Количество 314 458
Количество 314 458
GHSA-33wm-j2gm-rj23
HPE has addressed a remote arbitrary file modification vulnerability in HPE enhanced Internet Usage Manager (eIUM) v9.0FP1 with the cumulative patch for v9.0FP1 - eIUM90FP01XXX.YYYYMMDD-HHMM.
GHSA-33wm-fghj-g69f
Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup function. The product's backup files containing sensitive information may be retrieved by a remote unauthenticated attacker.
GHSA-33wm-84cp-c2cq
The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin
GHSA-33wh-w4m7-c6r8
update_by_case before 0.1.3 can be vulnerable to sql injection
GHSA-33wh-vxg7-253j
LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated users to cause a denial of service (application crash) via a crafted post that is mishandled when displaying a Timeline.
GHSA-33wh-q6g3-v2vg
When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
GHSA-33wg-wpq3-mx7x
A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation (RMI) system. The vulnerability is due to an open port in the Network Interface and Configuration Engine (NICE) service. An attacker could exploit this vulnerability by accessing the open RMI system on an affected PCP instance. An exploit could allow the attacker to perform malicious actions that affect PCP and the devices that are connected to it. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd61746.
GHSA-33wg-9hcm-96gg
An OS command injection vulnerability has been discovered in ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3. This vulnerability primarily affects the command processing or system call components in ROS, making them susceptible to manipulation by malicious entities. Through this, unauthorized commands can be executed, leading to remote code execution (RCE), data theft, and malicious activities. The affected components include External Command Execution Modules, System Call Handlers, and Interface Scripts.
GHSA-33wf-jvrq-cxjv
In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.
GHSA-33wf-4crm-2322
Improper Access Control in librenms
GHSA-33wc-423w-3v87
Versions of Delphix Engine prior to Release 25.0.0.0 contain a flaw which results in Remote Code Execution (RCE).
GHSA-33w9-vjr3-c3cm
Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter.
GHSA-33w9-vc3g-2mjp
SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system.
GHSA-33w9-gx86-5qvx
The Sandbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the export_download action in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download an entire copy of a sandbox environment which can contain sensitive information like the wp-config.php file.
GHSA-33w9-6mj6-xgpr
Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures.
GHSA-33w7-r9c3-9qwq
In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: fix null deref in parse dev addr Fix a logic error that could result in a null deref if the user sets the mode incorrectly for the given addr type.
GHSA-33w6-pm3h-v82j
Nagios Fusion versions prior to R2.1 contain a vulnerability due to the application not requiring re-authentication or session rotation when a user has enabled two-factor authentication (2FA). As a result, an adversary who has obtained a valid session could continue using the active session after the target user enabled 2FA, potentially preventing the legitimate user from locking the attacker out and enabling persistent account takeover.
GHSA-33w6-hvmq-gh4x
diffoscope Path Traversal vulnerability
GHSA-33w6-gxj4-hj26
Windows TCP/IP Driver Denial of Service Vulnerability.
