Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7820 | 1 Schneider-electric | 8 Ap9630, Ap9630 Firmware, Ap9631 and 5 more | 2023-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled. | |||||
| CVE-2019-10996 | 1 Redlion | 1 Crimson | 2023-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed. | |||||
| CVE-2019-10990 | 1 Redlion | 1 Crimson | 2023-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files. | |||||
| CVE-2019-10978 | 1 Redlion | 1 Crimson | 2023-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area. | |||||
| CVE-2022-43403 | 1 Jenkins | 1 Script Security | 2023-02-28 | N/A | 9.9 CRITICAL |
| A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | |||||
| CVE-2019-10429 | 1 Jenkins | 1 Gitlab Logo | 2023-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10427 | 1 Jenkins | 1 Aqua Microscanner | 2023-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2019-10426 | 1 Jenkins | 1 Gem Publisher | 2023-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10425 | 1 Jenkins | 1 Google Calendar | 2023-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Google Calendar Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10428 | 1 Jenkins | 1 Aqua Security Scanner | 2023-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2019-5471 | 1 Gitlab | 1 Gitlab | 2023-02-28 | 3.5 LOW | 5.4 MEDIUM |
| An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6. | |||||
| CVE-2023-1063 | 1 Doctors Appointment System Project | 1 Doctors Appointment System | 2023-02-28 | N/A | 8.8 HIGH |
| A vulnerability has been found in SourceCodester Doctors Appointment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/patient.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221827. | |||||
| CVE-2023-1062 | 1 Doctors Appointment System Project | 1 Doctors Appointment System | 2023-02-28 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in SourceCodester Doctors Appointment System 1.0. Affected is an unknown function of the file /admin/add-new.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221826 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1061 | 1 Doctors Appointment System Project | 1 Doctors Appointment System | 2023-02-28 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation of the argument oldmail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221825 was assigned to this vulnerability. | |||||
| CVE-2023-1058 | 1 Doctors Appointment System Project | 1 Doctors Appointment System | 2023-02-28 | N/A | 8.8 HIGH |
| A vulnerability classified as critical has been found in SourceCodester Doctors Appointment System 1.0. This affects an unknown part of the file create-account.php. The manipulation of the argument newemail leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221823. | |||||
| CVE-2023-1059 | 1 Doctors Appointment System Project | 1 Doctors Appointment System | 2023-02-28 | N/A | 8.8 HIGH |
| A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221824. | |||||
| CVE-2023-1057 | 1 Doctors Appointment System Project | 1 Doctors Appointment System | 2023-02-28 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been rated as critical. Affected by this issue is the function edoc of the file login.php. The manipulation of the argument usermail leads to sql injection. VDB-221822 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1056 | 1 Doctors Appointment System Project | 1 Doctors Appointment System | 2023-02-28 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edoc/doctor/patient.php. The manipulation of the argument search12 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221821 was assigned to this vulnerability. | |||||
| CVE-2023-1054 | 1 Music Gallery Site Project | 1 Music Gallery Site | 2023-02-28 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manage. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-221820. | |||||
| CVE-2023-1053 | 1 Music Gallery Site Project | 1 Music Gallery Site | 2023-02-28 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical. This issue affects some unknown processing of the file view_category.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221819. | |||||