Количество 314 458
Количество 314 458
GHSA-2w35-4j48-pw23
In TrustZone access control policy may potentially be bypassed in all Android releases from CAF using the Linux kernel due to improper input validation an integer overflow vulnerability leading to a buffer overflow could potentially occur and a buffer over-read vulnerability could potentially occur.
GHSA-2w33-vxph-6jr3
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key.
GHSA-2w33-cqmf-52qr
Heap-based overflow for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.
GHSA-2w32-6mgj-gvg7
The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum().
GHSA-2w2x-v275-f37c
Cross-site scripting (XSS) vulnerability in the Andy Frank Beatnik 1.0 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via an RSS feed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
GHSA-2w2x-7qgj-4x78
Magento stored cross-site scripting vulnerability
GHSA-2w2x-7266-2c97
A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway.
GHSA-2w2x-2pf7-45x3
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDoms IO). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 4.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
GHSA-2w2w-m9f2-6x9q
Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.
GHSA-2w2w-cv3h-rr38
Apache Tomcat Reveals Path through Long URL
GHSA-2w2w-c8f9-2jq3
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access sensitive user data.
GHSA-2w2v-xcr9-mj4m
Hashicorp Nomad Access Control Issues
GHSA-2w2v-rc5g-p6fr
Unspecified vulnerability in JustSystems Ichitaro 2006 and 2007, Ichitaro Government 2006 and 2007, Ichitaro Portable with oreplug, Hanako 2006 through 2013, Hanako Police, Hanako Police 3, and Hanako Police 2010 allows remote attackers to execute arbitrary code via a crafted file.
GHSA-2w2r-jcr9-2rp9
Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentication by leveraging the user registration feature.
GHSA-2w2q-r6q7-86fg
A vulnerability was found in SourceCodester Best House Rental Management System 1.0. Impacted is the function save_house of the file /admin_class.php. Performing manipulation of the argument house_no results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
GHSA-2w2q-qp7m-7wrh
An IDOR vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to view any files. The application does not verify whether the attacker is the creator of the file, allowing the attacker to directly call the GET /api/chat/file/{file_id} interface to view any user's file.
GHSA-2w2q-grxm-gr8f
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.
GHSA-2w2q-8f37-gjwc
An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32553
GHSA-2w2q-5vg5-jx48
sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.
GHSA-2w2q-4rr5-39fw
Directory traversal vulnerability in default.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the configfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-2w35-4j48-pw23 In TrustZone access control policy may potentially be bypassed in all Android releases from CAF using the Linux kernel due to improper input validation an integer overflow vulnerability leading to a buffer overflow could potentially occur and a buffer over-read vulnerability could potentially occur. | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад | |
GHSA-2w33-vxph-6jr3 Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key. | 0% Низкий | больше 3 лет назад | ||
GHSA-2w33-cqmf-52qr Heap-based overflow for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access. | 0% Низкий | больше 3 лет назад | ||
GHSA-2w32-6mgj-gvg7 The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum(). | CVSS3: 9.8 | 1% Низкий | больше 3 лет назад | |
GHSA-2w2x-v275-f37c Cross-site scripting (XSS) vulnerability in the Andy Frank Beatnik 1.0 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via an RSS feed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 0% Низкий | почти 4 года назад | ||
GHSA-2w2x-7qgj-4x78 Magento stored cross-site scripting vulnerability | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад | |
GHSA-2w2x-7266-2c97 A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway. | 0% Низкий | больше 3 лет назад | ||
GHSA-2w2x-2pf7-45x3 Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDoms IO). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 4.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | CVSS3: 4 | 0% Низкий | больше 3 лет назад | |
GHSA-2w2w-m9f2-6x9q Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension. | 83% Высокий | больше 3 лет назад | ||
GHSA-2w2w-cv3h-rr38 Apache Tomcat Reveals Path through Long URL | 3% Низкий | почти 4 года назад | ||
GHSA-2w2w-c8f9-2jq3 A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access sensitive user data. | CVSS3: 9.8 | 0% Низкий | около 1 года назад | |
GHSA-2w2v-xcr9-mj4m Hashicorp Nomad Access Control Issues | CVSS3: 9.8 | 1% Низкий | больше 3 лет назад | |
GHSA-2w2v-rc5g-p6fr Unspecified vulnerability in JustSystems Ichitaro 2006 and 2007, Ichitaro Government 2006 and 2007, Ichitaro Portable with oreplug, Hanako 2006 through 2013, Hanako Police, Hanako Police 3, and Hanako Police 2010 allows remote attackers to execute arbitrary code via a crafted file. | 4% Низкий | больше 3 лет назад | ||
GHSA-2w2r-jcr9-2rp9 Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentication by leveraging the user registration feature. | CVSS3: 8.8 | 81% Высокий | больше 3 лет назад | |
GHSA-2w2q-r6q7-86fg A vulnerability was found in SourceCodester Best House Rental Management System 1.0. Impacted is the function save_house of the file /admin_class.php. Performing manipulation of the argument house_no results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | CVSS3: 4.7 | 0% Низкий | 3 месяца назад | |
GHSA-2w2q-qp7m-7wrh An IDOR vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to view any files. The application does not verify whether the attacker is the creator of the file, allowing the attacker to directly call the GET /api/chat/file/{file_id} interface to view any user's file. | CVSS3: 6.5 | 17% Средний | 11 месяцев назад | |
GHSA-2w2q-grxm-gr8f Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. | CVSS3: 5.5 | 0% Низкий | больше 3 лет назад | |
GHSA-2w2q-8f37-gjwc An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32553 | CVSS3: 5.3 | 0% Низкий | больше 2 лет назад | |
GHSA-2w2q-5vg5-jx48 sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image. | 1% Низкий | больше 3 лет назад | ||
GHSA-2w2q-4rr5-39fw Directory traversal vulnerability in default.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the configfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 1% Низкий | почти 4 года назад |
Уязвимостей на страницу