36
Unspecified vulnerability in HP StorageWorks Command View Advanced Edition for XP before 5.6.0-01, XP Replication Monitor before 5.6.0-01, and XP Tiered Storage Manager before 5.5.0-02 allows local users to access other accounts via unspecified vectors during registration or addition of new users.
GHSA-3mc7-mrgm-m6rp
The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
GHSA-3mc7-4q67-w48m
Uncontrolled Resource Consumption in snakeyaml
GHSA-3mc5-w7jh-66fj
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, when fullyDelegatedAuthorization is enabled for a servlet, does not cause servlet deployment to fail when failures occur in authorization or role providers, which might prevent the servlet from being "fully protected."
GHSA-3mc5-mh5x-w6p9
An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to execute commands.
GHSA-3mc5-fgv9-jrpv
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 180761.
GHSA-3mc5-93px-3fm6
Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 2.4.0-rc13 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tf_delegation, (2) tf_ip, or (3) tf_name parameter in a search action to host/host_index.php; (4) login parameter to obm.php; or (5) tf_user parameter in a search action to group/group_index.php.
GHSA-3mc3-h6g8-mp72
IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpResCompareResourceNames+0x0000000000000087."
GHSA-3mc3-9p24-hxhq
Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
GHSA-3mc3-5mhp-vcrq
SQL injection vulnerability in browse.php in TriO 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
GHSA-3mc2-p4vf-gp83
The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27253079.
GHSA-3mc2-42q3-6cgp
In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.
GHSA-3m9x-xqwx-4x9c
A vulnerability classified as critical has been found in D-Link DCS-5020L 1.01_B2. This affects the function websReadEvent of the file /rame/ptdc.cgi. The manipulation of the argument Authorization leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
GHSA-3m9x-qjwr-9h5x
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
GHSA-3m9x-7phq-w66g
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567.
GHSA-3m9x-2qfj-xvq4
PHPExcel XXE Vulnerability
GHSA-3m9w-44xv-rc3v
Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777.
GHSA-3m9v-ghrv-898r
Microsoft Excel Security Feature Bypass Vulnerability.
GHSA-3m9q-xm72-wq62
Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3
GHSA-3m9q-w3gq-68j3
bgERP v22.31 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-3mc8-8xr7-cw36 Unspecified vulnerability in HP StorageWorks Command View Advanced Edition for XP before 5.6.0-01, XP Replication Monitor before 5.6.0-01, and XP Tiered Storage Manager before 5.5.0-02 allows local users to access other accounts via unspecified vectors during registration or addition of new users. | 0% Низкий | почти 4 года назад | ||
GHSA-3mc7-mrgm-m6rp The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. | CVSS3: 6.5 | 1% Низкий | больше 3 лет назад | |
GHSA-3mc7-4q67-w48m Uncontrolled Resource Consumption in snakeyaml | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад | |
GHSA-3mc5-w7jh-66fj BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, when fullyDelegatedAuthorization is enabled for a servlet, does not cause servlet deployment to fail when failures occur in authorization or role providers, which might prevent the servlet from being "fully protected." | 1% Низкий | почти 4 года назад | ||
GHSA-3mc5-mh5x-w6p9 An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to execute commands. | CVSS3: 8.8 | 1% Низкий | больше 2 лет назад | |
GHSA-3mc5-fgv9-jrpv IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 180761. | 0% Низкий | больше 3 лет назад | ||
GHSA-3mc5-93px-3fm6 Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 2.4.0-rc13 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tf_delegation, (2) tf_ip, or (3) tf_name parameter in a search action to host/host_index.php; (4) login parameter to obm.php; or (5) tf_user parameter in a search action to group/group_index.php. | 0% Низкий | больше 3 лет назад | ||
GHSA-3mc3-h6g8-mp72 IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpResCompareResourceNames+0x0000000000000087." | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад | |
GHSA-3mc3-9p24-hxhq Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад | |
GHSA-3mc3-5mhp-vcrq SQL injection vulnerability in browse.php in TriO 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 0% Низкий | почти 4 года назад | ||
GHSA-3mc2-p4vf-gp83 The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27253079. | CVSS3: 7 | 0% Низкий | больше 3 лет назад | |
GHSA-3mc2-42q3-6cgp In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions. | CVSS3: 5.4 | 0% Низкий | 5 месяцев назад | |
GHSA-3m9x-xqwx-4x9c A vulnerability classified as critical has been found in D-Link DCS-5020L 1.01_B2. This affects the function websReadEvent of the file /rame/ptdc.cgi. The manipulation of the argument Authorization leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | CVSS3: 8.8 | 0% Низкий | 9 месяцев назад | |
GHSA-3m9x-qjwr-9h5x Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | CVSS3: 5 | 0% Низкий | почти 2 года назад | |
GHSA-3m9x-7phq-w66g IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567. | CVSS3: 6.7 | 0% Низкий | больше 3 лет назад | |
GHSA-3m9x-2qfj-xvq4 PHPExcel XXE Vulnerability | больше 1 года назад | |||
GHSA-3m9w-44xv-rc3v Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777. | 15% Средний | почти 4 года назад | ||
GHSA-3m9v-ghrv-898r Microsoft Excel Security Feature Bypass Vulnerability. | CVSS3: 7.3 | 2% Низкий | больше 3 лет назад | |
GHSA-3m9q-xm72-wq62 Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3 | CVSS3: 7.6 | 0% Низкий | больше 1 года назад | |
GHSA-3m9q-w3gq-68j3 bgERP v22.31 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter. | CVSS3: 6.1 | 0% Низкий | почти 3 года назад |
Уязвимостей на страницу