Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5724 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2020-03-30 | 5.0 MEDIUM | 7.5 HIGH |
| The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords. | |||||
| CVE-2016-11023 | 1 Odata4j Project | 1 Odata4j | 2020-03-30 | 7.5 HIGH | 9.8 CRITICAL |
| odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE: this product is apparently discontinued. | |||||
| CVE-2016-11024 | 1 Odata4j Project | 1 Odata4j | 2020-03-30 | 7.5 HIGH | 9.8 CRITICAL |
| odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued. | |||||
| CVE-2019-20613 | 1 Google | 1 Android | 2020-03-30 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is time-based SQL injection in Contacts. The Samsung ID is SVE-2018-13452 (March 2019). | |||||
| CVE-2019-20592 | 1 Google | 1 Android | 2020-03-30 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Story Video Editor Content Provider. The Samsung ID is SVE-2019-14062 (July 2019). | |||||
| CVE-2019-20591 | 1 Google | 1 Android | 2020-03-30 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Gear VR Service Content Provider. The Samsung ID is SVE-2019-14058 (July 2019). | |||||
| CVE-2020-9521 | 1 Microfocus | 1 Service Manager Automation | 2020-03-30 | 6.5 MEDIUM | 8.8 HIGH |
| An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection. | |||||
| CVE-2019-12989 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2020-03-30 | 7.5 HIGH | 9.8 CRITICAL |
| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection. | |||||
| CVE-2019-20576 | 1 Google | 1 Android | 2020-03-30 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with P(9.0) software. The MemorySaver Content Provider allows SQL injection. The Samsung ID is SVE-2019-14365 (August 2019). | |||||
| CVE-2019-20573 | 1 Google | 1 Android | 2020-03-27 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the RCS Content Provider. The Samsung IDs are SVE-2019-14059, SVE-2019-14685 (August 2019). | |||||
| CVE-2019-20574 | 1 Google | 1 Android | 2020-03-27 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Wi-Fi history Content Provider. The Samsung ID is SVE-2019-14061 (August 2019). | |||||
| CVE-2020-10365 | 1 Logicaldoc | 1 Logicaldoc | 2020-03-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of them are not properly sanitized which could allow an authenticated attacker to perform arbitrary queries to the database. | |||||
| CVE-2015-7387 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2020-03-26 | 7.5 HIGH | N/A |
| ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by "SELECT 1;INSERT INTO." Fixed in Build 11200. | |||||
| CVE-2003-0845 | 1 Jboss | 1 Jboss | 2020-03-24 | 7.5 HIGH | N/A |
| Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8. | |||||
| CVE-2019-16012 | 1 Cisco | 12 Isr1100-4g, Isr1100-4gltegb, Isr1100-4gltena and 9 more | 2020-03-23 | 8.5 HIGH | 8.1 HIGH |
| A vulnerability in the web UI of Cisco SD-WAN Solution vManage software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web UI improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on, or return values from, the underlying database as well as the operating system. | |||||
| CVE-2019-16065 | 1 Netsas | 1 Enigma Network Management Solution | 2020-03-23 | 9.0 HIGH | 8.8 HIGH |
| A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows an attacker to execute SQL commands to expose and compromise the web server, expose database tables and values, and potentially execute system-based commands as the mysql user. This affects the search_pattern value of the manage_hosts_short.cgi script. | |||||
| CVE-2020-3922 | 1 Armorx | 1 Lisomail | 2020-03-19 | 7.5 HIGH | 9.8 CRITICAL |
| LisoMail, by ArmorX, allows SQL Injections, attackers can access the database without authentication via a URL parameter manipulation. | |||||
| CVE-2020-10380 | 1 R-consortium | 1 Rmysql | 2020-03-19 | 7.5 HIGH | 9.8 CRITICAL |
| RMySQL through 0.10.19 allows SQL Injection. | |||||
| CVE-2020-10563 | 1 Devome | 1 Grr | 2020-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.php mishandles a SQL query. | |||||
| CVE-2019-10763 | 1 Pimcore | 1 Pimcore | 2020-03-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attacker with limited privileges (classes permission) can achieve a SQL injection that can lead in data leakage. The vulnerability can be exploited via 'id', 'storeId', 'pageSize' and 'tables' parameters, using a payload for trigger a time based or error based sql injection. | |||||