Количество 312 573
Количество 312 573
GHSA-2qch-pvpr-3hrv
Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware (aka webdistro) 0.9.16.002 and earlier allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to the wiki module.
GHSA-2qcf-6mv3-j87x
IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116896.
GHSA-2qcf-439j-7273
Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability affects Firefox < 113.
GHSA-2qcc-m9fg-9v5h
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users.
GHSA-2qcc-gm3c-qcf7
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Remove WARN_ON for device endpoint command timeouts This commit addresses a rarely observed endpoint command timeout which causes kernel panic due to warn when 'panic_on_warn' is enabled and unnecessary call trace prints when 'panic_on_warn' is disabled. It is seen during fast software-controlled connect/disconnect testcases. The following is one such endpoint command timeout that we observed: 1. Connect ======= ->dwc3_thread_interrupt ->dwc3_ep0_interrupt ->configfs_composite_setup ->composite_setup ->usb_ep_queue ->dwc3_gadget_ep0_queue ->__dwc3_gadget_ep0_queue ->__dwc3_ep0_do_control_data ->dwc3_send_gadget_ep_cmd 2. Disconnect ========== ->dwc3_thread_interrupt ->dwc3_gadget_disconnect_interrupt ->dwc3_ep0_reset_state ->dwc3_ep0_end_control_data ->dwc3_send_gadget_ep_cmd In the issue scenario, in Exynos platforms, we observed that control trans...
GHSA-2qcc-4q33-8f32
Cross-Site Request Forgery (CSRF) vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through 5.5.19.
GHSA-2qc9-hx55-p47v
Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
GHSA-2qc8-r663-v864
OpenNMS Horizon XXE Injection Vulnerability
GHSA-2qc8-39fh-f2v4
Multiple PHP remote file inclusion vulnerabilities in FreeSchool 1.1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CLASSPATH parameter to (1) bib_form.php, (2) bib_pldetails.php, (3) bib_plform.php, (4) bib_plsearchc.php, (5) bib_plsearchs.php, (6) bib_save.php, (7) bib_searchc.php, (8) bib_searchs.php, (9) edi_form.php, (10) edi_save.php, (11) gen_form.php, (12) gen_save.php, (13) lin_form.php, (14) lin_save.php, (15) luo_form.php, (16) luo_save.php, (17) sog_form.php, or (18) sog_save.php in biblioteca/; (19) cal_insert.php, (20) cal_save.php, or (21) cal_saveactivity.php in calendario/; (22) circolari/cir_save.php; or (23) modulistica/mdl_save.php.
GHSA-2qc7-g42v-pgpq
EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS).
GHSA-2qc6-mcvw-92cw
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
GHSA-2qc4-mg99-36hh
The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
GHSA-2qc4-grg3-rm6f
Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.
GHSA-2qc4-3xj9-gvw3
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hidetoshi Fukushima Kumihimo allows Reflected XSS. This issue affects Kumihimo: from n/a through 1.0.2.
GHSA-2qc3-wjjq-65hv
The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
GHSA-2qc3-w5w6-7r8m
quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.
GHSA-2qc3-c6vw-rhw6
ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows remote attackers to cause the process to core dump via certain network packets generated by nmap.
GHSA-2qc3-77qp-3chq
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When an incoming RESV message corresponding to a protected LSP is malformed it causes an incorrect internal state resulting in an rpd core. This issue affects: Juniper Networks Junos OS All versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S8; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.2R3-S3-EVO; 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S1-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO version 21.2R1...
GHSA-2qc2-jxhg-7phc
The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable Elementor widgets.
GHSA-2q9x-jr84-x65p
A vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. An input validation issue in a .dll file of RSLinx Classic where the data in a Forward Open service request is passed to a fixed size buffer, allowing an attacker to exploit a stack-based buffer overflow condition.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-2qch-pvpr-3hrv Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware (aka webdistro) 0.9.16.002 and earlier allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to the wiki module. | 1% Низкий | почти 4 года назад | ||
GHSA-2qcf-6mv3-j87x IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116896. | CVSS3: 5.4 | 0% Низкий | больше 3 лет назад | |
GHSA-2qcf-439j-7273 Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability affects Firefox < 113. | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад | |
GHSA-2qcc-m9fg-9v5h An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users. | 0% Низкий | около 4 лет назад | ||
GHSA-2qcc-gm3c-qcf7 In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Remove WARN_ON for device endpoint command timeouts This commit addresses a rarely observed endpoint command timeout which causes kernel panic due to warn when 'panic_on_warn' is enabled and unnecessary call trace prints when 'panic_on_warn' is disabled. It is seen during fast software-controlled connect/disconnect testcases. The following is one such endpoint command timeout that we observed: 1. Connect ======= ->dwc3_thread_interrupt ->dwc3_ep0_interrupt ->configfs_composite_setup ->composite_setup ->usb_ep_queue ->dwc3_gadget_ep0_queue ->__dwc3_gadget_ep0_queue ->__dwc3_ep0_do_control_data ->dwc3_send_gadget_ep_cmd 2. Disconnect ========== ->dwc3_thread_interrupt ->dwc3_gadget_disconnect_interrupt ->dwc3_ep0_reset_state ->dwc3_ep0_end_control_data ->dwc3_send_gadget_ep_cmd In the issue scenario, in Exynos platforms, we observed that control trans... | CVSS3: 5.5 | 0% Низкий | 5 месяцев назад | |
GHSA-2qcc-4q33-8f32 Cross-Site Request Forgery (CSRF) vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through 5.5.19. | CVSS3: 5.4 | 0% Низкий | почти 2 года назад | |
GHSA-2qc9-hx55-p47v Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | 0% Низкий | почти 4 года назад | ||
GHSA-2qc8-r663-v864 OpenNMS Horizon XXE Injection Vulnerability | CVSS3: 8.8 | 0% Низкий | больше 2 лет назад | |
GHSA-2qc8-39fh-f2v4 Multiple PHP remote file inclusion vulnerabilities in FreeSchool 1.1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CLASSPATH parameter to (1) bib_form.php, (2) bib_pldetails.php, (3) bib_plform.php, (4) bib_plsearchc.php, (5) bib_plsearchs.php, (6) bib_save.php, (7) bib_searchc.php, (8) bib_searchs.php, (9) edi_form.php, (10) edi_save.php, (11) gen_form.php, (12) gen_save.php, (13) lin_form.php, (14) lin_save.php, (15) luo_form.php, (16) luo_save.php, (17) sog_form.php, or (18) sog_save.php in biblioteca/; (19) cal_insert.php, (20) cal_save.php, or (21) cal_saveactivity.php in calendario/; (22) circolari/cir_save.php; or (23) modulistica/mdl_save.php. | 1% Низкий | почти 4 года назад | ||
GHSA-2qc7-g42v-pgpq EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS). | CVSS3: 6.1 | 0% Низкий | почти 3 года назад | |
GHSA-2qc6-mcvw-92cw Update bundled libxml2 to v2.10.3 to resolve multiple CVEs | больше 3 лет назад | |||
GHSA-2qc4-mg99-36hh The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | CVSS3: 7.2 | 1% Низкий | около 3 лет назад | |
GHSA-2qc4-grg3-rm6f Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8. | 2% Низкий | больше 3 лет назад | ||
GHSA-2qc4-3xj9-gvw3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hidetoshi Fukushima Kumihimo allows Reflected XSS. This issue affects Kumihimo: from n/a through 1.0.2. | CVSS3: 7.1 | 0% Низкий | около 1 года назад | |
GHSA-2qc3-wjjq-65hv The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service. | 7% Низкий | почти 4 года назад | ||
GHSA-2qc3-w5w6-7r8m quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected. | CVSS3: 5.6 | 0% Низкий | 10 месяцев назад | |
GHSA-2qc3-c6vw-rhw6 ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows remote attackers to cause the process to core dump via certain network packets generated by nmap. | 0% Низкий | почти 4 года назад | ||
GHSA-2qc3-77qp-3chq An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When an incoming RESV message corresponding to a protected LSP is malformed it causes an incorrect internal state resulting in an rpd core. This issue affects: Juniper Networks Junos OS All versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S8; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.2R3-S3-EVO; 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S1-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO version 21.2R1... | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад | |
GHSA-2qc2-jxhg-7phc The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable Elementor widgets. | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад | |
GHSA-2q9x-jr84-x65p A vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. An input validation issue in a .dll file of RSLinx Classic where the data in a Forward Open service request is passed to a fixed size buffer, allowing an attacker to exploit a stack-based buffer overflow condition. | CVSS3: 9.8 | 17% Средний | больше 3 лет назад |
Уязвимостей на страницу