Количество 312 573
Количество 312 573
GHSA-3gg4-6hqg-2vjx
Logstash Logs Sensitive Information
GHSA-3gg4-3mqm-xx5v
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992.
GHSA-3gg3-qcqf-2r64
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could disclose sensitive information due to responding to unauthenticated HTTP requests. IBM X-Force ID: 184180.
GHSA-3gfx-cq94-vpjw
The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory.
GHSA-3gfx-c6cm-vch8
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
GHSA-3gfw-xw8c-gm3c
Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Request Forgery.This issue affects Complianz: from n/a through 6.4.5; Complianz Premium: from n/a through 6.4.7.
GHSA-3gfv-wh5m-jv67
The drxhello package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
GHSA-3gfv-m98r-3x9r
Vulnerability in the Oracle Financial Services Market Risk Measurement and Management component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Market Risk Measurement and Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Market Risk Measurement and Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Market Risk Measurement and Management accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
GHSA-3gfr-cm88-25f2
Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer.
GHSA-3gfr-938g-v48x
When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
GHSA-3gfq-rwmc-frjq
Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
GHSA-3gfq-rwf3-mgrm
The HP ProLiant SL Advanced Power Manager (SL-APM) with firmware before 1.20 does not properly validate users, which allows remote attackers to cause a denial of service via unspecified vectors.
GHSA-3gfp-hcr8-635j
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint.
GHSA-3gfp-772f-9p39
Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and local attack vectors, aka Vuln# OHS08.
GHSA-3gfp-3qqh-f8m7
NVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit a hard-coded credential issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering.
GHSA-3gfm-x3mg-hww2
Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5 through 2003; allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow, aka the "cevakrnl.xmd vulnerability."
GHSA-3gfm-pp5h-g7cc
Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, or obtain sensitive information via (3) GM_setValue and GM_getValue.
GHSA-3gfm-33cm-9xhw
Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to InnoDB.
GHSA-3gfm-29q7-r2wc
Dimension versions 4.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
GHSA-3gfj-fxx4-f22w
OpenFGA Authorization Bypass
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-3gg4-6hqg-2vjx Logstash Logs Sensitive Information | CVSS3: 6.5 | 0% Низкий | больше 3 лет назад |
| GHSA-3gg4-3mqm-xx5v CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992. | 2% Низкий | больше 3 лет назад | |
| GHSA-3gg3-qcqf-2r64 IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could disclose sensitive information due to responding to unauthenticated HTTP requests. IBM X-Force ID: 184180. | 0% Низкий | больше 3 лет назад | |
| GHSA-3gfx-cq94-vpjw The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory. | 4% Низкий | почти 4 года назад | |
| GHSA-3gfx-c6cm-vch8 Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | CVSS3: 7.8 | 10% Низкий | больше 3 лет назад |
| GHSA-3gfw-xw8c-gm3c Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Request Forgery.This issue affects Complianz: from n/a through 6.4.5; Complianz Premium: from n/a through 6.4.7. | CVSS3: 6.5 | 0% Низкий | около 2 лет назад |
| GHSA-3gfv-wh5m-jv67 The drxhello package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | CVSS3: 9.8 | 1% Низкий | больше 3 лет назад |
| GHSA-3gfv-m98r-3x9r Vulnerability in the Oracle Financial Services Market Risk Measurement and Management component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Market Risk Measurement and Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Market Risk Measurement and Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Market Risk Measurement and Management accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | CVSS3: 8.1 | 1% Низкий | больше 3 лет назад |
| GHSA-3gfr-cm88-25f2 Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer. | 62% Средний | почти 4 года назад | |
| GHSA-3gfr-938g-v48x When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. | CVSS3: 4.3 | 0% Низкий | около 3 лет назад |
| GHSA-3gfq-rwmc-frjq Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | CVSS3: 6.5 | 0% Низкий | больше 3 лет назад |
| GHSA-3gfq-rwf3-mgrm The HP ProLiant SL Advanced Power Manager (SL-APM) with firmware before 1.20 does not properly validate users, which allows remote attackers to cause a denial of service via unspecified vectors. | 1% Низкий | больше 3 лет назад | |
| GHSA-3gfp-hcr8-635j SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint. | CVSS3: 7.2 | 1% Низкий | почти 3 года назад |
| GHSA-3gfp-772f-9p39 Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and local attack vectors, aka Vuln# OHS08. | 0% Низкий | почти 4 года назад | |
| GHSA-3gfp-3qqh-f8m7 NVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit a hard-coded credential issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering. | CVSS3: 9.8 | 0% Низкий | около 2 месяцев назад |
| GHSA-3gfm-x3mg-hww2 Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5 through 2003; allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow, aka the "cevakrnl.xmd vulnerability." | 10% Низкий | почти 4 года назад | |
| GHSA-3gfm-pp5h-g7cc Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, or obtain sensitive information via (3) GM_setValue and GM_getValue. | 9% Низкий | почти 4 года назад | |
| GHSA-3gfm-33cm-9xhw Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to InnoDB. | 0% Низкий | больше 3 лет назад | |
| GHSA-3gfm-29q7-r2wc Dimension versions 4.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS3: 5.5 | 0% Низкий | 6 месяцев назад |
| GHSA-3gfj-fxx4-f22w OpenFGA Authorization Bypass | CVSS3: 4.8 | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу