Количество 314 212
Количество 314 212
GHSA-3h72-w58w-hgvg
Directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the cid parameter to album.html.
GHSA-3h72-748m-j425
A flaw has been found in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/usersetting.php. Executing manipulation of the argument usname can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.
GHSA-3h72-65wp-34qp
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547.
GHSA-3h6x-jhxm-m484
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213072.
GHSA-3h6x-gjf3-36gg
A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.
GHSA-3h6x-952r-xr8p
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution.
GHSA-3h6w-w73g-4wv9
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter.
GHSA-3h6w-hjgc-hx7q
Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
GHSA-3h6v-4pff-pgf4
This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A download's origin may be incorrectly associated.
GHSA-3h6r-gqmp-9v88
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi.
GHSA-3h6p-jvww-q7w3
Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks.
GHSA-3h6m-v52v-hvmw
Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
GHSA-3h6m-3jhx-cfg9
The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions.
GHSA-3h6h-wq56-3w89
The Add Comments WordPress plugin through 1.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
GHSA-3h6h-v2q2-7mx9
WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893.
GHSA-3h6h-8756-mj4f
A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. An attacker could use this information to perform reconnaissance. More Information: CSCvc10894. Known Affected Releases: 6.1.0.2 6.2.0. Known Fixed Releases: 6.2.0.
GHSA-3h6g-vwfm-p62q
Cross-site scripting (XSS) vulnerability in display.php in Obsession-Design Image-Gallery (ODIG) 1.1 allows remote attackers to inject arbitrary web script or HTML via the folder parameter.
GHSA-3h6g-r953-7g4p
An issue was discovered in Emote Remote Mouse through 4.0.0.0. It uses cleartext HTTP to check, and request, updates. Thus, attackers can machine-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings.
GHSA-3h6f-g5f3-gc4w
Access Control Bypass in Spring Security
GHSA-3h6c-fr7r-7jmg
TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-3h72-w58w-hgvg Directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the cid parameter to album.html. | 2% Низкий | больше 3 лет назад | |
| GHSA-3h72-748m-j425 A flaw has been found in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/usersetting.php. Executing manipulation of the argument usname can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used. | CVSS3: 4.7 | 0% Низкий | 3 месяца назад |
| GHSA-3h72-65wp-34qp IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547. | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-3h6x-jhxm-m484 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213072. | 0% Низкий | почти 4 года назад | |
| GHSA-3h6x-gjf3-36gg A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used. | CVSS3: 6.5 | 0% Низкий | почти 4 года назад |
| GHSA-3h6x-952r-xr8p The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution. | CVSS3: 8.8 | 0% Низкий | около 2 лет назад |
| GHSA-3h6w-w73g-4wv9 Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter. | 0% Низкий | почти 4 года назад | |
| GHSA-3h6w-hjgc-hx7q Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | CVSS3: 7.3 | 0% Низкий | 9 месяцев назад |
| GHSA-3h6v-4pff-pgf4 This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A download's origin may be incorrectly associated. | CVSS3: 9.8 | 1% Низкий | 10 месяцев назад |
| GHSA-3h6r-gqmp-9v88 Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi. | 0% Низкий | почти 4 года назад | |
| GHSA-3h6p-jvww-q7w3 Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks. | 2% Низкий | почти 4 года назад | |
| GHSA-3h6m-v52v-hvmw Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | CVSS3: 9.3 | 1% Низкий | больше 3 лет назад |
| GHSA-3h6m-3jhx-cfg9 The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. | 0% Низкий | больше 3 лет назад | |
| GHSA-3h6h-wq56-3w89 The Add Comments WordPress plugin through 1.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | CVSS3: 4.8 | 0% Низкий | около 3 лет назад |
| GHSA-3h6h-v2q2-7mx9 WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893. | CVSS3: 9.8 | 0% Низкий | больше 3 лет назад |
| GHSA-3h6h-8756-mj4f A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. An attacker could use this information to perform reconnaissance. More Information: CSCvc10894. Known Affected Releases: 6.1.0.2 6.2.0. Known Fixed Releases: 6.2.0. | CVSS3: 6.5 | 0% Низкий | больше 3 лет назад |
| GHSA-3h6g-vwfm-p62q Cross-site scripting (XSS) vulnerability in display.php in Obsession-Design Image-Gallery (ODIG) 1.1 allows remote attackers to inject arbitrary web script or HTML via the folder parameter. | 0% Низкий | почти 4 года назад | |
| GHSA-3h6g-r953-7g4p An issue was discovered in Emote Remote Mouse through 4.0.0.0. It uses cleartext HTTP to check, and request, updates. Thus, attackers can machine-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings. | CVSS3: 8.1 | 0% Низкий | больше 3 лет назад |
| GHSA-3h6f-g5f3-gc4w Access Control Bypass in Spring Security | CVSS3: 9.1 | 48% Средний | больше 2 лет назад |
| GHSA-3h6c-fr7r-7jmg TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function. | CVSS3: 9.8 | 16% Средний | около 2 лет назад |
Уязвимостей на страницу