Количество 312 573
Количество 312 573
GHSA-2x3p-pww2-fg9r
An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker through a crafted email address may be able to bypass domain based restrictions on an instance or a group.
GHSA-2x3p-pc2g-c463
The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125.
GHSA-2x3m-vr25-pm56
Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) login or (2) mail_address field in Register.php, or the (3) search_author, (4) mode, (5) start_year, (6) end_year, or (7) date_type field in Search.php, a different vulnerability than CVE-2006-1674. NOTE: 1.6.2 and other versions might also be affected.
GHSA-2x3m-jc4v-x3pj
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
GHSA-2x3m-h8fc-hm6p
A vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability exists because the assigned user of a smart card is not properly matched with the authenticating user. An attacker could exploit this vulnerability by configuring a smart card login to bypass Duo authentication. A successful exploit could allow the attacker to use any personal identity verification (PIV) smart card for authentication, even if the smart card is not assigned to the authenticating user.
GHSA-2x3m-95pj-8pg6
Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.
GHSA-2x3m-8px8-74hr
A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll.
GHSA-2x3g-rr4w-4qrp
Jenkins Zoho QEngine Plugin Displays Unmasked API Keys
GHSA-2x3g-c9j6-ff9w
The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
GHSA-2x3g-6456-c8h3
The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.
GHSA-2x3g-5wc5-pwch
Multiple cross-site scripting (XSS) vulnerabilities in TTChat 1.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter to default.php or (2) the username parameter to chat_form.php.
GHSA-2x3f-98xw-grcg
CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to obtain sensitive information via a crafted application that makes a setwpaie ioctl call, aka Android internal bug 29915601 and Qualcomm internal bug CR 1000913.
GHSA-2x3c-hwh5-5rf9
Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows attackers to cause a denial of service via unknown vectors.
GHSA-2x38-r5h7-96fv
The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation in the handle_files_upload() function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php).
GHSA-2x38-j7v9-v23r
Unchecked output buffer may allowed arbitrary code execution in SMM and potentially result in SMM memory corruption.
GHSA-2x38-f53p-2wp3
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, MDM9206, MDM9607, MDM9635M, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, and SD 835, improper input validation can occur while parsing an image.
GHSA-2x38-7mv7-h86v
A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)
GHSA-2x37-xp38-hq9m
A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote attackers to inject arbitrary web script or HTML via Advanced_ASUSDDNS_Content.asp, Advanced_WSecurity_Content.asp, Advanced_Wireless_Content.asp, Logout.asp, Main_Login.asp, MobileQIS_Login.asp, QIS_wizard.htma, YandexDNS.asp, ajax_status.xml, apply.cgi, clients.asp, disk.asp, disk_utility.asp, or internet.asp.
GHSA-2x37-ffq7-5322
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/relationships` endpoint and first_name and last_name parameter.
GHSA-2x36-vr7v-9hpm
Incorrect default permissions in the Intel(R) ITS sofware before version 3.1 may allow authenticated user to potentially enable escalation of privilege via local access.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-2x3p-pww2-fg9r An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker through a crafted email address may be able to bypass domain based restrictions on an instance or a group. | CVSS3: 4.3 | 0% Низкий | почти 2 года назад | |
GHSA-2x3p-pc2g-c463 The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125. | 0% Низкий | больше 3 лет назад | ||
GHSA-2x3m-vr25-pm56 Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) login or (2) mail_address field in Register.php, or the (3) search_author, (4) mode, (5) start_year, (6) end_year, or (7) date_type field in Search.php, a different vulnerability than CVE-2006-1674. NOTE: 1.6.2 and other versions might also be affected. | 1% Низкий | почти 4 года назад | ||
GHSA-2x3m-jc4v-x3pj An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | CVSS3: 8.8 | 1% Низкий | больше 3 лет назад | |
GHSA-2x3m-h8fc-hm6p A vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability exists because the assigned user of a smart card is not properly matched with the authenticating user. An attacker could exploit this vulnerability by configuring a smart card login to bypass Duo authentication. A successful exploit could allow the attacker to use any personal identity verification (PIV) smart card for authentication, even if the smart card is not assigned to the authenticating user. | CVSS3: 6.8 | 0% Низкий | больше 3 лет назад | |
GHSA-2x3m-95pj-8pg6 Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally. | CVSS3: 5.5 | 5% Низкий | 26 дней назад | |
GHSA-2x3m-8px8-74hr A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll. | CVSS3: 7.5 | 54% Средний | почти 2 года назад | |
GHSA-2x3g-rr4w-4qrp Jenkins Zoho QEngine Plugin Displays Unmasked API Keys | CVSS3: 3.1 | 0% Низкий | 11 месяцев назад | |
GHSA-2x3g-c9j6-ff9w The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | CVSS3: 9.3 | 0% Низкий | больше 3 лет назад | |
GHSA-2x3g-6456-c8h3 The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors. | 1% Низкий | почти 4 года назад | ||
GHSA-2x3g-5wc5-pwch Multiple cross-site scripting (XSS) vulnerabilities in TTChat 1.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter to default.php or (2) the username parameter to chat_form.php. | 0% Низкий | больше 3 лет назад | ||
GHSA-2x3f-98xw-grcg CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to obtain sensitive information via a crafted application that makes a setwpaie ioctl call, aka Android internal bug 29915601 and Qualcomm internal bug CR 1000913. | CVSS3: 5.5 | 0% Низкий | больше 3 лет назад | |
GHSA-2x3c-hwh5-5rf9 Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows attackers to cause a denial of service via unknown vectors. | 1% Низкий | больше 3 лет назад | ||
GHSA-2x38-r5h7-96fv The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation in the handle_files_upload() function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php). | CVSS3: 9.1 | 1% Низкий | 7 месяцев назад | |
GHSA-2x38-j7v9-v23r Unchecked output buffer may allowed arbitrary code execution in SMM and potentially result in SMM memory corruption. | CVSS3: 8.2 | 0% Низкий | около 2 месяцев назад | |
GHSA-2x38-f53p-2wp3 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, MDM9206, MDM9607, MDM9635M, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, and SD 835, improper input validation can occur while parsing an image. | CVSS3: 9.8 | 0% Низкий | больше 3 лет назад | |
GHSA-2x38-7mv7-h86v A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | CVSS3: 8.8 | 1% Низкий | больше 3 лет назад | |
GHSA-2x37-xp38-hq9m A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote attackers to inject arbitrary web script or HTML via Advanced_ASUSDDNS_Content.asp, Advanced_WSecurity_Content.asp, Advanced_Wireless_Content.asp, Logout.asp, Main_Login.asp, MobileQIS_Login.asp, QIS_wizard.htma, YandexDNS.asp, ajax_status.xml, apply.cgi, clients.asp, disk.asp, disk_utility.asp, or internet.asp. | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад | |
GHSA-2x37-ffq7-5322 MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/relationships` endpoint and first_name and last_name parameter. | CVSS3: 5.4 | 0% Низкий | больше 2 лет назад | |
GHSA-2x36-vr7v-9hpm Incorrect default permissions in the Intel(R) ITS sofware before version 3.1 may allow authenticated user to potentially enable escalation of privilege via local access. | CVSS3: 6.7 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу