Количество 314 458
Количество 314 458
GHSA-3j5x-7ccf-ppgm
Cross-site scripting in recommender-xblock
GHSA-3j5x-62x7-5pmq
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
GHSA-3j5x-62hv-3543
MySQL Connector/NET before 6.0.4, when using encryption, does not verify SSL certificates during connection, which allows remote attackers to perform a man-in-the-middle attack with a spoofed SSL certificate.
GHSA-3j5x-4pxv-4c48
Microsoft Office Remote Code Execution Vulnerability
GHSA-3j5x-3rpp-grr2
Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.
GHSA-3j5w-w68r-5fx9
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Michael Uno (miunosoft) Responsive Column Widgets.This issue affects Responsive Column Widgets: from n/a through 1.2.7.
GHSA-3j5w-2wjq-63hj
Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability."
GHSA-3j5v-m25j-qgxh
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
GHSA-3j5v-hj4j-5rm9
Unspecified vulnerability in the Agile Engineering Data Management (EDM) component in Oracle E-Business Suite 6.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
GHSA-3j5v-fxcr-6mfc
Umanni RH 1.0 has a user enumeration vulnerability. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
GHSA-3j5v-cjrg-phc7
SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter.
GHSA-3j5v-8288-v25g
Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
GHSA-3j5r-rx9m-43h3
A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).
GHSA-3j5r-mfj4-r8qm
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack.
GHSA-3j5r-3852-j63v
A missing check_access() function in the lollms_binding_infos module of the parisneo/lollms repository, version V14, allows attackers to add, modify, and remove bindings arbitrarily. This vulnerability affects the /install_binding and /reinstall_binding endpoints, among others, enabling unauthorized access and manipulation of binding settings without requiring the client_id value.
GHSA-3j5q-94qj-cf33
A vulnerability, which was classified as critical, has been found in code-projects Simple Forum 1.0. This issue affects some unknown processing of the file /forum1.php. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
GHSA-3j5p-vc95-vxgc
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
GHSA-3j5p-hx9x-75vj
Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0790.
GHSA-3j5p-c9jq-rrfh
The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS for Integrity Servers 8.3, and PAS$RTL.EXE before 20070419 on OpenVMS Alpha 8.3, does not properly restore PC and PSL values, which allows local users to cause a denial of service (system crash) via certain Pascal code.
GHSA-3j5m-w89j-c2hm
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (device crash) by pinging a virtual interface, aka Bug ID CSCte55370.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-3j5x-7ccf-ppgm Cross-site scripting in recommender-xblock | CVSS3: 6.1 | 0% Низкий | больше 6 лет назад |
| GHSA-3j5x-62x7-5pmq Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | около 1 месяца назад | ||
| GHSA-3j5x-62hv-3543 MySQL Connector/NET before 6.0.4, when using encryption, does not verify SSL certificates during connection, which allows remote attackers to perform a man-in-the-middle attack with a spoofed SSL certificate. | 0% Низкий | почти 4 года назад | |
| GHSA-3j5x-4pxv-4c48 Microsoft Office Remote Code Execution Vulnerability | CVSS3: 7.8 | 5% Низкий | больше 3 лет назад |
| GHSA-3j5x-3rpp-grr2 Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 1% Низкий | почти 4 года назад | |
| GHSA-3j5w-w68r-5fx9 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Michael Uno (miunosoft) Responsive Column Widgets.This issue affects Responsive Column Widgets: from n/a through 1.2.7. | CVSS3: 4.7 | 0% Низкий | около 2 лет назад |
| GHSA-3j5w-2wjq-63hj Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability." | 42% Средний | больше 3 лет назад | |
| GHSA-3j5v-m25j-qgxh Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | около 1 месяца назад | ||
| GHSA-3j5v-hj4j-5rm9 Unspecified vulnerability in the Agile Engineering Data Management (EDM) component in Oracle E-Business Suite 6.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 1% Низкий | почти 4 года назад | |
| GHSA-3j5v-fxcr-6mfc Umanni RH 1.0 has a user enumeration vulnerability. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | 0% Низкий | больше 3 лет назад | |
| GHSA-3j5v-cjrg-phc7 SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter. | 1% Низкий | почти 4 года назад | |
| GHSA-3j5v-8288-v25g Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username. | 3% Низкий | больше 3 лет назад | |
| GHSA-3j5r-rx9m-43h3 A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent). | 0% Низкий | около 4 лет назад | |
| GHSA-3j5r-mfj4-r8qm TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack. | CVSS3: 9.8 | 3% Низкий | больше 3 лет назад |
| GHSA-3j5r-3852-j63v A missing check_access() function in the lollms_binding_infos module of the parisneo/lollms repository, version V14, allows attackers to add, modify, and remove bindings arbitrarily. This vulnerability affects the /install_binding and /reinstall_binding endpoints, among others, enabling unauthorized access and manipulation of binding settings without requiring the client_id value. | CVSS3: 8 | 0% Низкий | 11 месяцев назад |
| GHSA-3j5q-94qj-cf33 A vulnerability, which was classified as critical, has been found in code-projects Simple Forum 1.0. This issue affects some unknown processing of the file /forum1.php. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | CVSS3: 6.3 | 0% Низкий | 7 месяцев назад |
| GHSA-3j5p-vc95-vxgc An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | CVSS3: 9.8 | 1% Низкий | больше 3 лет назад |
| GHSA-3j5p-hx9x-75vj Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0790. | CVSS3: 8.8 | 22% Средний | больше 3 лет назад |
| GHSA-3j5p-c9jq-rrfh The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS for Integrity Servers 8.3, and PAS$RTL.EXE before 20070419 on OpenVMS Alpha 8.3, does not properly restore PC and PSL values, which allows local users to cause a denial of service (system crash) via certain Pascal code. | 0% Низкий | почти 4 года назад | |
| GHSA-3j5m-w89j-c2hm Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (device crash) by pinging a virtual interface, aka Bug ID CSCte55370. | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу