Количество 312 573
Количество 312 573
GHSA-2w99-6h4v-j323
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
GHSA-2w98-wcf4-f6w2
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'company' at the endpoint '/clients/client/x.
GHSA-2w98-h9rr-xfqq
NanoMQ 0.17.5 was discovered to contain a segmentation fault via the component /nanomq/pub_handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message.
GHSA-2w98-fvw7-3w85
The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted credentials in a URL.
GHSA-2w97-q69c-frhf
IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege.
GHSA-2w97-hhmp-jmj9
The WP Recipe Maker WordPress plugin before 8.6.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.
GHSA-2w97-78m3-mph6
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stylemix Cost Calculator Builder allows Stored XSS. This issue affects Cost Calculator Builder: from n/a through 3.2.74.
GHSA-2w96-x49m-vc2j
Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown impact and attack vectors.
GHSA-2w96-8922-g8xr
Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the citytag stack buffer, which may result in memory corruption and remote code execution.
GHSA-2w96-264r-66qf
China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface /api/ZRUsb/pop_usb_device component.
GHSA-2w95-w2p8-6r8j
Missing Authorization vulnerability in Uncanny Owl Uncanny Automator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator: from n/a through 6.4.0.2.
GHSA-2w95-7g9v-5582
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
GHSA-2w94-phv7-xjw4
Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message.
GHSA-2w94-97wx-8cvr
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198923.
GHSA-2w93-qwpp-vgvj
trytond does not enforce access rights for data export
GHSA-2w93-9gpp-wf7v
SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted (1) U3D, (2) LWO, (3) JPEG2000, or (4) FBX file, aka "Out-Of-Bounds Indexing" vulnerabilities.
GHSA-2w93-5qhr-rvc6
RabidHamster R2/Extreme 1.65 and earlier uses a small search space of values for the PIN number, which allows remote attackers to obtain the PIN number via a brute force attack.
GHSA-2w93-2gh9-c8c2
A SQL Injection vulnerability exists in Western Bridge Cobub Razor 0.8.0 via the channel_name or platform parameter in a /index.php?/manage/channel/addchannel request, related to /application/controllers/manage/channel.php.
GHSA-2w93-2cv6-8w7c
The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks.
GHSA-2w92-jpj9-jcf2
In TBD of TBD, there is a possible downgrade attack due to under utilized anti-rollback protections. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194697257References: N/A
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-2w99-6h4v-j323 An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | CVSS3: 7.5 | 6% Низкий | около 1 года назад |
| GHSA-2w98-wcf4-f6w2 HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'company' at the endpoint '/clients/client/x. | CVSS3: 6.1 | 0% Низкий | 4 месяца назад |
| GHSA-2w98-h9rr-xfqq NanoMQ 0.17.5 was discovered to contain a segmentation fault via the component /nanomq/pub_handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message. | CVSS3: 7.5 | 0% Низкий | 7 месяцев назад |
| GHSA-2w98-fvw7-3w85 The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted credentials in a URL. | 2% Низкий | больше 3 лет назад | |
| GHSA-2w97-q69c-frhf IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege. | CVSS3: 8.8 | 0% Низкий | 8 месяцев назад |
| GHSA-2w97-hhmp-jmj9 The WP Recipe Maker WordPress plugin before 8.6.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. | CVSS3: 5.4 | 0% Низкий | около 3 лет назад |
| GHSA-2w97-78m3-mph6 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stylemix Cost Calculator Builder allows Stored XSS. This issue affects Cost Calculator Builder: from n/a through 3.2.74. | CVSS3: 5.9 | 0% Низкий | 9 месяцев назад |
| GHSA-2w96-x49m-vc2j Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown impact and attack vectors. | 0% Низкий | почти 4 года назад | |
| GHSA-2w96-8922-g8xr Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the citytag stack buffer, which may result in memory corruption and remote code execution. | CVSS3: 9.8 | 0% Низкий | 18 дней назад |
| GHSA-2w96-264r-66qf China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface /api/ZRUsb/pop_usb_device component. | 4% Низкий | около 4 лет назад | |
| GHSA-2w95-w2p8-6r8j Missing Authorization vulnerability in Uncanny Owl Uncanny Automator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator: from n/a through 6.4.0.2. | CVSS3: 6.5 | 0% Низкий | 8 месяцев назад |
| GHSA-2w95-7g9v-5582 InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS3: 7.8 | 0% Низкий | 11 месяцев назад |
| GHSA-2w94-phv7-xjw4 Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. | CVSS3: 4.3 | 0% Низкий | почти 2 года назад |
| GHSA-2w94-97wx-8cvr IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198923. | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
| GHSA-2w93-qwpp-vgvj trytond does not enforce access rights for data export | CVSS3: 6.5 | 0% Низкий | 2 месяца назад |
| GHSA-2w93-9gpp-wf7v SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted (1) U3D, (2) LWO, (3) JPEG2000, or (4) FBX file, aka "Out-Of-Bounds Indexing" vulnerabilities. | 3% Низкий | больше 3 лет назад | |
| GHSA-2w93-5qhr-rvc6 RabidHamster R2/Extreme 1.65 and earlier uses a small search space of values for the PIN number, which allows remote attackers to obtain the PIN number via a brute force attack. | 0% Низкий | больше 3 лет назад | |
| GHSA-2w93-2gh9-c8c2 A SQL Injection vulnerability exists in Western Bridge Cobub Razor 0.8.0 via the channel_name or platform parameter in a /index.php?/manage/channel/addchannel request, related to /application/controllers/manage/channel.php. | CVSS3: 9.8 | 7% Низкий | больше 3 лет назад |
| GHSA-2w93-2cv6-8w7c The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. | CVSS3: 4.8 | 0% Низкий | больше 3 лет назад |
| GHSA-2w92-jpj9-jcf2 In TBD of TBD, there is a possible downgrade attack due to under utilized anti-rollback protections. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194697257References: N/A | 0% Низкий | около 4 лет назад |
Уязвимостей на страницу