Количество 312 573
Количество 312 573
GHSA-2wp7-476w-v7fh
Some Huawei home routers have an input validation vulnerability. Due to input parameter is not correctly verified, an attacker can exploit this vulnerability by sending special constructed packets to obtain files in the device and upload files to some directories.
GHSA-2wp6-3qrw-p6q9
SQL injection vulnerability in modules/patient/mycare2x_pat_info.php in myCare2x allows remote attackers to execute arbitrary SQL commands via the lang parameter.
GHSA-2wp5-cxv2-6684
Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.
GHSA-2wp5-2f53-g5f3
There is an Integer Overflow Vulnerability in Huawei Smartphone. Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.
GHSA-2wp4-vwq7-x2x6
A use after free issue has been identified in the way ISPSoft(v3.12 and prior) processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution.
GHSA-2wp4-rcrr-hrvg
The wp-all-import plugin before 3.4.7 for WordPress has XSS.
GHSA-2wp4-jvcq-g9p9
Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file.
GHSA-2wp4-95hr-rx8x
Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31177, CVE-2021-31179.
GHSA-2wp3-vrhh-pccj
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a denial of service via unspecified vectors.
GHSA-2wp3-q67h-9ppc
In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-190619791
GHSA-2wp2-chmh-r934
golang.org/x/net/html NULL Pointer Dereference vulnerability
GHSA-2wmw-3765-j48j
The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type.
GHSA-2wmv-xp85-m57j
In bt driver, there is a thread competition leads to early release of resources to be accessed. This could lead to local denial of service in kernel.
GHSA-2wmv-mm4p-p4mx
A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. A fix is planned for the next release 2.6.8.
GHSA-2wmv-9ccc-rw9w
An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event Logging Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1371.
GHSA-2wmv-37vq-52g5
FPE in `tf.raw_ops.UnravelIndex`
GHSA-2wmr-35cq-3r7p
Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application's database, allowing for authorization bypass and taking over additional accounts by means of modifying password-reset tokens stored in the database. Remote command execution is also possible by leveraging this to abuse the Yii framework's bizRule functionality, allowing for arbitrary PHP code to be executed by the application. Remote command execution is also possible by using this together with a separate insecure file upload vulnerability (CVE-2020-15488).
GHSA-2wmq-9w92-6xx4
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ravi Singh Visitor Details allows Stored XSS. This issue affects Visitor Details: from n/a through 1.0.1.
GHSA-2wmp-7qf6-49px
Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability
GHSA-2wmp-6cvh-326h
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-2wp7-476w-v7fh Some Huawei home routers have an input validation vulnerability. Due to input parameter is not correctly verified, an attacker can exploit this vulnerability by sending special constructed packets to obtain files in the device and upload files to some directories. | 0% Низкий | больше 3 лет назад | ||
GHSA-2wp6-3qrw-p6q9 SQL injection vulnerability in modules/patient/mycare2x_pat_info.php in myCare2x allows remote attackers to execute arbitrary SQL commands via the lang parameter. | 0% Низкий | больше 3 лет назад | ||
GHSA-2wp5-cxv2-6684 Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. | CVSS3: 7.5 | 1% Низкий | около 3 лет назад | |
GHSA-2wp5-2f53-g5f3 There is an Integer Overflow Vulnerability in Huawei Smartphone. Successful exploitation of these vulnerabilities may escalate the permission to that of the root user. | CVSS3: 9.8 | 0% Низкий | больше 3 лет назад | |
GHSA-2wp4-vwq7-x2x6 A use after free issue has been identified in the way ISPSoft(v3.12 and prior) processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution. | 0% Низкий | больше 3 лет назад | ||
GHSA-2wp4-rcrr-hrvg The wp-all-import plugin before 3.4.7 for WordPress has XSS. | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад | |
GHSA-2wp4-jvcq-g9p9 Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. | 1% Низкий | почти 4 года назад | ||
GHSA-2wp4-95hr-rx8x Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31177, CVE-2021-31179. | CVSS3: 7.8 | 6% Низкий | больше 3 лет назад | |
GHSA-2wp3-vrhh-pccj Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a denial of service via unspecified vectors. | 1% Низкий | больше 3 лет назад | ||
GHSA-2wp3-q67h-9ppc In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-190619791 | 0% Низкий | около 4 лет назад | ||
GHSA-2wp2-chmh-r934 golang.org/x/net/html NULL Pointer Dereference vulnerability | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад | |
GHSA-2wmw-3765-j48j The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type. | 0% Низкий | больше 3 лет назад | ||
GHSA-2wmv-xp85-m57j In bt driver, there is a thread competition leads to early release of resources to be accessed. This could lead to local denial of service in kernel. | CVSS3: 5.5 | 0% Низкий | почти 3 года назад | |
GHSA-2wmv-mm4p-p4mx A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. A fix is planned for the next release 2.6.8. | CVSS3: 6.3 | 0% Низкий | около 1 месяца назад | |
GHSA-2wmv-9ccc-rw9w An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event Logging Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1371. | 1% Низкий | больше 3 лет назад | ||
GHSA-2wmv-37vq-52g5 FPE in `tf.raw_ops.UnravelIndex` | CVSS3: 5.5 | 0% Низкий | больше 4 лет назад | |
GHSA-2wmr-35cq-3r7p Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application's database, allowing for authorization bypass and taking over additional accounts by means of modifying password-reset tokens stored in the database. Remote command execution is also possible by leveraging this to abuse the Yii framework's bizRule functionality, allowing for arbitrary PHP code to be executed by the application. Remote command execution is also possible by using this together with a separate insecure file upload vulnerability (CVE-2020-15488). | 2% Низкий | больше 3 лет назад | ||
GHSA-2wmq-9w92-6xx4 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ravi Singh Visitor Details allows Stored XSS. This issue affects Visitor Details: from n/a through 1.0.1. | CVSS3: 7.1 | 0% Низкий | 11 месяцев назад | |
GHSA-2wmp-7qf6-49px Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability | CVSS3: 7.8 | 0% Низкий | больше 2 лет назад | |
GHSA-2wmp-6cvh-326h Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function. | CVSS3: 8.8 | 21% Средний | около 2 лет назад |
Уязвимостей на страницу