Количество 312 573
Количество 312 573
GHSA-xwwf-377r-5q8m
Windows App-V Overlay Filter Elevation of Privilege Vulnerability
GHSA-xwwc-ccjq-jggg
An issue was discovered in Faronics Insight 10.0.19045 on Windows. A suitably positioned attacker could perform a man-in-the-middle attack on either a connected student or teacher, enabling them to intercept student keystrokes or modify executable files being sent from teachers to students.
GHSA-xww9-gc2f-7jf6
There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI.
GHSA-xww9-8g2p-wvcf
An information disclosure vulnerability in Package Manager could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 7.0. Android ID: A-31251489.
GHSA-xww9-82cx-c8c3
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0320, and CVE-2015-0322.
GHSA-xww8-g9jm-p823
Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode, allows remote attackers to execute arbitrary code via a long filename in a GET request with an "Accept-Encoding: gzip" header.
GHSA-xww8-2w72-55w2
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.
GHSA-xww7-r455-w3qp
Cross-site request forgery (CSRF) vulnerability in Resource Data Management Data Manager before 2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
GHSA-xww7-5f37-vrcg
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! allows Stored XSS.This issue affects Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease!: from n/a through 2.0.4.1.
GHSA-xww6-q5p3-h6pp
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices are vulnerable to an authentication bypass. This could allow a non-privileged local attacker to bypass the authentication of the SINEMA Remote Connect Edge Client, and to read and modify the configuration parameters.
GHSA-xww6-9qvq-r7pr
A vulnerability in management interface access control list (ACL) configuration of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to bypass configured ACLs on the management interface. This could allow traffic to be forwarded to the NX-OS CPU for processing, leading to high CPU utilization and a denial of service (DoS) condition. The vulnerability is due to a bad code fix in the 7.3.2 code train that could allow traffic to the management interface to be misclassified and not match the proper configured ACLs. An attacker could exploit this vulnerability by sending crafted traffic to the management interface. An exploit could allow the attacker to bypass the configured management interface ACLs and impact the CPU of the targeted device, resulting in a DoS condition. This vulnerability affects the following Cisco products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 5500 Pla...
GHSA-xww5-hh94-wcq9
The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.
GHSA-xww5-ggv5-g549
A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux Enterprise Server 15-SP2 s390-tools versions prior to 2.11.0-9.20.1.
GHSA-xww5-2rwh-r562
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Famous - Responsive Image And Video Grid Gallery WordPress Plugin famous_grid_image_and_video_gallery allows Reflected XSS.This issue affects Famous - Responsive Image And Video Grid Gallery WordPress Plugin: from n/a through <= 1.4.
GHSA-xww4-w6ff-5q3g
thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management
GHSA-xww4-pqp6-xq6h
An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The dongle opens an unprotected wireless LAN that cannot be configured with encryption or a password. This enables anyone within the range of the WLAN to connect to the network without authentication.
GHSA-xww4-377p-p343
Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. NOTE: a design goal of the NASL language is to facilitate sharing of security tests by guaranteeing that a script "can not do anything nasty." This issue is appropriate for CVE only if Nessus users have an expectation that a split statement will not use excessive memory.
GHSA-xww4-245x-xq3g
Multiple cross-site scripting (XSS) vulnerabilities in out/out.UsrMgr.php in LetoDMS (formerly MyDMS) before 3.3.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
GHSA-xww3-w346-xq3w
Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags.
GHSA-xww2-w37x-3jh9
Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-xwwf-377r-5q8m Windows App-V Overlay Filter Elevation of Privilege Vulnerability | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад | |
GHSA-xwwc-ccjq-jggg An issue was discovered in Faronics Insight 10.0.19045 on Windows. A suitably positioned attacker could perform a man-in-the-middle attack on either a connected student or teacher, enabling them to intercept student keystrokes or modify executable files being sent from teachers to students. | CVSS3: 7.4 | 0% Низкий | больше 2 лет назад | |
GHSA-xww9-gc2f-7jf6 There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI. | CVSS3: 6.1 | 3% Низкий | больше 3 лет назад | |
GHSA-xww9-8g2p-wvcf An information disclosure vulnerability in Package Manager could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 7.0. Android ID: A-31251489. | CVSS3: 4.7 | 0% Низкий | больше 3 лет назад | |
GHSA-xww9-82cx-c8c3 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0320, and CVE-2015-0322. | 4% Низкий | больше 3 лет назад | ||
GHSA-xww8-g9jm-p823 Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode, allows remote attackers to execute arbitrary code via a long filename in a GET request with an "Accept-Encoding: gzip" header. | 10% Низкий | почти 4 года назад | ||
GHSA-xww8-2w72-55w2 Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42. | 0% Низкий | больше 3 лет назад | ||
GHSA-xww7-r455-w3qp Cross-site request forgery (CSRF) vulnerability in Resource Data Management Data Manager before 2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 0% Низкий | больше 3 лет назад | ||
GHSA-xww7-5f37-vrcg Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! allows Stored XSS.This issue affects Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease!: from n/a through 2.0.4.1. | CVSS3: 5.9 | 0% Низкий | около 2 лет назад | |
GHSA-xww6-q5p3-h6pp A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices are vulnerable to an authentication bypass. This could allow a non-privileged local attacker to bypass the authentication of the SINEMA Remote Connect Edge Client, and to read and modify the configuration parameters. | CVSS3: 7.1 | 0% Низкий | 9 месяцев назад | |
GHSA-xww6-9qvq-r7pr A vulnerability in management interface access control list (ACL) configuration of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to bypass configured ACLs on the management interface. This could allow traffic to be forwarded to the NX-OS CPU for processing, leading to high CPU utilization and a denial of service (DoS) condition. The vulnerability is due to a bad code fix in the 7.3.2 code train that could allow traffic to the management interface to be misclassified and not match the proper configured ACLs. An attacker could exploit this vulnerability by sending crafted traffic to the management interface. An exploit could allow the attacker to bypass the configured management interface ACLs and impact the CPU of the targeted device, resulting in a DoS condition. This vulnerability affects the following Cisco products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 5500 Pla... | CVSS3: 7.5 | 2% Низкий | больше 3 лет назад | |
GHSA-xww5-hh94-wcq9 The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. | 0% Низкий | больше 3 лет назад | ||
GHSA-xww5-ggv5-g549 A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux Enterprise Server 15-SP2 s390-tools versions prior to 2.11.0-9.20.1. | CVSS3: 3.3 | 0% Низкий | больше 3 лет назад | |
GHSA-xww5-2rwh-r562 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Famous - Responsive Image And Video Grid Gallery WordPress Plugin famous_grid_image_and_video_gallery allows Reflected XSS.This issue affects Famous - Responsive Image And Video Grid Gallery WordPress Plugin: from n/a through <= 1.4. | CVSS3: 6.1 | 0% Низкий | около 1 месяца назад | |
GHSA-xww4-w6ff-5q3g thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management | CVSS3: 8.8 | 0% Низкий | почти 3 года назад | |
GHSA-xww4-pqp6-xq6h An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The dongle opens an unprotected wireless LAN that cannot be configured with encryption or a password. This enables anyone within the range of the WLAN to connect to the network without authentication. | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад | |
GHSA-xww4-377p-p343 Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. NOTE: a design goal of the NASL language is to facilitate sharing of security tests by guaranteeing that a script "can not do anything nasty." This issue is appropriate for CVE only if Nessus users have an expectation that a split statement will not use excessive memory. | 1% Низкий | почти 4 года назад | ||
GHSA-xww4-245x-xq3g Multiple cross-site scripting (XSS) vulnerabilities in out/out.UsrMgr.php in LetoDMS (formerly MyDMS) before 3.3.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад | |
GHSA-xww3-w346-xq3w Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags. | CVSS3: 4.3 | 0% Низкий | около 3 лет назад | |
GHSA-xww2-w37x-3jh9 Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack. | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу