Количество 312 573
Количество 312 573
GHSA-3fjc-pjgm-cw7f
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script.
GHSA-3fjc-9f6x-jrfx
Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.
GHSA-3fjc-956c-32mf
The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup.
GHSA-3fj9-rv52-g5r6
In the Linux kernel, the following vulnerability has been resolved: udf: Fix preallocation discarding at indirect extent boundary When preallocation extent is the first one in the extent block, the code would corrupt extent tree header instead. Fix the problem and use udf_delete_aext() for deleting extent to avoid some code duplication.
GHSA-3fj9-c88m-7g9f
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IndiaNIC Widgets Controller allows Reflected XSS.This issue affects Widgets Controller: from n/a through 1.1.
GHSA-3fj8-rp2r-mcx9
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
GHSA-3fj7-qfcc-cr72
An out-of-bounds write vulnerability exists in VS6ComFile!set_AnimationItem of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.
GHSA-3fj7-9j8m-7r8g
Moodle Stored HTML in assignment submission comments allowed links to be opened directly
GHSA-3fj7-8wvw-vhf5
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
GHSA-3fj7-78h2-w98x
Jenkins XPath Configuration Viewer Plugin Missing Authorization vulnerability
GHSA-3fj6-mr6m-6xvw
A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In an MPLS scenario specific packets destined to an Integrated Routing and Bridging (irb) interface of the device will cause a buffer (mbuf) to leak. Continued receipt of these specific packets will eventually cause a loss of connectivity to and from the device, and requires a reboot to recover. These mbufs can be monitored by using the CLI command 'show system buffers': user@host> show system buffers 783/1497/2280 mbufs in use (current/cache/total) user@host> show system buffers 793/1487/2280 mbufs in use (current/cache/total) <<<<<< mbuf usage increased This issue affects Juniper Networks Junos OS: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to ...
GHSA-3fj6-f9mf-4g6v
A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
GHSA-3fj5-whg6-j6wm
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addLink method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5379.
GHSA-3fj5-q6p4-25m2
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
GHSA-3fj5-f9x9-2hvx
The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution.
GHSA-3fj5-2243-q8vq
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors.
GHSA-3fj4-wqjh-c2vp
A security vulnerability has been detected in Qualitor up to 8.24.73. The impacted element is an unknown function of the file /Qualitor/html/bc/bcdocumento9/biblioteca/request/viewDocumento.php. Such manipulation of the argument cdscript leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. It is suggested to upgrade the affected component. The vendor confirms the existence of the issue: "We became aware of the issue through an earlier direct notification from the original reporter, and our engineering team promptly investigated and implemented the necessary corrective measures. (...) Updated versions containing the fix have already been provided to our customer base".
GHSA-3fj4-vjff-fr3x
The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for (1) server.php, (2) adodb-errorpear.inc.php, (3) adodb-iterator.inc.php, (4) adodb-pear.inc.php, (5) adodb-perf.inc.php, (6) adodb-xmlschema.inc.php, and (7) adodb.inc.php; files in datadict including (8) datadict-access.inc.php, (9) datadict-db2.inc.php, (10) datadict-generic.inc.php, (11) datadict-ibase.inc.php, (12) datadict-informix.inc.php, (13) datadict-mssql.inc.php, (14) datadict-mysql.inc.php, (15) datadict-oci8.inc.php, (16) datadict-postgres.inc.php, and (17) datadict-sybase.inc.php; files in drivers/ including (18) adodb-access.inc.php, (19) adodb-ado.inc.php, (20) adodb-ado_access.inc.php, (21) adodb-ado_mssql.inc.php, (22) adodb-borland_ibase.inc.php, (23) adodb-csv.inc.php, (24) adodb-db2.inc.php, (25) adodb-fbsql.inc.php, (26) adodb-firebird.inc.php, (27) adodb-ibase.inc.php, (28) adodb-informix.inc.php, (29) adodb-informix72.inc.php, (3...
GHSA-3fj4-q72x-x2g9
ADOdb Library SQL Injection
GHSA-3fj4-jwj4-55c8
Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-3fjc-pjgm-cw7f Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script. | CVSS3: 5.3 | 1% Низкий | больше 1 года назад | |
GHSA-3fjc-9f6x-jrfx Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call. | CVSS3: 9.8 | 11% Средний | больше 3 лет назад | |
GHSA-3fjc-956c-32mf The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup. | CVSS3: 2.4 | 0% Низкий | около 2 лет назад | |
GHSA-3fj9-rv52-g5r6 In the Linux kernel, the following vulnerability has been resolved: udf: Fix preallocation discarding at indirect extent boundary When preallocation extent is the first one in the extent block, the code would corrupt extent tree header instead. Fix the problem and use udf_delete_aext() for deleting extent to avoid some code duplication. | CVSS3: 5.5 | 0% Низкий | больше 1 года назад | |
GHSA-3fj9-c88m-7g9f Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IndiaNIC Widgets Controller allows Reflected XSS.This issue affects Widgets Controller: from n/a through 1.1. | CVSS3: 7.1 | 0% Низкий | почти 2 года назад | |
GHSA-3fj8-rp2r-mcx9 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | 9 месяцев назад | |||
GHSA-3fj7-qfcc-cr72 An out-of-bounds write vulnerability exists in VS6ComFile!set_AnimationItem of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution. | CVSS3: 7.8 | 0% Низкий | 4 месяца назад | |
GHSA-3fj7-9j8m-7r8g Moodle Stored HTML in assignment submission comments allowed links to be opened directly | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад | |
GHSA-3fj7-8wvw-vhf5 Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability. | CVSS3: 3.3 | 0% Низкий | 2 месяца назад | |
GHSA-3fj7-78h2-w98x Jenkins XPath Configuration Viewer Plugin Missing Authorization vulnerability | CVSS3: 4.3 | 1% Низкий | больше 3 лет назад | |
GHSA-3fj6-mr6m-6xvw A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In an MPLS scenario specific packets destined to an Integrated Routing and Bridging (irb) interface of the device will cause a buffer (mbuf) to leak. Continued receipt of these specific packets will eventually cause a loss of connectivity to and from the device, and requires a reboot to recover. These mbufs can be monitored by using the CLI command 'show system buffers': user@host> show system buffers 783/1497/2280 mbufs in use (current/cache/total) user@host> show system buffers 793/1487/2280 mbufs in use (current/cache/total) <<<<<< mbuf usage increased This issue affects Juniper Networks Junos OS: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to ... | CVSS3: 6.5 | 0% Низкий | около 3 лет назад | |
GHSA-3fj6-f9mf-4g6v A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | CVSS3: 8.8 | 0% Низкий | 8 месяцев назад | |
GHSA-3fj5-whg6-j6wm This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addLink method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5379. | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад | |
GHSA-3fj5-q6p4-25m2 The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. | CVSS3: 9.8 | 34% Средний | почти 4 года назад | |
GHSA-3fj5-f9x9-2hvx The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution. | CVSS3: 8.8 | 82% Высокий | почти 2 года назад | |
GHSA-3fj5-2243-q8vq Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors. | 0% Низкий | больше 3 лет назад | ||
GHSA-3fj4-wqjh-c2vp A security vulnerability has been detected in Qualitor up to 8.24.73. The impacted element is an unknown function of the file /Qualitor/html/bc/bcdocumento9/biblioteca/request/viewDocumento.php. Such manipulation of the argument cdscript leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. It is suggested to upgrade the affected component. The vendor confirms the existence of the issue: "We became aware of the issue through an earlier direct notification from the original reporter, and our engineering team promptly investigated and implemented the necessary corrective measures. (...) Updated versions containing the fix have already been provided to our customer base". | CVSS3: 3.5 | 0% Низкий | около 2 месяцев назад | |
GHSA-3fj4-vjff-fr3x The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for (1) server.php, (2) adodb-errorpear.inc.php, (3) adodb-iterator.inc.php, (4) adodb-pear.inc.php, (5) adodb-perf.inc.php, (6) adodb-xmlschema.inc.php, and (7) adodb.inc.php; files in datadict including (8) datadict-access.inc.php, (9) datadict-db2.inc.php, (10) datadict-generic.inc.php, (11) datadict-ibase.inc.php, (12) datadict-informix.inc.php, (13) datadict-mssql.inc.php, (14) datadict-mysql.inc.php, (15) datadict-oci8.inc.php, (16) datadict-postgres.inc.php, and (17) datadict-sybase.inc.php; files in drivers/ including (18) adodb-access.inc.php, (19) adodb-ado.inc.php, (20) adodb-ado_access.inc.php, (21) adodb-ado_mssql.inc.php, (22) adodb-borland_ibase.inc.php, (23) adodb-csv.inc.php, (24) adodb-db2.inc.php, (25) adodb-fbsql.inc.php, (26) adodb-firebird.inc.php, (27) adodb-ibase.inc.php, (28) adodb-informix.inc.php, (29) adodb-informix72.inc.php, (3... | 0% Низкий | почти 4 года назад | ||
GHSA-3fj4-q72x-x2g9 ADOdb Library SQL Injection | CVSS3: 9.8 | 3% Низкий | больше 3 лет назад | |
GHSA-3fj4-jwj4-55c8 Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability | CVSS3: 6.8 | 0% Низкий | около 2 лет назад |
Уязвимостей на страницу