Количество 312 573
Количество 312 573
GHSA-3g5r-3c4p-wrgj
A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33.
GHSA-3g5p-5p6j-r9qp
In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
GHSA-3g5m-g7r7-6pwf
get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep.
GHSA-3g5m-332q-27r3
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
GHSA-3g5j-8vj8-rhj3
Open Design Alliance Drawings SDK 2019Update1 has a vulnerability during the reading of malformed files, allowing attackers to obtain sensitive information from process memory or cause a crash.
GHSA-3g5h-5mpr-m5qx
SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels h_room_type parameter.
GHSA-3g5g-jqgq-pgf2
Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in EMC RSA Adaptive Authentication On-Premise (AAOP) 2.x, 5.7.x, and 6.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
GHSA-3g5f-wchp-h22r
Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, and CVE-2016-4163.
GHSA-3g5f-h429-8r64
The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL.
GHSA-3g5c-7828-xwcq
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15.
GHSA-3g58-rjqp-pmgh
A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter.
GHSA-3g58-gh82-frfm
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 could allow a guest user to elevate to admin privileges.
GHSA-3g57-r9p3-mh2v
vim is vulnerable to Use After Free
GHSA-3g57-8qrr-phw8
Innovative Interfaces Sierra Library Services Platform 1.2_3 provides different responses for login request depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of login requests, possibly related to the Webpac Pro submodule.
GHSA-3g56-vx8v-f22v
Path Traversal: '.../...//' vulnerability in Softpulse Infotech SP Blog Designer allows PHP Local File Inclusion.This issue affects SP Blog Designer: from n/a through 1.0.0.
GHSA-3g56-2hh3-35ph
SoSReport Predictable Tmp File Names
GHSA-3g55-gxf8-m8xp
HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails
GHSA-3g55-69j2-vxv7
Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This requires an admin privileged user.
GHSA-3g53-xxcg-hv89
The UDP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.5), 8.3 before 8.3(2.22), 8.4 before 8.4(2.1), and 8.5 before 8.5(1.2) does not properly handle flows, which allows remote attackers to cause a denial of service (device reload) via a crafted series of (1) IPv4 or (2) IPv6 UDP packets, aka Bug ID CSCtq10441.
GHSA-3g53-hh59-7f34
Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2) Font Description records.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-3g5r-3c4p-wrgj A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33. | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад | |
GHSA-3g5p-5p6j-r9qp In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | CVSS3: 7.4 | 0% Низкий | почти 2 года назад | |
GHSA-3g5m-g7r7-6pwf get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep. | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад | |
GHSA-3g5m-332q-27r3 An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад | |
GHSA-3g5j-8vj8-rhj3 Open Design Alliance Drawings SDK 2019Update1 has a vulnerability during the reading of malformed files, allowing attackers to obtain sensitive information from process memory or cause a crash. | CVSS3: 8.1 | 1% Низкий | больше 3 лет назад | |
GHSA-3g5h-5mpr-m5qx SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels h_room_type parameter. | 0% Низкий | больше 3 лет назад | ||
GHSA-3g5g-jqgq-pgf2 Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in EMC RSA Adaptive Authentication On-Premise (AAOP) 2.x, 5.7.x, and 6.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 0% Низкий | больше 3 лет назад | ||
GHSA-3g5f-wchp-h22r Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, and CVE-2016-4163. | CVSS3: 9.8 | 3% Низкий | больше 3 лет назад | |
GHSA-3g5f-h429-8r64 The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL. | CVSS3: 9.9 | 1% Низкий | больше 3 лет назад | |
GHSA-3g5c-7828-xwcq Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15. | CVSS3: 9.3 | 1% Низкий | больше 1 года назад | |
GHSA-3g58-rjqp-pmgh A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter. | CVSS3: 9.8 | 18% Средний | больше 1 года назад | |
GHSA-3g58-gh82-frfm Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 could allow a guest user to elevate to admin privileges. | CVSS3: 8.8 | 0% Низкий | больше 2 лет назад | |
GHSA-3g57-r9p3-mh2v vim is vulnerable to Use After Free | CVSS3: 5.5 | 0% Низкий | около 4 лет назад | |
GHSA-3g57-8qrr-phw8 Innovative Interfaces Sierra Library Services Platform 1.2_3 provides different responses for login request depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of login requests, possibly related to the Webpac Pro submodule. | 0% Низкий | больше 3 лет назад | ||
GHSA-3g56-vx8v-f22v Path Traversal: '.../...//' vulnerability in Softpulse Infotech SP Blog Designer allows PHP Local File Inclusion.This issue affects SP Blog Designer: from n/a through 1.0.0. | CVSS3: 7.5 | 0% Низкий | около 1 года назад | |
GHSA-3g56-2hh3-35ph SoSReport Predictable Tmp File Names | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад | |
GHSA-3g55-gxf8-m8xp HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails | CVSS3: 5.4 | 1% Низкий | почти 3 года назад | |
GHSA-3g55-69j2-vxv7 Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This requires an admin privileged user. | 1% Низкий | больше 3 лет назад | ||
GHSA-3g53-xxcg-hv89 The UDP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.5), 8.3 before 8.3(2.22), 8.4 before 8.4(2.1), and 8.5 before 8.5(1.2) does not properly handle flows, which allows remote attackers to cause a denial of service (device reload) via a crafted series of (1) IPv4 or (2) IPv6 UDP packets, aka Bug ID CSCtq10441. | 2% Низкий | почти 4 года назад | ||
GHSA-3g53-hh59-7f34 Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2) Font Description records. | 6% Низкий | почти 4 года назад |
Уязвимостей на страницу