Количество 312 573
Количество 312 573
GHSA-2wvw-h8hc-x343
Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access.
GHSA-2wvw-246g-ffw7
Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance > Logs menu and manipulating the file-path in the URL.
GHSA-2wvv-vggf-ggr9
A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user.
GHSA-2wvv-pxv7-cgf7
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file user/forget_password.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219336.
GHSA-2wvv-phhw-qvmc
Jenkins Pipeline: Job Plugin vulnerable to stored Cross-site Scripting
GHSA-2wvv-6r6q-wwcj
Barco ClickShare CSC-1 devices with firmware before 01.09.03 allow remote attackers to obtain the root password by downloading and extracting the firmware image.
GHSA-2wvv-4p4q-7mq5
Missing Authorization vulnerability in WP Wand WP Wand allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Wand: from n/a through 1.2.5.
GHSA-2wvq-xm2v-3mr6
Deliantra Server before 2.82 allows remote authenticated users to cause a denial of service (daemon crash) via vectors involving an empty treasure list.
GHSA-2wvq-34x3-5vhj
Users who were required to change their password could still access system information before changing their password
GHSA-2wvq-2hj6-8g26
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via vectors related to HTTP Request Handling, a different vulnerability than CVE-2014-0426.
GHSA-2wvp-q72m-cfq8
Cross-site scripting (XSS) vulnerability in config.php in AdaptCMS 2.0.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
GHSA-2wvp-gfcw-56p6
While rendering the layout background, Error status check is not caught properly and also incorrect status handling is being done leading to unintended SUI behaviour in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX24, SXR1130
GHSA-2wvm-9j4x-757c
templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS related to the _next parameter.
GHSA-2wvj-9m7h-43j3
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
GHSA-2wvj-7gj7-2j5w
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=.
GHSA-2wvh-w7fv-6223
Cross-site scripting (XSS) vulnerability in the font tag in ezBoard 7.3u allows remote attackers to execute arbitrary script as other users, as demonstrated using the background:url in a (1) font color or (2) font face argument.
GHSA-2wvh-6639-8hph
O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler.
GHSA-2wvg-h2ww-x862
njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.
GHSA-2wvf-vp7x-88v4
MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire.
GHSA-2wvf-mfh8-69x7
Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may allow local users to gain privileges via a long (1) XAPPLRESLANGPATH or (2) XAPPLRESDIR environment variable, or (3) command line argument.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-2wvw-h8hc-x343 Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access. | CVSS3: 3.8 | 1% Низкий | больше 3 лет назад | |
GHSA-2wvw-246g-ffw7 Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance > Logs menu and manipulating the file-path in the URL. | 1% Низкий | больше 3 лет назад | ||
GHSA-2wvv-vggf-ggr9 A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user. | CVSS3: 8.8 | 3% Низкий | больше 3 лет назад | |
GHSA-2wvv-pxv7-cgf7 A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file user/forget_password.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219336. | CVSS3: 7.2 | 0% Низкий | около 3 лет назад | |
GHSA-2wvv-phhw-qvmc Jenkins Pipeline: Job Plugin vulnerable to stored Cross-site Scripting | CVSS3: 7.5 | 3% Низкий | больше 2 лет назад | |
GHSA-2wvv-6r6q-wwcj Barco ClickShare CSC-1 devices with firmware before 01.09.03 allow remote attackers to obtain the root password by downloading and extracting the firmware image. | CVSS3: 9.8 | 0% Низкий | больше 3 лет назад | |
GHSA-2wvv-4p4q-7mq5 Missing Authorization vulnerability in WP Wand WP Wand allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Wand: from n/a through 1.2.5. | CVSS3: 5.3 | 0% Низкий | около 1 года назад | |
GHSA-2wvq-xm2v-3mr6 Deliantra Server before 2.82 allows remote authenticated users to cause a denial of service (daemon crash) via vectors involving an empty treasure list. | 0% Низкий | почти 4 года назад | ||
GHSA-2wvq-34x3-5vhj Users who were required to change their password could still access system information before changing their password | CVSS3: 4.3 | 0% Низкий | 9 месяцев назад | |
GHSA-2wvq-2hj6-8g26 Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via vectors related to HTTP Request Handling, a different vulnerability than CVE-2014-0426. | 0% Низкий | больше 3 лет назад | ||
GHSA-2wvp-q72m-cfq8 Cross-site scripting (XSS) vulnerability in config.php in AdaptCMS 2.0.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 3% Низкий | больше 3 лет назад | ||
GHSA-2wvp-gfcw-56p6 While rendering the layout background, Error status check is not caught properly and also incorrect status handling is being done leading to unintended SUI behaviour in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX24, SXR1130 | 0% Низкий | больше 3 лет назад | ||
GHSA-2wvm-9j4x-757c templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS related to the _next parameter. | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад | |
GHSA-2wvj-9m7h-43j3 An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад | |
GHSA-2wvj-7gj7-2j5w Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=. | CVSS3: 7.2 | 8% Низкий | больше 3 лет назад | |
GHSA-2wvh-w7fv-6223 Cross-site scripting (XSS) vulnerability in the font tag in ezBoard 7.3u allows remote attackers to execute arbitrary script as other users, as demonstrated using the background:url in a (1) font color or (2) font face argument. | 3% Низкий | почти 4 года назад | ||
GHSA-2wvh-6639-8hph O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler. | CVSS3: 9.8 | 0% Низкий | почти 2 года назад | |
GHSA-2wvg-h2ww-x862 njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c. | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад | |
GHSA-2wvf-vp7x-88v4 MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire. | 0% Низкий | больше 3 лет назад | ||
GHSA-2wvf-mfh8-69x7 Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may allow local users to gain privileges via a long (1) XAPPLRESLANGPATH or (2) XAPPLRESDIR environment variable, or (3) command line argument. | 0% Низкий | почти 4 года назад |
Уязвимостей на страницу