GHSA-33w6-9gm9-5rj4
A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function httpcon_check_session_url of the file /cgi/timepro.cgi of the component Hidden Hiddenloginsetup Interface. The manipulation results in improper authentication. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-33wm-j2gm-rj23 HPE has addressed a remote arbitrary file modification vulnerability in HPE enhanced Internet Usage Manager (eIUM) v9.0FP1 with the cumulative patch for v9.0FP1 - eIUM90FP01XXX.YYYYMMDD-HHMM. | CVSS3: 6.5 | 0% Низкий | больше 3 лет назад | |
GHSA-33wm-fghj-g69f Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup function. The product's backup files containing sensitive information may be retrieved by a remote unauthenticated attacker. | CVSS3: 5.9 | 0% Низкий | около 1 года назад | |
GHSA-33wm-84cp-c2cq The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin | CVSS3: 6.1 | 0% Низкий | больше 2 лет назад | |
GHSA-33wh-w4m7-c6r8 update_by_case before 0.1.3 can be vulnerable to sql injection | CVSS3: 5.8 | 0% Низкий | больше 3 лет назад | |
GHSA-33wh-vxg7-253j LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated users to cause a denial of service (application crash) via a crafted post that is mishandled when displaying a Timeline. | CVSS3: 5.7 | 0% Низкий | больше 3 лет назад | |
GHSA-33wh-q6g3-v2vg When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | CVSS3: 6.5 | 0% Низкий | около 4 лет назад | |
GHSA-33wg-wpq3-mx7x A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation (RMI) system. The vulnerability is due to an open port in the Network Interface and Configuration Engine (NICE) service. An attacker could exploit this vulnerability by accessing the open RMI system on an affected PCP instance. An exploit could allow the attacker to perform malicious actions that affect PCP and the devices that are connected to it. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 11.6 and prior. Cisco Bug IDs: CSCvd61746. | CVSS3: 9.8 | 3% Низкий | больше 3 лет назад | |
GHSA-33wg-9hcm-96gg An OS command injection vulnerability has been discovered in ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3. This vulnerability primarily affects the command processing or system call components in ROS, making them susceptible to manipulation by malicious entities. Through this, unauthorized commands can be executed, leading to remote code execution (RCE), data theft, and malicious activities. The affected components include External Command Execution Modules, System Call Handlers, and Interface Scripts. | почти 2 года назад | |||
GHSA-33wf-jvrq-cxjv In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data. | CVSS3: 5.4 | 4% Низкий | больше 3 лет назад | |
GHSA-33wf-4crm-2322 Improper Access Control in librenms | CVSS3: 7.1 | 0% Низкий | почти 4 года назад | |
GHSA-33wc-423w-3v87 Versions of Delphix Engine prior to Release 25.0.0.0 contain a flaw which results in Remote Code Execution (RCE). | CVSS3: 8.8 | 10% Низкий | больше 1 года назад | |
GHSA-33w9-vjr3-c3cm Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter. | CVSS3: 6.1 | 0% Низкий | почти 4 года назад | |
GHSA-33w9-vc3g-2mjp SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system. | CVSS3: 3.7 | 0% Низкий | больше 2 лет назад | |
GHSA-33w9-gx86-5qvx The Sandbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the export_download action in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download an entire copy of a sandbox environment which can contain sensitive information like the wp-config.php file. | CVSS3: 6.5 | 0% Низкий | около 1 года назад | |
GHSA-33w9-6mj6-xgpr Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures. | CVSS3: 8.8 | 0% Низкий | почти 4 года назад | |
GHSA-33w7-r9c3-9qwq In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: fix null deref in parse dev addr Fix a logic error that could result in a null deref if the user sets the mode incorrectly for the given addr type. | CVSS3: 5.5 | 0% Низкий | больше 1 года назад | |
GHSA-33w6-pm3h-v82j Nagios Fusion versions prior to R2.1 contain a vulnerability due to the application not requiring re-authentication or session rotation when a user has enabled two-factor authentication (2FA). As a result, an adversary who has obtained a valid session could continue using the active session after the target user enabled 2FA, potentially preventing the legitimate user from locking the attacker out and enabling persistent account takeover. | CVSS3: 8.1 | 3 месяца назад | ||
GHSA-33w6-hvmq-gh4x diffoscope Path Traversal vulnerability | 4% Низкий | почти 2 года назад | ||
GHSA-33w6-gxj4-hj26 Windows TCP/IP Driver Denial of Service Vulnerability. | CVSS3: 7.5 | 19% Средний | больше 3 лет назад | |
GHSA-33w6-9gm9-5rj4 A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function httpcon_check_session_url of the file /cgi/timepro.cgi of the component Hidden Hiddenloginsetup Interface. The manipulation results in improper authentication. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | CVSS3: 7.3 | 0% Низкий | 7 дней назад |
Уязвимостей на страницу