Количество 314 458
Количество 314 458
GHSA-2v64-wgmh-whp9
BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can allow improper handling of SSL certificates validation.
GHSA-2v64-gq4j-wx65
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image processing engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution.
GHSA-2v63-g4wq-72pq
Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability.
GHSA-2v63-98q8-j2pr
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism to avoid CSRF. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device.
GHSA-2v62-w6hr-9gww
SQL injection vulnerability in Kostenloses Linkmanagementscript allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) top_view.php.
GHSA-2v62-48mq-rgvp
Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
GHSA-2v62-25cm-4v7w
NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution.
GHSA-2v5x-9xhg-52hm
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
GHSA-2v5w-x4f3-xf47
In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478078; Issue ID: ALPS06478078.
GHSA-2v5w-v683-c839
Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability via the deviceName parameter.
GHSA-2v5v-vwrw-9m56
Keyvan1 ImageGallery stores the image.mdb database under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.
GHSA-2v5r-gc72-7xcw
NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to the "autorized=admin; root=admin" value.
GHSA-2v5q-fm75-vvjv
Rejected reason: Not used
GHSA-2v5p-gw86-2385
A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.2 and below may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system.
GHSA-2v5p-5pj6-h3hp
Incorrect Authorization vulnerability in Drupal Entity Share allows Forceful Browsing.This issue affects Entity Share: from 0.0.0 before 3.13.0.
GHSA-2v5m-cq9w-fc33
Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality
GHSA-2v5m-7mpw-7w7j
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor allows Stored XSS.This issue affects Piotnet Addons For Elementor: from n/a through 2.4.31.
GHSA-2v5j-q74q-r53f
django-helpdesk is vulnerable to Cross-site Scripting
GHSA-2v5j-pf93-x5xr
webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to cause a denial of service via malformed ASN.1 packets in corrupt client certificates to an SSL server, as demonstrated using an exploit for the OpenSSL ASN.1 parsing vulnerability.
GHSA-2v5j-9wwc-q332
The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7.1 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-2v64-wgmh-whp9 BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can allow improper handling of SSL certificates validation. | CVSS3: 2.8 | 0% Низкий | около 1 года назад | |
GHSA-2v64-gq4j-wx65 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image processing engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution. | CVSS3: 8.8 | 8% Низкий | больше 3 лет назад | |
GHSA-2v63-g4wq-72pq Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability. | 75% Высокий | больше 3 лет назад | ||
GHSA-2v63-98q8-j2pr Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism to avoid CSRF. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device. | 0% Низкий | больше 3 лет назад | ||
GHSA-2v62-w6hr-9gww SQL injection vulnerability in Kostenloses Linkmanagementscript allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) top_view.php. | 1% Низкий | почти 4 года назад | ||
GHSA-2v62-48mq-rgvp Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. | 0% Низкий | больше 3 лет назад | ||
GHSA-2v62-25cm-4v7w NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution. | CVSS3: 7.3 | 0% Низкий | около 3 лет назад | |
GHSA-2v5x-9xhg-52hm An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. | CVSS3: 9.8 | 4% Низкий | больше 3 лет назад | |
GHSA-2v5w-x4f3-xf47 In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478078; Issue ID: ALPS06478078. | CVSS3: 4.4 | 0% Низкий | больше 3 лет назад | |
GHSA-2v5w-v683-c839 Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability via the deviceName parameter. | CVSS3: 8 | 0% Низкий | почти 2 года назад | |
GHSA-2v5v-vwrw-9m56 Keyvan1 ImageGallery stores the image.mdb database under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | 6% Низкий | почти 4 года назад | ||
GHSA-2v5r-gc72-7xcw NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to the "autorized=admin; root=admin" value. | 1% Низкий | почти 4 года назад | ||
GHSA-2v5q-fm75-vvjv Rejected reason: Not used | 3 месяца назад | |||
GHSA-2v5p-gw86-2385 A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.2 and below may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system. | 0% Низкий | больше 3 лет назад | ||
GHSA-2v5p-5pj6-h3hp Incorrect Authorization vulnerability in Drupal Entity Share allows Forceful Browsing.This issue affects Entity Share: from 0.0.0 before 3.13.0. | 0% Низкий | 11 дней назад | ||
GHSA-2v5m-cq9w-fc33 Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality | CVSS3: 7.2 | 0% Низкий | 4 месяца назад | |
GHSA-2v5m-7mpw-7w7j Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor allows Stored XSS.This issue affects Piotnet Addons For Elementor: from n/a through 2.4.31. | CVSS3: 6.5 | 0% Низкий | около 1 года назад | |
GHSA-2v5j-q74q-r53f django-helpdesk is vulnerable to Cross-site Scripting | CVSS3: 8.8 | 0% Низкий | около 4 лет назад | |
GHSA-2v5j-pf93-x5xr webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to cause a denial of service via malformed ASN.1 packets in corrupt client certificates to an SSL server, as demonstrated using an exploit for the OpenSSL ASN.1 parsing vulnerability. | 0% Низкий | почти 4 года назад | ||
GHSA-2v5j-9wwc-q332 The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7.1 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree. | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу