Количество 312 573
Количество 312 573
GHSA-2fc8-f6cq-59vj
Pradeep Makone wordpress Support Plus Responsive Ticket System version 9.0.2 and earlier contains a SQL Injection vulnerability in the function to get tickets, the parameter email in cookie was injected that can result in filter the parameter. This attack appear to be exploitable via web site, without login. This vulnerability appears to have been fixed in 9.0.3 and later.
GHSA-2fc8-2w75-6pjh
Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS.
GHSA-2fc7-57pg-9g23
IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279977.
GHSA-2fc6-qgjv-7hw5
Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Neon Channel Product Customizer Free: from n/a through 2.0.
GHSA-2fc6-fh8m-r4wf
OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
GHSA-2fc6-73c9-q328
IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. IBM X-Force ID: 192642.
GHSA-2fc6-6f56-6w7m
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is the function delete_cart of the file /oews/classes/Master.php?f=delete_cart. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
GHSA-2fc6-449p-gv59
Beckwith Electric M-6200 Digital Voltage Regulator Control with firmware before D-0198V04.07.00, M-6200A Digital Voltage Regulator Control with firmware before D-0228V02.01.07, M-2001D Digital Tapchanger Control with firmware before D-0214V01.10.04, M-6283A Three Phase Digital Capacitor Bank Control with firmware before D-0346V03.00.02, M-6280A Digital Capacitor Bank Control with firmware before D-0254V03.05.05, and M-6280 Digital Capacitor Bank Control do not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.
GHSA-2fc5-xwgx-gmqm
PrestaShop cdesigner < 3.1.9 is vulnerable to SQL Injection via CdesignerTraitementModuleFrontController::initContent().
GHSA-2fc5-f5mf-j7xp
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetservicecfg function.
GHSA-2fc5-5jjf-fmx7
The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact.
GHSA-2fc3-r2jr-m2w4
Incorrect default permissions for some Intel(R) DSA installer for Windows before version 24.2.19.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
GHSA-2fc3-hgx7-wphv
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459.
GHSA-2fc3-gg5g-pf65
In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed.
GHSA-2fc3-2632-rc34
M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted.
GHSA-2fc2-v762-gmfr
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Hostname parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
GHSA-2fc2-f8gj-8hm5
Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
GHSA-2fc2-6r4j-p65h
Numpy arbitrary file write via symlink attack
GHSA-2f9x-cj33-r657
Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
GHSA-2f9x-5v75-3qv4
Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-2fc8-f6cq-59vj Pradeep Makone wordpress Support Plus Responsive Ticket System version 9.0.2 and earlier contains a SQL Injection vulnerability in the function to get tickets, the parameter email in cookie was injected that can result in filter the parameter. This attack appear to be exploitable via web site, without login. This vulnerability appears to have been fixed in 9.0.3 and later. | CVSS3: 9.8 | 1% Низкий | больше 3 лет назад | |
GHSA-2fc8-2w75-6pjh Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. | 1% Низкий | больше 3 лет назад | ||
GHSA-2fc7-57pg-9g23 IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279977. | CVSS3: 5.1 | 0% Низкий | почти 2 года назад | |
GHSA-2fc6-qgjv-7hw5 Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Neon Channel Product Customizer Free: from n/a through 2.0. | CVSS3: 7.5 | 0% Низкий | 6 месяцев назад | |
GHSA-2fc6-fh8m-r4wf OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад | |
GHSA-2fc6-73c9-q328 IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. IBM X-Force ID: 192642. | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад | |
GHSA-2fc6-6f56-6w7m A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is the function delete_cart of the file /oews/classes/Master.php?f=delete_cart. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | CVSS3: 6.3 | 0% Низкий | 9 месяцев назад | |
GHSA-2fc6-449p-gv59 Beckwith Electric M-6200 Digital Voltage Regulator Control with firmware before D-0198V04.07.00, M-6200A Digital Voltage Regulator Control with firmware before D-0228V02.01.07, M-2001D Digital Tapchanger Control with firmware before D-0214V01.10.04, M-6283A Three Phase Digital Capacitor Bank Control with firmware before D-0346V03.00.02, M-6280A Digital Capacitor Bank Control with firmware before D-0254V03.05.05, and M-6280 Digital Capacitor Bank Control do not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. | 0% Низкий | больше 3 лет назад | ||
GHSA-2fc5-xwgx-gmqm PrestaShop cdesigner < 3.1.9 is vulnerable to SQL Injection via CdesignerTraitementModuleFrontController::initContent(). | CVSS3: 9.8 | 0% Низкий | больше 2 лет назад | |
GHSA-2fc5-f5mf-j7xp The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetservicecfg function. | 0% Низкий | больше 3 лет назад | ||
GHSA-2fc5-5jjf-fmx7 The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact. | CVSS3: 9.8 | 0% Низкий | больше 3 лет назад | |
GHSA-2fc3-r2jr-m2w4 Incorrect default permissions for some Intel(R) DSA installer for Windows before version 24.2.19.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | CVSS3: 6.7 | 0% Низкий | 12 месяцев назад | |
GHSA-2fc3-hgx7-wphv Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459. | 8% Низкий | больше 3 лет назад | ||
GHSA-2fc3-gg5g-pf65 In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. | CVSS3: 9.8 | 0% Низкий | больше 3 лет назад | |
GHSA-2fc3-2632-rc34 M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted. | 0% Низкий | больше 3 лет назад | ||
GHSA-2fc2-v762-gmfr This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Hostname parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system. | CVSS3: 6.9 | 0% Низкий | около 2 лет назад | |
GHSA-2fc2-f8gj-8hm5 Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 0% Низкий | почти 4 года назад | ||
GHSA-2fc2-6r4j-p65h Numpy arbitrary file write via symlink attack | CVSS3: 5.5 | 0% Низкий | больше 3 лет назад | |
GHSA-2f9x-cj33-r657 Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | 0% Низкий | больше 3 лет назад | ||
GHSA-2f9x-5v75-3qv4 Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters | CVSS3: 5.3 | 1% Низкий | около 7 лет назад |
Уязвимостей на страницу