Количество 314 458
Количество 314 458
GHSA-2h6m-qr7j-x4hf
Vulnerability in the Oracle Fusion Middleware component of Oracle Fusion Middleware (subcomponent: Oracle Notification Service). Supported versions that are affected are 12.2.1.2 and 12.2.1.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Fusion Middleware accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).
GHSA-2h6j-3v9m-2v47
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Accept Donations with PayPal easy-paypal-donation allows Phishing.This issue affects Accept Donations with PayPal: from n/a through <= 1.5.1.
GHSA-2h6h-vv39-q7cf
Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver.
GHSA-2h6h-vcrw-57ff
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix potential UAF in nfsd4_cb_getattr_release Once we drop the delegation reference, the fields embedded in it are no longer safe to access. Do that last.
GHSA-2h6h-f2x3-xhhh
Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in CSP violation reports, which allows remote attackers to obtain sensitive information via a web site that receives a report after a redirect.
GHSA-2h6h-4q8g-8rmw
The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.
GHSA-2h6g-8hmj-4mpg
win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
GHSA-2h6g-3hxf-g52r
Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist.
GHSA-2h6f-r3qq-rcwx
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001, CVE-2019-1004, CVE-2019-1059.
GHSA-2h6f-jv94-879x
IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources.
GHSA-2h6c-r45x-r8w4
Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
GHSA-2h6c-m9mj-xfcf
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
GHSA-2h6c-j3gf-xp9r
IPFS go-bitfield vulnerable to DoS via malformed size arguments
GHSA-2h6c-9r57-fm42
Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via the (1) harf parameter in kullanicilistesi.asp and (2) baslik parameter in forum.asp.
GHSA-2h6c-6jr9-g2xg
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
GHSA-2h68-mcf3-8qvh
Cross-site scripting vulnerability in EC-CUBE Business form output plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecified vector.
GHSA-2h68-7p8g-777r
cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the ServerName parameter and (2) other unspecified parameters.
GHSA-2h68-4vmh-prhj
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.
GHSA-2h67-7cm6-5mr3
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.
GHSA-2h67-2jh9-2x74
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsc” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-2h6m-qr7j-x4hf Vulnerability in the Oracle Fusion Middleware component of Oracle Fusion Middleware (subcomponent: Oracle Notification Service). Supported versions that are affected are 12.2.1.2 and 12.2.1.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Fusion Middleware accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). | CVSS3: 6.5 | 1% Низкий | больше 3 лет назад | |
GHSA-2h6j-3v9m-2v47 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Accept Donations with PayPal easy-paypal-donation allows Phishing.This issue affects Accept Donations with PayPal: from n/a through <= 1.5.1. | CVSS3: 6.1 | 0% Низкий | около 2 месяцев назад | |
GHSA-2h6h-vv39-q7cf Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver. | CVSS3: 8.1 | 1% Низкий | почти 4 года назад | |
GHSA-2h6h-vcrw-57ff In the Linux kernel, the following vulnerability has been resolved: nfsd: fix potential UAF in nfsd4_cb_getattr_release Once we drop the delegation reference, the fields embedded in it are no longer safe to access. Do that last. | CVSS3: 7.8 | 0% Низкий | больше 1 года назад | |
GHSA-2h6h-f2x3-xhhh Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in CSP violation reports, which allows remote attackers to obtain sensitive information via a web site that receives a report after a redirect. | 0% Низкий | больше 3 лет назад | ||
GHSA-2h6h-4q8g-8rmw The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file. | CVSS3: 6.5 | 1% Низкий | больше 3 лет назад | |
GHSA-2h6g-8hmj-4mpg win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | 28% Средний | больше 3 лет назад | ||
GHSA-2h6g-3hxf-g52r Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist. | 6% Низкий | почти 4 года назад | ||
GHSA-2h6f-r3qq-rcwx A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001, CVE-2019-1004, CVE-2019-1059. | 4% Низкий | больше 3 лет назад | ||
GHSA-2h6f-jv94-879x IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. | CVSS3: 8.1 | 0% Низкий | больше 3 лет назад | |
GHSA-2h6c-r45x-r8w4 Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | 56% Средний | почти 4 года назад | ||
GHSA-2h6c-m9mj-xfcf Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | почти 2 года назад | |||
GHSA-2h6c-j3gf-xp9r IPFS go-bitfield vulnerable to DoS via malformed size arguments | CVSS3: 5.9 | 0% Низкий | почти 3 года назад | |
GHSA-2h6c-9r57-fm42 Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via the (1) harf parameter in kullanicilistesi.asp and (2) baslik parameter in forum.asp. | 1% Низкий | почти 4 года назад | ||
GHSA-2h6c-6jr9-g2xg Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | 9 месяцев назад | |||
GHSA-2h68-mcf3-8qvh Cross-site scripting vulnerability in EC-CUBE Business form output plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecified vector. | 0% Низкий | больше 3 лет назад | ||
GHSA-2h68-7p8g-777r cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the ServerName parameter and (2) other unspecified parameters. | 72% Высокий | больше 3 лет назад | ||
GHSA-2h68-4vmh-prhj A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object. | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад | |
GHSA-2h67-7cm6-5mr3 Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT. | 0% Низкий | больше 3 лет назад | ||
GHSA-2h67-2jh9-2x74 Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsc” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | CVSS3: 8.8 | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу