Количество 312 573
Количество 312 573
GHSA-39px-7q22-34h2
Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length.
GHSA-39px-6j8j-mr74
An untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unauthorized code execution.
GHSA-39pv-g7w9-q7vv
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related to Web Listener, a different vulnerability than CVE-2013-0338, CVE-2013-2877, and CVE-2014-0191.
GHSA-39pv-fq6q-7j8j
The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992.
GHSA-39pv-3mw4-29pm
ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows remote attackers to cause a denial of service via an oversized, fragmented "jolt" style ICMP packet.
GHSA-39pr-gwj2-95p4
Missing Authorization vulnerability in Magnigenie RestroPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RestroPress: from n/a through 3.1.8.4.
GHSA-39pq-3mh9-m5qg
An issue was discovered in Object First 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically strong sequences. An attacker can predict these sequences and generate a JWT token. As a result, an attacker can get access to the Web UI. This is fixed in 1.0.13.1611.
GHSA-39pm-fgr2-pr5p
Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file.
GHSA-39pj-gq8q-9pfj
Authentication Weakness in keystone
GHSA-39pj-4mfg-vcvw
In the Linux kernel, the following vulnerability has been resolved: vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove In vp_vdpa_remove(), the code kfree(&vp_vdpa_mgtdev->mgtdev.id_table) uses a reference of pointer as the argument of kfree, which is the wrong pointer and then may hit crash like this: Unable to handle kernel paging request at virtual address 00ffff003363e30c Internal error: Oops: 96000004 [#1] SMP Call trace: rb_next+0x20/0x5c ext4_readdir+0x494/0x5c4 [ext4] iterate_dir+0x168/0x1b4 __se_sys_getdents64+0x68/0x170 __arm64_sys_getdents64+0x24/0x30 el0_svc_common.constprop.0+0x7c/0x1bc do_el0_svc+0x2c/0x94 el0_svc+0x20/0x30 el0_sync_handler+0xb0/0xb4 el0_sync+0x160/0x180 Code: 54000220 f9400441 b4000161 aa0103e0 (f9400821) SMP: stopping secondary CPUs Starting crashdump kernel...
GHSA-39ph-x487-rw5g
In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07588552.
GHSA-39ph-wr67-j4xq
loguru vulnerable to improper privilege management
GHSA-39ph-g4x9-c3wj
Beck IPC GmbH IPC@CHIP TelnetD server generates different responses when given valid and invalid login names, which allows remote attackers to determine accounts on the system.
GHSA-39ph-9m75-m2v9
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
GHSA-39pg-x84f-79f4
Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter enable_band_steering.
GHSA-39pg-x4cc-j86x
There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java binary file.
GHSA-39pf-g98p-m3gj
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.
GHSA-39pc-fp7x-49v9
Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors.
GHSA-39pc-77xc-3q8f
** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature.
GHSA-39p9-vqpx-2vp6
Time-of-check Time-of-use Race Condition in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-39px-7q22-34h2 Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length. | CVSS3: 9.8 | 0% Низкий | больше 2 лет назад | |
GHSA-39px-6j8j-mr74 An untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unauthorized code execution. | 0% Низкий | больше 3 лет назад | ||
GHSA-39pv-g7w9-q7vv Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related to Web Listener, a different vulnerability than CVE-2013-0338, CVE-2013-2877, and CVE-2014-0191. | 1% Низкий | больше 3 лет назад | ||
GHSA-39pv-fq6q-7j8j The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992. | 2% Низкий | больше 3 лет назад | ||
GHSA-39pv-3mw4-29pm ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows remote attackers to cause a denial of service via an oversized, fragmented "jolt" style ICMP packet. | 5% Низкий | почти 4 года назад | ||
GHSA-39pr-gwj2-95p4 Missing Authorization vulnerability in Magnigenie RestroPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RestroPress: from n/a through 3.1.8.4. | CVSS3: 4.3 | 0% Низкий | 10 месяцев назад | |
GHSA-39pq-3mh9-m5qg An issue was discovered in Object First 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically strong sequences. An attacker can predict these sequences and generate a JWT token. As a result, an attacker can get access to the Web UI. This is fixed in 1.0.13.1611. | CVSS3: 9.8 | 1% Низкий | больше 3 лет назад | |
GHSA-39pm-fgr2-pr5p Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file. | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад | |
GHSA-39pj-gq8q-9pfj Authentication Weakness in keystone | CVSS3: 7.5 | 0% Низкий | больше 7 лет назад | |
GHSA-39pj-4mfg-vcvw In the Linux kernel, the following vulnerability has been resolved: vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove In vp_vdpa_remove(), the code kfree(&vp_vdpa_mgtdev->mgtdev.id_table) uses a reference of pointer as the argument of kfree, which is the wrong pointer and then may hit crash like this: Unable to handle kernel paging request at virtual address 00ffff003363e30c Internal error: Oops: 96000004 [#1] SMP Call trace: rb_next+0x20/0x5c ext4_readdir+0x494/0x5c4 [ext4] iterate_dir+0x168/0x1b4 __se_sys_getdents64+0x68/0x170 __arm64_sys_getdents64+0x24/0x30 el0_svc_common.constprop.0+0x7c/0x1bc do_el0_svc+0x2c/0x94 el0_svc+0x20/0x30 el0_sync_handler+0xb0/0xb4 el0_sync+0x160/0x180 Code: 54000220 f9400441 b4000161 aa0103e0 (f9400821) SMP: stopping secondary CPUs Starting crashdump kernel... | 0% Низкий | около 1 месяца назад | ||
GHSA-39ph-x487-rw5g In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07588552. | CVSS3: 4.4 | 0% Низкий | почти 3 года назад | |
GHSA-39ph-wr67-j4xq loguru vulnerable to improper privilege management | CVSS3: 4.3 | 0% Низкий | около 4 лет назад | |
GHSA-39ph-g4x9-c3wj Beck IPC GmbH IPC@CHIP TelnetD server generates different responses when given valid and invalid login names, which allows remote attackers to determine accounts on the system. | 4% Низкий | почти 4 года назад | ||
GHSA-39ph-9m75-m2v9 Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | CVSS3: 6.5 | 0% Низкий | 5 месяцев назад | |
GHSA-39pg-x84f-79f4 Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter enable_band_steering. | CVSS3: 9.8 | 1% Низкий | около 3 лет назад | |
GHSA-39pg-x4cc-j86x There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java binary file. | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад | |
GHSA-39pf-g98p-m3gj Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373. | 4% Низкий | больше 3 лет назад | ||
GHSA-39pc-fp7x-49v9 Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors. | CVSS3: 10 | 3% Низкий | больше 3 лет назад | |
GHSA-39pc-77xc-3q8f ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature. | 4% Низкий | почти 4 года назад | ||
GHSA-39p9-vqpx-2vp6 Time-of-check Time-of-use Race Condition in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access. | CVSS3: 7.2 | 0% Низкий | около 1 года назад |
Уязвимостей на страницу