Количество 312 573
Количество 312 573
GHSA-2pxw-qgwm-32jg
Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress.
GHSA-2pxv-xppx-4p3x
An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request.
GHSA-2pxr-78xf-pr6j
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.
GHSA-2pxq-hcw9-cvgv
In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow.
GHSA-2pxp-hm79-mvqx
A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
GHSA-2pxm-qg5m-jmf9
BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint.
GHSA-2pxm-j656-vm6g
Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
GHSA-2pxm-h99r-p9r4
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sewpafly Post Thumbnail Editor.This issue affects Post Thumbnail Editor: from n/a through 2.4.8.
GHSA-2pxj-rx8j-9775
Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to launch the file in the Webex recording players. Exploitation of these vulnerabilities could cause an affected player to crash, resulting in a denial of service (DoS) condition. The Cisco Webex players are applications that are used to play back Webex meetings that have been recorded by an online meeting attendee. The Webex Network Recording Player for .arf files can be automatically installed when the user accesses a recording that is hosted on a Webex server. The Webex Player for .wrf files can be downloaded manually. These vulnerabilities affect ARF and WRF recording players available from Cisco Webex Meetings Suite sites, Cisco Webex Meetings Online sites, and Cisco Webex Meetings Server...
GHSA-2pxj-6xcx-769r
Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php.
GHSA-2pxh-r3qf-h5ww
Cross-Site Request Forgery (CSRF) vulnerability in Timo Reith Affiliate Super Assistent plugin <= 1.5.1 versions.
GHSA-2pxh-g2p3-2pg9
SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
GHSA-2pxh-883j-pqvh
An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restriction and a create restriction. An attacker cannot leverage this to overwrite anything, but can leverage this to force a wiki to have a page with a disallowed title.
GHSA-2pxg-gfxf-6253
An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.
GHSA-2pxc-x7w4-c742
Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php in Fantastic Guestbook 2.0.1, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) nickname parameters.
GHSA-2pxc-92c8-j37f
WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site.
GHSA-2pxc-8fhw-2cw4
A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code.
GHSA-2px9-x675-rqf5
XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data.
GHSA-2px8-v868-2g2q
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Bad drive in topology results kernel crash When the SAS Transport Layer support is enabled and a device exposed to the OS by the driver fails INQUIRY commands, the driver frees up the memory allocated for an internal HBA port data structure. However, in some places, the reference to the freed memory is not cleared. When the firmware sends the Device Info change event for the same device again, the freed memory is accessed and that leads to memory corruption and OS crash.
GHSA-2px8-4f7q-6fxj
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124557.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-2pxw-qgwm-32jg Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress. | CVSS3: 5.3 | 50% Средний | больше 3 лет назад | |
GHSA-2pxv-xppx-4p3x An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request. | CVSS3: 2.7 | 0% Низкий | больше 1 года назад | |
GHSA-2pxr-78xf-pr6j Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544. | CVSS3: 9.8 | 81% Высокий | больше 3 лет назад | |
GHSA-2pxq-hcw9-cvgv In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow. | CVSS3: 2.9 | 0% Низкий | почти 2 года назад | |
GHSA-2pxp-hm79-mvqx A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS3: 9.8 | 92% Критический | больше 1 года назад | |
GHSA-2pxm-qg5m-jmf9 BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint. | CVSS3: 7.3 | 0% Низкий | больше 3 лет назад | |
GHSA-2pxm-j656-vm6g Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | CVSS3: 9.8 | 0% Низкий | 3 месяца назад | |
GHSA-2pxm-h99r-p9r4 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sewpafly Post Thumbnail Editor.This issue affects Post Thumbnail Editor: from n/a through 2.4.8. | CVSS3: 5.3 | 0% Низкий | почти 2 года назад | |
GHSA-2pxj-rx8j-9775 Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to launch the file in the Webex recording players. Exploitation of these vulnerabilities could cause an affected player to crash, resulting in a denial of service (DoS) condition. The Cisco Webex players are applications that are used to play back Webex meetings that have been recorded by an online meeting attendee. The Webex Network Recording Player for .arf files can be automatically installed when the user accesses a recording that is hosted on a Webex server. The Webex Player for .wrf files can be downloaded manually. These vulnerabilities affect ARF and WRF recording players available from Cisco Webex Meetings Suite sites, Cisco Webex Meetings Online sites, and Cisco Webex Meetings Server... | CVSS3: 5.5 | 0% Низкий | больше 3 лет назад | |
GHSA-2pxj-6xcx-769r Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php. | 2% Низкий | почти 4 года назад | ||
GHSA-2pxh-r3qf-h5ww Cross-Site Request Forgery (CSRF) vulnerability in Timo Reith Affiliate Super Assistent plugin <= 1.5.1 versions. | CVSS3: 4.3 | 0% Низкий | около 2 лет назад | |
GHSA-2pxh-g2p3-2pg9 SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | 0% Низкий | больше 3 лет назад | ||
GHSA-2pxh-883j-pqvh An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restriction and a create restriction. An attacker cannot leverage this to overwrite anything, but can leverage this to force a wiki to have a page with a disallowed title. | 0% Низкий | больше 3 лет назад | ||
GHSA-2pxg-gfxf-6253 An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. | 0% Низкий | почти 4 года назад | ||
GHSA-2pxc-x7w4-c742 Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php in Fantastic Guestbook 2.0.1, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) nickname parameters. | 1% Низкий | почти 4 года назад | ||
GHSA-2pxc-92c8-j37f WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site. | 1% Низкий | больше 3 лет назад | ||
GHSA-2pxc-8fhw-2cw4 A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code. | CVSS3: 6.7 | 0% Низкий | около 2 лет назад | |
GHSA-2px9-x675-rqf5 XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data. | 1% Низкий | больше 3 лет назад | ||
GHSA-2px8-v868-2g2q In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Bad drive in topology results kernel crash When the SAS Transport Layer support is enabled and a device exposed to the OS by the driver fails INQUIRY commands, the driver frees up the memory allocated for an internal HBA port data structure. However, in some places, the reference to the freed memory is not cleared. When the firmware sends the Device Info change event for the same device again, the freed memory is accessed and that leads to memory corruption and OS crash. | CVSS3: 7.8 | 0% Низкий | 9 месяцев назад | |
GHSA-2px8-4f7q-6fxj IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124557. | CVSS3: 5.4 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу