Количество 314 458
Количество 314 458
GHSA-2jq9-6xx7-3h29
`temporary` makes use of uninitialized memory
GHSA-2jq8-xw89-gcg8
The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2 allows remote attackers to execute arbitrary code via a packet with a crafted value that is dereferenced as a function pointer.
GHSA-2jq7-x2v9-98wx
ChangingTec MOTP system has a path traversal vulnerability. A remote attacker with administrator’s privilege can exploit this vulnerability to access arbitrary system files.
GHSA-2jq7-pgqq-gqqj
TYPO3 powermail extension allows remote attackers to bypass CAPTCHA protection mechanism
GHSA-2jq7-6vh9-gh84
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via error messages containing specially crafted object names. This allows malicious scripts to execute in users' browsers when administrators view error messages in the administration interface.
GHSA-2jq6-ffph-p4h8
Kubernetes arbitrary file overwrite
GHSA-2jq5-wq32-4rfq
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1.
GHSA-2jq4-cxqg-p845
The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to cause a denial of service (application crash) via a YES message without a newline character, which triggers a NULL dereference.
GHSA-2jq3-6582-8qfm
cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308).
GHSA-2jq2-vrj7-9mwc
PHP remote file inclusion vulnerability in common/visiteurs/include/menus.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter.
GHSA-2jq2-rfq2-wr2p
An issue was discovered on LG mobile devices with Android OS 10 software. There was no write protection for the MTK protect2 partition. The LG ID is LVE-SMP-200028 (January 2021).
GHSA-2jq2-fvrq-356x
The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.
GHSA-2jq2-7c47-2358
Unspecified vulnerability in the Siebel Core - Server OM Services component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via vectors related to Security - LDAP Security Adapter.
GHSA-2jq2-4fqx-jx67
Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue.
GHSA-2jpx-j4q3-c28w
File Upload vulnerability in NucleusCMS v.3.71 allows a remote attacker to execute arbitrary code via the /nucleus/plugins/skinfiles/?dir=rsd parameter.
GHSA-2jpx-h8j2-g8m4
Exposure of system-scoped Kubernetes credentials in Jenkins Kubernetes Credentials Provider Plugin
GHSA-2jpx-8fpp-54rx
Missing Authorization vulnerability in WP Happy Coders Posts Like Dislike allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Posts Like Dislike: from n/a through 1.1.0.
GHSA-2jpw-g3p8-3vqg
A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /oews/classes/Master.php?f=delete_stock. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
GHSA-2jpw-fpqf-qc7g
An arbitrary code execution vulnerability exists in the adm.cgi set_MeshAp() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
GHSA-2jpv-mgvf-9659
In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix races between xattr_{set|get} and listxattr operations UBIFS may occur some problems with concurrent xattr_{set|get} and listxattr operations, such as assertion failure, memory corruption, stale xattr value[1]. Fix it by importing a new rw-lock in @ubifs_inode to serilize write operations on xattr, concurrent read operations are still effective, just like ext4. [1] https://lore.kernel.org/linux-mtd/20200630130438.141649-1-houtao1@huawei.com
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-2jq9-6xx7-3h29 `temporary` makes use of uninitialized memory | больше 3 лет назад | ||
| GHSA-2jq8-xw89-gcg8 The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2 allows remote attackers to execute arbitrary code via a packet with a crafted value that is dereferenced as a function pointer. | 10% Средний | почти 4 года назад | |
| GHSA-2jq7-x2v9-98wx ChangingTec MOTP system has a path traversal vulnerability. A remote attacker with administrator’s privilege can exploit this vulnerability to access arbitrary system files. | CVSS3: 4.9 | 0% Низкий | больше 2 лет назад |
| GHSA-2jq7-pgqq-gqqj TYPO3 powermail extension allows remote attackers to bypass CAPTCHA protection mechanism | 0% Низкий | больше 3 лет назад | |
| GHSA-2jq7-6vh9-gh84 A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via error messages containing specially crafted object names. This allows malicious scripts to execute in users' browsers when administrators view error messages in the administration interface. | CVSS3: 4.6 | 0% Низкий | около 2 месяцев назад |
| GHSA-2jq6-ffph-p4h8 Kubernetes arbitrary file overwrite | CVSS3: 5.5 | 1% Низкий | больше 3 лет назад |
| GHSA-2jq5-wq32-4rfq Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1. | CVSS3: 6.5 | 0% Низкий | почти 2 года назад |
| GHSA-2jq4-cxqg-p845 The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to cause a denial of service (application crash) via a YES message without a newline character, which triggers a NULL dereference. | 1% Низкий | почти 4 года назад | |
| GHSA-2jq3-6582-8qfm cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308). | 0% Низкий | больше 3 лет назад | |
| GHSA-2jq2-vrj7-9mwc PHP remote file inclusion vulnerability in common/visiteurs/include/menus.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter. | 9% Низкий | почти 4 года назад | |
| GHSA-2jq2-rfq2-wr2p An issue was discovered on LG mobile devices with Android OS 10 software. There was no write protection for the MTK protect2 partition. The LG ID is LVE-SMP-200028 (January 2021). | 0% Низкий | больше 3 лет назад | |
| GHSA-2jq2-fvrq-356x The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet. | CVSS3: 5.9 | 9% Низкий | больше 3 лет назад |
| GHSA-2jq2-7c47-2358 Unspecified vulnerability in the Siebel Core - Server OM Services component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via vectors related to Security - LDAP Security Adapter. | 0% Низкий | больше 3 лет назад | |
| GHSA-2jq2-4fqx-jx67 Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue. | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
| GHSA-2jpx-j4q3-c28w File Upload vulnerability in NucleusCMS v.3.71 allows a remote attacker to execute arbitrary code via the /nucleus/plugins/skinfiles/?dir=rsd parameter. | CVSS3: 9.8 | 1% Низкий | больше 2 лет назад |
| GHSA-2jpx-h8j2-g8m4 Exposure of system-scoped Kubernetes credentials in Jenkins Kubernetes Credentials Provider Plugin | CVSS3: 6.5 | 1% Низкий | около 3 лет назад |
| GHSA-2jpx-8fpp-54rx Missing Authorization vulnerability in WP Happy Coders Posts Like Dislike allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Posts Like Dislike: from n/a through 1.1.0. | CVSS3: 5.3 | 0% Низкий | около 1 года назад |
| GHSA-2jpw-g3p8-3vqg A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /oews/classes/Master.php?f=delete_stock. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | CVSS3: 6.3 | 0% Низкий | 10 месяцев назад |
| GHSA-2jpw-fpqf-qc7g An arbitrary code execution vulnerability exists in the adm.cgi set_MeshAp() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | CVSS3: 9.1 | 1% Низкий | около 1 года назад |
| GHSA-2jpv-mgvf-9659 In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix races between xattr_{set|get} and listxattr operations UBIFS may occur some problems with concurrent xattr_{set|get} and listxattr operations, such as assertion failure, memory corruption, stale xattr value[1]. Fix it by importing a new rw-lock in @ubifs_inode to serilize write operations on xattr, concurrent read operations are still effective, just like ext4. [1] https://lore.kernel.org/linux-mtd/20200630130438.141649-1-houtao1@huawei.com | CVSS3: 5.5 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу