Количество 312 573
Количество 312 573
GHSA-2c6c-5vmc-49j8
A stack-based buffer overflow vulnerability exists in the boa rollback_control_code functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.
GHSA-2c69-wcv6-7xgx
Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows remote attackers to execute arbitrary PHP code during (1) creation or (2) editing of a message.
GHSA-2c69-r2jh-xjvm
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.
GHSA-2c69-52h7-cm65
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order," aka "HTML Objects Memory Corruption Vulnerability" or "XHTML Rendering Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2258.
GHSA-2c67-p4xh-m34w
Cross-site Scripting (XSS) in Website Settings name field
GHSA-2c67-m4vp-q6p7
DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and passwords in the Codebank registry key, which allows local users to gain privileges.
GHSA-2c67-fjgj-8c9f
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsContentUtils::HoldJSObjects function and the nsAutoPtr class, and other vectors.
GHSA-2c66-c7h7-6vc9
Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to "unusual user interaction."
GHSA-2c66-48xv-6vjf
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "PCRE" product. Versions before 8.40 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
GHSA-2c66-2j8q-97x2
SGI MachineInfo CGI program, installed by default on some web servers, prints potentially sensitive system status information, which could be used by remote attackers for information gathering activities.
GHSA-2c65-rq62-fqhq
Path traversal in Gitblit
GHSA-2c64-xxfm-j63g
A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 and was fixed in versions 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.
GHSA-2c64-vmv2-hgfc
OpenFGA Improper Policy Enforcement
GHSA-2c64-vj8g-vwrq
Incorrect handling of credential expiry by /nats-io/nats-server
GHSA-2c64-8vwr-5pjm
Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote attackers to cause a denial of service (reboot) via long DHCP requests.
GHSA-2c64-8v4j-vw3m
Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.
GHSA-2c64-5hcr-p4hq
The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
GHSA-2c63-x392-hx7w
IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device.
GHSA-2c63-vgrp-m7w4
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'.
GHSA-2c63-fqw2-3fhm
A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an implementation error within the SSL/TLS session handling process that can prevent the release of a session handler under specific conditions. An attacker could exploit this vulnerability by sending crafted SSL/TLS traffic to an affected device, increasing the probability of session handler leaks. A successful exploit could allow the attacker to eventually deplete the available session handler pool, preventing new sessions from being established and causing a DoS condition.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-2c6c-5vmc-49j8 A stack-based buffer overflow vulnerability exists in the boa rollback_control_code functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability. | CVSS3: 7.2 | 1% Низкий | больше 1 года назад | |
GHSA-2c69-wcv6-7xgx Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows remote attackers to execute arbitrary PHP code during (1) creation or (2) editing of a message. | 1% Низкий | почти 4 года назад | ||
GHSA-2c69-r2jh-xjvm This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226. | CVSS3: 8.2 | 47% Средний | почти 3 года назад | |
GHSA-2c69-52h7-cm65 Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order," aka "HTML Objects Memory Corruption Vulnerability" or "XHTML Rendering Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2258. | 63% Средний | почти 4 года назад | ||
GHSA-2c67-p4xh-m34w Cross-site Scripting (XSS) in Website Settings name field | CVSS3: 5.4 | 0% Низкий | почти 3 года назад | |
GHSA-2c67-m4vp-q6p7 DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and passwords in the Codebank registry key, which allows local users to gain privileges. | 0% Низкий | почти 4 года назад | ||
GHSA-2c67-fjgj-8c9f Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsContentUtils::HoldJSObjects function and the nsAutoPtr class, and other vectors. | 2% Низкий | больше 3 лет назад | ||
GHSA-2c66-c7h7-6vc9 Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to "unusual user interaction." | 1% Низкий | больше 3 лет назад | ||
GHSA-2c66-48xv-6vjf An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "PCRE" product. Versions before 8.40 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | CVSS3: 9.8 | 2% Низкий | больше 3 лет назад | |
GHSA-2c66-2j8q-97x2 SGI MachineInfo CGI program, installed by default on some web servers, prints potentially sensitive system status information, which could be used by remote attackers for information gathering activities. | 1% Низкий | почти 4 года назад | ||
GHSA-2c65-rq62-fqhq Path traversal in Gitblit | CVSS3: 7.5 | 90% Критический | больше 3 лет назад | |
GHSA-2c64-xxfm-j63g A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 and was fixed in versions 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. | CVSS3: 4.3 | 0% Низкий | почти 2 года назад | |
GHSA-2c64-vmv2-hgfc OpenFGA Improper Policy Enforcement | 0% Низкий | 3 месяца назад | ||
GHSA-2c64-vj8g-vwrq Incorrect handling of credential expiry by /nats-io/nats-server | больше 4 лет назад | |||
GHSA-2c64-8vwr-5pjm Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote attackers to cause a denial of service (reboot) via long DHCP requests. | 4% Низкий | почти 4 года назад | ||
GHSA-2c64-8v4j-vw3m Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0. | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад | |
GHSA-2c64-5hcr-p4hq The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | CVSS3: 4.8 | 0% Низкий | больше 3 лет назад | |
GHSA-2c63-x392-hx7w IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device. | CVSS3: 4.6 | 0% Низкий | больше 1 года назад | |
GHSA-2c63-vgrp-m7w4 SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'. | CVSS3: 7.2 | 0% Низкий | больше 3 лет назад | |
GHSA-2c63-fqw2-3fhm A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an implementation error within the SSL/TLS session handling process that can prevent the release of a session handler under specific conditions. An attacker could exploit this vulnerability by sending crafted SSL/TLS traffic to an affected device, increasing the probability of session handler leaks. A successful exploit could allow the attacker to eventually deplete the available session handler pool, preventing new sessions from being established and causing a DoS condition. | CVSS3: 6.8 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу