Количество 312 573
Количество 312 573
GHSA-29h7-98xg-7fp5
A vulnerability of XPlatform could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of improper classes. This issue affects: Tobesoft XPlatform versions prior to 9.2.2.280.
GHSA-29h6-xjp2-cgj2
A buffer overflow vulnerability in external device function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.
GHSA-29h6-ggvx-w3vw
An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings.
GHSA-29h6-7mm5-5wf8
An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.
GHSA-29h6-3fpg-r7jh
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'.
GHSA-29h5-x7wq-q49w
Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection."
GHSA-29h4-m8qc-28hv
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\cashadvance_edit.php.
GHSA-29h4-jchc-9446
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
GHSA-29h4-7v22-wvxg
Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser
GHSA-29h3-7qgp-vff3
A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier.
GHSA-29h2-5h98-8vhx
Bluebird devices contain a pre-loaded barcode scanner application. This application exposes an unsecured broadcast receiver "kr.co.bluebird.android.bbsettings.BootReceiver". A local attacker can call the receiver to overwrite file containing ".json" keyword with default barcode config file. It is possible to overwrite file in any location due to lack of protection against path traversal in name of the file. This issue affects all versions before 1.3.3.
GHSA-29gx-jmhj-rrx9
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Resource Manager.
GHSA-29gx-388f-w262
Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote attackers to inject arbitrary web script or HTML via the (1) the email parameter of add.php or (2) the banner URL (banurl parameter) in the main list.
GHSA-29gw-r2hj-fm58
Through the exploitation of active user sessions, an attacker could send custom requests to cause a denial-of-service condition on the device.
GHSA-29gw-9793-fvw7
IPython vulnerable to command injection via set_term_title
GHSA-29gv-cv9c-r93w
This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device.
GHSA-29gr-w57f-rpfw
actionpack vulnerable to Path Traversal
GHSA-29gq-wq8x-vfcr
The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.
GHSA-29gq-rw72-mrqg
In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer overflow in XML parsing from Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service allows attackers to execute code with the affected service's privileges, compromise the service's integrity, leak sensitive information, or crash the service. These attacks could be done via a remote malicious RTPS message; a compromised call with malicious parameters to the RTI_RoutingService_new, rti::recording::Service, RTI_QueuingService_new, or RTI_CDS_Service_new public APIs; or a compromised local file system containing a malicious XML file.
GHSA-29gq-h27w-54qf
Jenkins VS Team Services Continuous Deployment Plugin stores credentials in plain text
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-29h7-98xg-7fp5 A vulnerability of XPlatform could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of improper classes. This issue affects: Tobesoft XPlatform versions prior to 9.2.2.280. | 1% Низкий | больше 3 лет назад | ||
GHSA-29h6-xjp2-cgj2 A buffer overflow vulnerability in external device function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. | CVSS3: 9.8 | 7% Низкий | больше 3 лет назад | |
GHSA-29h6-ggvx-w3vw An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings. | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад | |
GHSA-29h6-7mm5-5wf8 An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file. | CVSS3: 4.8 | 0% Низкий | почти 3 года назад | |
GHSA-29h6-3fpg-r7jh Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'. | CVSS3: 6.5 | 0% Низкий | больше 3 лет назад | |
GHSA-29h5-x7wq-q49w Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection." | 0% Низкий | больше 3 лет назад | ||
GHSA-29h4-m8qc-28hv Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\cashadvance_edit.php. | CVSS3: 8.8 | 0% Низкий | почти 4 года назад | |
GHSA-29h4-jchc-9446 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | 2% Низкий | больше 3 лет назад | ||
GHSA-29h4-7v22-wvxg Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser | CVSS3: 4.8 | 0% Низкий | больше 2 лет назад | |
GHSA-29h3-7qgp-vff3 A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier. | CVSS3: 9.8 | 12% Средний | больше 3 лет назад | |
GHSA-29h2-5h98-8vhx Bluebird devices contain a pre-loaded barcode scanner application. This application exposes an unsecured broadcast receiver "kr.co.bluebird.android.bbsettings.BootReceiver". A local attacker can call the receiver to overwrite file containing ".json" keyword with default barcode config file. It is possible to overwrite file in any location due to lack of protection against path traversal in name of the file. This issue affects all versions before 1.3.3. | 0% Низкий | 7 месяцев назад | ||
GHSA-29gx-jmhj-rrx9 Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Resource Manager. | 0% Низкий | почти 4 года назад | ||
GHSA-29gx-388f-w262 Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote attackers to inject arbitrary web script or HTML via the (1) the email parameter of add.php or (2) the banner URL (banurl parameter) in the main list. | 0% Низкий | почти 4 года назад | ||
GHSA-29gw-r2hj-fm58 Through the exploitation of active user sessions, an attacker could send custom requests to cause a denial-of-service condition on the device. | CVSS3: 9.6 | 0% Низкий | около 2 лет назад | |
GHSA-29gw-9793-fvw7 IPython vulnerable to command injection via set_term_title | CVSS3: 4.5 | 0% Низкий | почти 3 года назад | |
GHSA-29gv-cv9c-r93w This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device. | CVSS3: 8.6 | 0% Низкий | 29 дней назад | |
GHSA-29gr-w57f-rpfw actionpack vulnerable to Path Traversal | 0% Низкий | больше 8 лет назад | ||
GHSA-29gq-wq8x-vfcr The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification. | CVSS3: 5.9 | 0% Низкий | около 3 лет назад | |
GHSA-29gq-rw72-mrqg In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer overflow in XML parsing from Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service allows attackers to execute code with the affected service's privileges, compromise the service's integrity, leak sensitive information, or crash the service. These attacks could be done via a remote malicious RTPS message; a compromised call with malicious parameters to the RTI_RoutingService_new, rti::recording::Service, RTI_QueuingService_new, or RTI_CDS_Service_new public APIs; or a compromised local file system containing a malicious XML file. | CVSS3: 7.3 | 0% Низкий | больше 1 года назад | |
GHSA-29gq-h27w-54qf Jenkins VS Team Services Continuous Deployment Plugin stores credentials in plain text | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу