Количество 314 458
Количество 314 458
GHSA-2wp3-q67h-9ppc
In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-190619791
GHSA-2wp2-chmh-r934
golang.org/x/net/html NULL Pointer Dereference vulnerability
GHSA-2wmw-3765-j48j
The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type.
GHSA-2wmv-xp85-m57j
In bt driver, there is a thread competition leads to early release of resources to be accessed. This could lead to local denial of service in kernel.
GHSA-2wmv-mm4p-p4mx
A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. A fix is planned for the next release 2.6.8.
GHSA-2wmv-9ccc-rw9w
An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event Logging Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1371.
GHSA-2wmv-37vq-52g5
FPE in `tf.raw_ops.UnravelIndex`
GHSA-2wmr-35cq-3r7p
Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application's database, allowing for authorization bypass and taking over additional accounts by means of modifying password-reset tokens stored in the database. Remote command execution is also possible by leveraging this to abuse the Yii framework's bizRule functionality, allowing for arbitrary PHP code to be executed by the application. Remote command execution is also possible by using this together with a separate insecure file upload vulnerability (CVE-2020-15488).
GHSA-2wmq-9w92-6xx4
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ravi Singh Visitor Details allows Stored XSS. This issue affects Visitor Details: from n/a through 1.0.1.
GHSA-2wmp-7qf6-49px
Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability
GHSA-2wmp-6cvh-326h
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function.
GHSA-2wmm-vrhw-cf55
Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts.
GHSA-2wmm-f268-hrpm
The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.1 via the 'Export Utility' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into billing information like their First Name that will embed into the exported CSV file triggered by an administrator and can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
GHSA-2wmm-cc27-75cj
A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox.
GHSA-2wmm-3686-65hx
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information.
GHSA-2wmj-8mqg-r9q8
Moodle has Incorrect Default Permissions
GHSA-2wmj-46rj-qm2w
ZITADEL Account Takeover via Malicious Host Header Injection
GHSA-2wmh-359c-rw99
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Partition.
GHSA-2wmh-22pv-vc2h
browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL.
GHSA-2wmg-wcpx-h559
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ilias Gomatos Affiliate Platform allows Reflected XSS.This issue affects Affiliate Platform: from n/a through 1.4.8.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-2wp3-q67h-9ppc In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-190619791 | 0% Низкий | около 4 лет назад | ||
GHSA-2wp2-chmh-r934 golang.org/x/net/html NULL Pointer Dereference vulnerability | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад | |
GHSA-2wmw-3765-j48j The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type. | 0% Низкий | больше 3 лет назад | ||
GHSA-2wmv-xp85-m57j In bt driver, there is a thread competition leads to early release of resources to be accessed. This could lead to local denial of service in kernel. | CVSS3: 5.5 | 0% Низкий | почти 3 года назад | |
GHSA-2wmv-mm4p-p4mx A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. A fix is planned for the next release 2.6.8. | CVSS3: 6.3 | 0% Низкий | около 1 месяца назад | |
GHSA-2wmv-9ccc-rw9w An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event Logging Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1371. | 1% Низкий | больше 3 лет назад | ||
GHSA-2wmv-37vq-52g5 FPE in `tf.raw_ops.UnravelIndex` | CVSS3: 5.5 | 0% Низкий | больше 4 лет назад | |
GHSA-2wmr-35cq-3r7p Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application's database, allowing for authorization bypass and taking over additional accounts by means of modifying password-reset tokens stored in the database. Remote command execution is also possible by leveraging this to abuse the Yii framework's bizRule functionality, allowing for arbitrary PHP code to be executed by the application. Remote command execution is also possible by using this together with a separate insecure file upload vulnerability (CVE-2020-15488). | 2% Низкий | больше 3 лет назад | ||
GHSA-2wmq-9w92-6xx4 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ravi Singh Visitor Details allows Stored XSS. This issue affects Visitor Details: from n/a through 1.0.1. | CVSS3: 7.1 | 0% Низкий | 11 месяцев назад | |
GHSA-2wmp-7qf6-49px Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability | CVSS3: 7.8 | 0% Низкий | больше 2 лет назад | |
GHSA-2wmp-6cvh-326h Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function. | CVSS3: 8.8 | 21% Средний | около 2 лет назад | |
GHSA-2wmm-vrhw-cf55 Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts. | 1% Низкий | почти 4 года назад | ||
GHSA-2wmm-f268-hrpm The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.1 via the 'Export Utility' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into billing information like their First Name that will embed into the exported CSV file triggered by an administrator and can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | CVSS3: 8 | 1% Низкий | больше 3 лет назад | |
GHSA-2wmm-cc27-75cj A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox. | CVSS3: 9.6 | 1% Низкий | больше 1 года назад | |
GHSA-2wmm-3686-65hx Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information. | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад | |
GHSA-2wmj-8mqg-r9q8 Moodle has Incorrect Default Permissions | CVSS3: 5.3 | 1% Низкий | почти 3 года назад | |
GHSA-2wmj-46rj-qm2w ZITADEL Account Takeover via Malicious Host Header Injection | CVSS3: 8.1 | 0% Низкий | около 2 лет назад | |
GHSA-2wmh-359c-rw99 Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Partition. | 1% Низкий | больше 3 лет назад | ||
GHSA-2wmh-22pv-vc2h browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL. | CVSS3: 4.3 | 1% Низкий | больше 3 лет назад | |
GHSA-2wmg-wcpx-h559 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ilias Gomatos Affiliate Platform allows Reflected XSS.This issue affects Affiliate Platform: from n/a through 1.4.8. | CVSS3: 7.1 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу