Количество 312 573
Количество 312 573
GHSA-29pc-4j9r-26vc
Cross-Site Request Forgery (CSRF) vulnerability in WPSolr free WPSolr allows Privilege Escalation. This issue affects WPSolr: from n/a through 24.0.
GHSA-29p9-chjc-5c6w
The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token.
GHSA-29p9-8g79-v8jp
Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
GHSA-29p9-47jw-cjm2
Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via unspecified vectors.
GHSA-29p9-2mj3-cp4j
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Social Links allows Blind SQL Injection. This issue affects Social Links: from n/a through 1.2.
GHSA-29p8-v995-43v6
Buffer over-read vulnerabilities in an older version of ASN.1 parser in Snapdragon Mobile in versions SD 600.
GHSA-29p8-pmq2-84v3
SQL injection vulnerability in elkagroup Image Gallery allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI under news/.
GHSA-29p8-p94j-7f9c
HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to the root group, which allows remote authenticated eDirectory users to gain privileges.
GHSA-29p8-776w-hr3v
A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.
GHSA-29p6-95r6-cqqg
Stack-based buffer overflow in the semop system call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments.
GHSA-29p6-49p2-4mg8
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ive' shortcode in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on 'width' and 'height' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
GHSA-29p5-jqph-prvj
Adobe After Effects version 18.2.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
GHSA-29p5-chfq-8h6j
Dell Wyse Management Suite 3.6.1 and below contains Information Disclosure in Devices error pages. An attacker could potentially exploit this vulnerability, leading to the disclosure of certain sensitive information. The attacker may be able to use the exposed information to access and further vulnerability research.
GHSA-29p4-j6wv-3g22
Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode.
GHSA-29p3-gxfx-6jvv
CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access.
GHSA-29p3-gqrh-c7mr
The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, which allows local users to cause a denial of service (32-bit application failure and login outage) by opening a large number of sockets.
GHSA-29p2-p4jq-qf4p
An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image.
GHSA-29p2-mh35-x8wh
Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app.
GHSA-29p2-7jvf-2jvf
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'roll_no' parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database.
GHSA-29mx-jm4m-v9x5
Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-29pc-4j9r-26vc Cross-Site Request Forgery (CSRF) vulnerability in WPSolr free WPSolr allows Privilege Escalation. This issue affects WPSolr: from n/a through 24.0. | CVSS3: 8.8 | 0% Низкий | 10 месяцев назад | |
GHSA-29p9-chjc-5c6w The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token. | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад | |
GHSA-29p9-8g79-v8jp Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). | 0% Низкий | больше 3 лет назад | ||
GHSA-29p9-47jw-cjm2 Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via unspecified vectors. | 0% Низкий | больше 3 лет назад | ||
GHSA-29p9-2mj3-cp4j Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Social Links allows Blind SQL Injection. This issue affects Social Links: from n/a through 1.2. | CVSS3: 7.6 | 0% Низкий | 11 месяцев назад | |
GHSA-29p8-v995-43v6 Buffer over-read vulnerabilities in an older version of ASN.1 parser in Snapdragon Mobile in versions SD 600. | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад | |
GHSA-29p8-pmq2-84v3 SQL injection vulnerability in elkagroup Image Gallery allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI under news/. | 0% Низкий | почти 4 года назад | ||
GHSA-29p8-p94j-7f9c HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to the root group, which allows remote authenticated eDirectory users to gain privileges. | 0% Низкий | почти 4 года назад | ||
GHSA-29p8-776w-hr3v A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code. | CVSS3: 6.4 | 0% Низкий | больше 2 лет назад | |
GHSA-29p6-95r6-cqqg Stack-based buffer overflow in the semop system call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments. | 0% Низкий | почти 4 года назад | ||
GHSA-29p6-49p2-4mg8 The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ive' shortcode in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on 'width' and 'height' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | CVSS3: 6.4 | 0% Низкий | около 2 лет назад | |
GHSA-29p5-jqph-prvj Adobe After Effects version 18.2.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 1% Низкий | больше 3 лет назад | ||
GHSA-29p5-chfq-8h6j Dell Wyse Management Suite 3.6.1 and below contains Information Disclosure in Devices error pages. An attacker could potentially exploit this vulnerability, leading to the disclosure of certain sensitive information. The attacker may be able to use the exposed information to access and further vulnerability research. | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад | |
GHSA-29p4-j6wv-3g22 Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode. | 0% Низкий | около 4 лет назад | ||
GHSA-29p3-gxfx-6jvv CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access. | 0% Низкий | больше 3 лет назад | ||
GHSA-29p3-gqrh-c7mr The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, which allows local users to cause a denial of service (32-bit application failure and login outage) by opening a large number of sockets. | 0% Низкий | почти 4 года назад | ||
GHSA-29p2-p4jq-qf4p An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image. | CVSS3: 5.5 | 0% Низкий | больше 3 лет назад | |
GHSA-29p2-mh35-x8wh Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app. | 0% Низкий | больше 3 лет назад | ||
GHSA-29p2-7jvf-2jvf Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'roll_no' parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database. | CVSS3: 9.8 | около 2 лет назад | ||
GHSA-29mx-jm4m-v9x5 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability. | CVSS3: 7.8 | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу