Количество 312 573
Количество 312 573
GHSA-2ccf-c5mv-5962
core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to execute arbitrary commands via unspecified vectors.
GHSA-2ccc-6qjv-38cv
An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the link identification function.
GHSA-2ccc-5www-8g63
I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests.
GHSA-2cc9-cxg3-vpq8
Crob FTP Server 3.6.1 b.263 allows remote attackers to cause a denial of service via a long series of "?A" sequences in the (1) LIST and possibly (2) NLST command.
GHSA-2cc9-9pjp-x968
Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.
GHSA-2cc9-4c6w-32wj
Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advanced Database Cleaner plugin <= 3.1.1 versions.
GHSA-2cc9-295v-25m8
The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal's security advisory policy.
GHSA-2cc8-vf33-qm9m
Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
GHSA-2cc7-hf2m-fm3g
Juniper Networks Secure Access 2000 5.5 R1 (build 11711) allows remote attackers to obtain sensitive information via a direct request for remediate.cgi without certain parameters, which reveals the path in an "Execute failed" error message.
GHSA-2cc7-3qc5-55fm
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.
GHSA-2cc6-8cx7-5g22
Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: SWSE Server). Supported versions that are affected are 19.10 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N).
GHSA-2cc5-v43v-fh92
Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HLS playlist data. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25606.
GHSA-2cc5-8q8w-gqw8
Cross-Site Request Forgery (CSRF) vulnerability in Jettochkin Jet Footer Code allows Stored XSS.This issue affects Jet Footer Code: from n/a through 1.4.
GHSA-2cc5-8mh8-5c99
The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph.
GHSA-2cc5-887r-g8jc
Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0075.
GHSA-2cc5-429x-p387
Zenario Cross Site Scripting in the Image library
GHSA-2cc5-23r7-vc4v
Ratpack's default client side session signing key is highly predictable
GHSA-2cc2-vgh5-9gr4
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
GHSA-2cc2-mcjj-r4mp
The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post (such as draft and private) via an IDOR vector. Password protected posts are not affected by this issue.
GHSA-2c9x-whr5-j4x3
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remote_adde and server_name, which is an information disclosure.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-2ccf-c5mv-5962 core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to execute arbitrary commands via unspecified vectors. | 5% Низкий | больше 3 лет назад | ||
GHSA-2ccc-6qjv-38cv An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the link identification function. | CVSS3: 6.5 | 0% Низкий | 10 месяцев назад | |
GHSA-2ccc-5www-8g63 I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. | 1% Низкий | больше 3 лет назад | ||
GHSA-2cc9-cxg3-vpq8 Crob FTP Server 3.6.1 b.263 allows remote attackers to cause a denial of service via a long series of "?A" sequences in the (1) LIST and possibly (2) NLST command. | 7% Низкий | почти 4 года назад | ||
GHSA-2cc9-9pjp-x968 Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599. | 4% Низкий | больше 3 лет назад | ||
GHSA-2cc9-4c6w-32wj Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advanced Database Cleaner plugin <= 3.1.1 versions. | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад | |
GHSA-2cc9-295v-25m8 The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal's security advisory policy. | 0% Низкий | больше 3 лет назад | ||
GHSA-2cc8-vf33-qm9m Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket. | 25% Средний | больше 3 лет назад | ||
GHSA-2cc7-hf2m-fm3g Juniper Networks Secure Access 2000 5.5 R1 (build 11711) allows remote attackers to obtain sensitive information via a direct request for remediate.cgi without certain parameters, which reveals the path in an "Execute failed" error message. | 5% Низкий | почти 4 года назад | ||
GHSA-2cc7-3qc5-55fm A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1. | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад | |
GHSA-2cc6-8cx7-5g22 Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: SWSE Server). Supported versions that are affected are 19.10 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N). | CVSS3: 4.7 | 1% Низкий | больше 3 лет назад | |
GHSA-2cc5-v43v-fh92 Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HLS playlist data. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25606. | CVSS3: 8.8 | 0% Низкий | 10 месяцев назад | |
GHSA-2cc5-8q8w-gqw8 Cross-Site Request Forgery (CSRF) vulnerability in Jettochkin Jet Footer Code allows Stored XSS.This issue affects Jet Footer Code: from n/a through 1.4. | CVSS3: 7.1 | 0% Низкий | около 1 года назад | |
GHSA-2cc5-8mh8-5c99 The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph. | CVSS3: 5.5 | 0% Низкий | больше 3 лет назад | |
GHSA-2cc5-887r-g8jc Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0075. | CVSS3: 7.6 | 1% Низкий | больше 3 лет назад | |
GHSA-2cc5-429x-p387 Zenario Cross Site Scripting in the Image library | CVSS3: 5.4 | 0% Низкий | больше 1 года назад | |
GHSA-2cc5-23r7-vc4v Ratpack's default client side session signing key is highly predictable | CVSS3: 4.4 | 0% Низкий | больше 4 лет назад | |
GHSA-2cc2-vgh5-9gr4 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | CVSS3: 7.8 | 0% Низкий | почти 4 года назад | |
GHSA-2cc2-mcjj-r4mp The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post (such as draft and private) via an IDOR vector. Password protected posts are not affected by this issue. | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад | |
GHSA-2c9x-whr5-j4x3 An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remote_adde and server_name, which is an information disclosure. | CVSS3: 7.5 | 3% Низкий | около 3 лет назад |
Уязвимостей на страницу