Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-1481 | 2024-11-18 | N/A | 4.3 MEDIUM | ||
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface of an affected system. A successful exploit could allow the attacker to obtain sensitive information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
CVE-2024-4872 | 1 Hitachienergy | 2 Microscada Pro Sys600, Microscada X Sys600 | 2024-10-30 | N/A | 8.8 HIGH |
A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential. | |||||
CVE-2024-35136 | 1 Ibm | 1 Db2 | 2024-09-21 | N/A | 6.5 MEDIUM |
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions. IBM X-Force ID: 291307. | |||||
CVE-2024-31882 | 1 Ibm | 1 Db2 | 2024-09-21 | N/A | 6.5 MEDIUM |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287614. | |||||
CVE-2024-28192 | 2024-03-14 | N/A | 5.3 MEDIUM | ||
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version <1.8.0 is vulnerable to NoSQL injection in the public access token processing logic. Attackers can fully bypass the public token authentication mechanism, regardless if a public token has been generated before or not, without any user interaction or prerequisite knowledge. This vulnerability allows an attacker to fully bypass the public token authentication mechanism, regardless if a public token has been generated before or not, without any user interaction or prerequisite knowledge. This issue has been addressed in version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
CVE-2021-1349 | 1 Cisco | 1 Sd-wan Vmanage | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface of an affected system. A successful exploit could allow the attacker to obtain sensitive information. | |||||
CVE-2018-7829 | 1 Schneider-electric | 118 D6220, D6220 Firmware, D6220l and 115 more | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary system commands. | |||||
CVE-2017-12904 | 2 Debian, Newsbeuter | 2 Debian Linux, Newsbeuter | 2024-02-04 | 9.3 HIGH | 8.8 HIGH |
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL. |