Количество 311 288
Количество 311 288
GHSA-2jcp-64q4-69c4
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access sensitive user data when resolving symlinks.
GHSA-2jcp-473g-fc9m
Windows upnphost.dll Denial of Service Vulnerability
GHSA-2jcm-hjv4-6679
SQL injection vulnerability in the UnbDbEncode function in unb_lib/database.lib.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to execute arbitrary SQL commands via the Query parameter in a search action to forum.php, a different vector than CVE-2005-3686.
GHSA-2jcm-5xf4-f336
The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce validation in the "Import Using CSV File" function. This makes it possible for unauthenticated attackers to elevate user privileges by creating arbitrary accounts with administrator privileges via a forged request, provided they can trick a site administrator into performing an action such as clicking on a link.
GHSA-2jcj-vrgw-29h7
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300212C.
GHSA-2jch-w7cm-rw24
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.
GHSA-2jch-qc96-9f5g
Flowise Cross-site Scripting in api/v1/chatflows/id
GHSA-2jcg-qqf4-66c8
The (1) texmacs and (2) tm_mupad_help scripts in TeXmacs 1.0.7.4 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
GHSA-2jcg-ch57-hfxf
install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code.
GHSA-2jcg-8888-49p2
Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the (1) date parameter in index.php or bypass authentication via the (2) password parameter in admin/index.php.
GHSA-2jcg-6j47-2v6m
In ONAP Logging through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.
GHSA-2jcg-3vg6-cmgv
In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c.
GHSA-2jcf-pv2j-gqvq
Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.
GHSA-2jcf-hjwv-mmmw
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.
GHSA-2jc9-qrm4-9mjw
The Sleipnir Mobile application 2.9.1 and earlier and Sleipnir Mobile Black Edition application 2.9.1 and earlier for Android allow remote attackers to spoof the address bar via vectors involving the opening of a new window.
GHSA-2jc9-36w4-pmqw
libarchive Remote Code Execution Vulnerability
GHSA-2jc8-q67j-9cf8
HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By putting a common XSS payload in a markdown file, if opened with the app, will execute several times.
GHSA-2jc8-mfwm-m64g
The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models/partner_compassion.py.
GHSA-2jc8-4r6g-282j
python-gnupg's shell_quote function does not properly escape characters
GHSA-2jc7-rj7p-gqwv
A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/vacancy/index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257370 is the identifier assigned to this vulnerability.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-2jcp-64q4-69c4 This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access sensitive user data when resolving symlinks. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад | |
GHSA-2jcp-473g-fc9m Windows upnphost.dll Denial of Service Vulnerability | CVSS3: 7.5 | 3% Низкий | около 1 года назад | |
GHSA-2jcm-hjv4-6679 SQL injection vulnerability in the UnbDbEncode function in unb_lib/database.lib.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to execute arbitrary SQL commands via the Query parameter in a search action to forum.php, a different vector than CVE-2005-3686. | 0% Низкий | почти 4 года назад | ||
GHSA-2jcm-5xf4-f336 The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce validation in the "Import Using CSV File" function. This makes it possible for unauthenticated attackers to elevate user privileges by creating arbitrary accounts with administrator privileges via a forged request, provided they can trick a site administrator into performing an action such as clicking on a link. | CVSS3: 8.8 | 0% Низкий | 2 месяца назад | |
GHSA-2jcj-vrgw-29h7 In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300212C. | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад | |
GHSA-2jch-w7cm-rw24 Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209. | 1% Низкий | больше 3 лет назад | ||
GHSA-2jch-qc96-9f5g Flowise Cross-site Scripting in api/v1/chatflows/id | CVSS3: 6.1 | 0% Низкий | больше 1 года назад | |
GHSA-2jcg-qqf4-66c8 The (1) texmacs and (2) tm_mupad_help scripts in TeXmacs 1.0.7.4 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 0% Низкий | больше 3 лет назад | ||
GHSA-2jcg-ch57-hfxf install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code. | 0% Низкий | почти 4 года назад | ||
GHSA-2jcg-8888-49p2 Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the (1) date parameter in index.php or bypass authentication via the (2) password parameter in admin/index.php. | 2% Низкий | почти 4 года назад | ||
GHSA-2jcg-6j47-2v6m In ONAP Logging through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | 0% Низкий | больше 3 лет назад | ||
GHSA-2jcg-3vg6-cmgv In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c. | 0% Низкий | больше 3 лет назад | ||
GHSA-2jcf-pv2j-gqvq Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452. | 0% Низкий | почти 4 года назад | ||
GHSA-2jcf-hjwv-mmmw NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure. | CVSS3: 7.5 | 0% Низкий | около 2 лет назад | |
GHSA-2jc9-qrm4-9mjw The Sleipnir Mobile application 2.9.1 and earlier and Sleipnir Mobile Black Edition application 2.9.1 and earlier for Android allow remote attackers to spoof the address bar via vectors involving the opening of a new window. | 0% Низкий | больше 3 лет назад | ||
GHSA-2jc9-36w4-pmqw libarchive Remote Code Execution Vulnerability | CVSS3: 7.8 | 41% Средний | почти 2 года назад | |
GHSA-2jc8-q67j-9cf8 HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By putting a common XSS payload in a markdown file, if opened with the app, will execute several times. | CVSS3: 6.1 | 0% Низкий | почти 4 года назад | |
GHSA-2jc8-mfwm-m64g The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models/partner_compassion.py. | CVSS3: 9.8 | 0% Низкий | больше 3 лет назад | |
GHSA-2jc8-4r6g-282j python-gnupg's shell_quote function does not properly escape characters | CVSS3: 7.5 | 0% Низкий | больше 7 лет назад | |
GHSA-2jc7-rj7p-gqwv A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/vacancy/index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257370 is the identifier assigned to this vulnerability. | CVSS3: 6.3 | 0% Низкий | почти 2 года назад |
Уязвимостей на страницу