| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A weakness has been identified in Campcodes Advanced Online Voting Management System 1.0. This affects an unknown function of the file /admin/candidates_edit.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. |
| A flaw has been found in CodeAstro Online Leave Application 1.0. Affected by this vulnerability is an unknown functionality of the file /leaveAplicationForm.php. Executing manipulation of the argument absence[] can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used. |
| In the Linux kernel, the following vulnerability has been resolved:
spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer
While transmitting with rx_len == 0, the RX FIFO is not going to be
emptied in the interrupt handler. A subsequent transfer could then
read crap from the previous transfer out of the RX FIFO into the
start RX buffer. The core provides a register that will empty the RX and
TX FIFOs, so do that before each transfer. |
| An issue in OpenPanel v0.3.4 to v0.2.1 allows attackers to execute a directory traversal in File Actions of File Manager. |
| nDPI through 4.12 has a potential stack-based buffer overflow in ndpi_address_cache_restore in lib/ndpi_cache.c. |
| Moss v0.1.3 version has an SQL injection vulnerability that allows attackers to inject carefully designed payloads into the order parameter. |
| Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when using HTTPS endpoints. |
| Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any arbitrary file on the system via importing and exporting a specially crafted import archive in Boards. |
| Ericsson Indoor Connect 8855 contains a command injection vulnerability which if exploited can result in an escalation of privileges. |
| Ericsson Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can allow an attacker to execute commands with escalated privileges. |
| Ericsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than intended. |
| Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information. |
| Ericsson Indoor Connect 8855 contains an SQL injection vulnerability which if exploited can result in unauthorized disclosure or modification of data. |
| A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could deserialize untrusted data without validation. HP has addressed the issue in the latest software update. |
| A potential command
injection vulnerability has been identified in the Poly Clariti Manager for
versions prior to 10.12.2. The vulnerability could allow a privileged user
to submit arbitrary input. HP has addressed the issue in the latest software update. |
| A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the use and retrieval of the default password. HP has addressed the issue in the latest software update. |
| A potential SQL injection vulnerability has been identified in the Poly
Clariti Manager for versions prior to 10.12.1. The vulnerability could allow
a privileged user to execute SQL commands. HP has addressed the issue in
the latest software update. |
| A potential security vulnerability has been
identified in the Poly Clariti Manager for versions prior to 10.12.1. The
vulnerability could allow the retrieval of hardcoded cryptographic keys. HP has
addressed the issue in the latest software update. |
| A potential reflected cross-site scripting vulnerability has been
identified in the Poly Clariti Manager for versions prior to 10.12.1. The
website does not validate or sanitize the user input before rendering it in the
response. HP has addressed the issue in the latest software update. |
| A potential security
vulnerability has been identified in the Poly Clariti Manager for versions
prior to 10.12.2. The vulnerability could potentially allow a privileged
user to retrieve credentials from the log files. HP has addressed the issue in
the latest software update. |