Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40317 | 1 Piwigo | 1 Piwigo | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter. | |||||
| CVE-2021-21828 | 1 Att | 1 Xmill | 2022-05-31 | 7.5 HIGH | 9.8 CRITICAL |
| A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. In the default case of DecodeTreeBlock a label is created via CurPath::AddLabel in order to track the label for later reference. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21827 | 1 Att | 1 Xmill | 2022-05-31 | 7.5 HIGH | 9.8 CRITICAL |
| A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21826 | 1 Att | 1 Xmill | 2022-05-31 | 7.5 HIGH | 9.8 CRITICAL |
| A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21825 | 1 Att | 1 Xmill | 2022-05-31 | 7.5 HIGH | 9.8 CRITICAL |
| A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-31004 | 1 Apple | 1 Macos | 2022-05-31 | 5.1 MEDIUM | 7.0 HIGH |
| A race condition was addressed with improved locking. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.5. An application may be able to gain elevated privileges. | |||||
| CVE-2021-31006 | 1 Apple | 3 Macos, Tvos, Watchos | 2022-05-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 7.6, tvOS 14.7, macOS Big Sur 11.5. A malicious application may be able to bypass certain Privacy preferences. | |||||
| CVE-2022-29377 | 1 Totolink | 2 A3600r, A3600r Firmware | 2022-05-31 | 5.0 MEDIUM | 7.5 HIGH |
| Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a stacker overflow in the fread function at infostat.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the parameter CONTENT_LENGTH. | |||||
| CVE-2021-43728 | 1 Pix-link | 2 Lv-wr09, Lv-wr09 Firmware | 2022-05-31 | 3.5 LOW | 5.4 MEDIUM |
| Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting (XSS) vulnerability due to an unsanitized SSID parameter. | |||||
| CVE-2021-43729 | 1 Pix-link | 2 Lv-wr09, Lv-wr09 Firmware | 2022-05-31 | 3.5 LOW | 5.4 MEDIUM |
| Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting (XSS) vulnerability due to an unsanitized Security Key parameter. | |||||
| CVE-2021-39043 | 1 Ibm | 1 Jazz Team Server | 2022-05-31 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214032. | |||||
| CVE-2021-30933 | 1 Apple | 1 Macos | 2022-05-31 | 7.6 HIGH | 7.0 HIGH |
| A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-6126 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The course_period_id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | |||||
| CVE-2020-6125 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6124 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheckOthers.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6131 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassScheduleSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | |||||
| CVE-2020-6130 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassDropSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | |||||
| CVE-2020-6129 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | |||||
| CVE-2020-6138 | 1 Os4ed | 1 Opensis | 2022-05-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The uname parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6133 | 1 Os4ed | 1 Opensis | 2022-05-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page CourseMoreInfo.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||