Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38481 | 1 Auvesy | 1 Versiondog | 2021-10-27 | 7.5 HIGH | 9.8 CRITICAL |
| The scheduler service running on a specific TCP port enables the user to start and stop jobs. There is no sanitation of the supplied JOB ID provided to the function. An attacker may send a malicious payload that can enable the user to execute another SQL expression by sending a specific string. | |||||
| CVE-2021-41155 | 1 Enalean | 1 Tuleap | 2021-10-22 | 6.5 MEDIUM | 8.8 HIGH |
| Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix: Tuleap Community Edition 11.17.99.146, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7. | |||||
| CVE-2021-41154 | 1 Enalean | 1 Tuleap | 2021-10-22 | 6.5 MEDIUM | 8.8 HIGH |
| Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.17.99.144, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7. | |||||
| CVE-2021-41971 | 1 Apache | 1 Superset | 2021-10-22 | 6.0 MEDIUM | 8.8 HIGH |
| Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL. | |||||
| CVE-2021-40992 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2021-10-21 | 6.5 MEDIUM | 7.2 HIGH |
| A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-24754 | 1 Mainwp | 1 Mainwp Child Reports | 2021-10-21 | 6.5 MEDIUM | 7.2 HIGH |
| The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue | |||||
| CVE-2021-41148 | 1 Enalean | 1 Tuleap | 2021-10-21 | 6.5 MEDIUM | 8.8 HIGH |
| Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with the ability to add one the CI widget to its personal dashboard could execute arbitrary SQL queries. Tuleap Community Edition 11.16.99.173, Tuleap Enterprise Edition 11.16-6, and Tuleap Enterprise Edition 11.15-8 contain a patch for this issue. | |||||
| CVE-2021-40993 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2021-10-21 | 5.5 MEDIUM | 8.1 HIGH |
| A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-41147 | 1 Enalean | 1 Tuleap | 2021-10-21 | 6.5 MEDIUM | 7.2 HIGH |
| Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with admin rights in one agile dashboard service can execute arbitrary SQL queries. Tuleap Community Edition 11.16.99.173, Tuleap Enterprise Edition 11.16-6, and Tuleap Enterprise Edition 11.15-8 contain a patch for this issue. | |||||
| CVE-2021-42369 | 1 Zucchetti | 1 Imagicle Uc Suite | 2021-10-21 | 6.5 MEDIUM | 8.8 HIGH |
| Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI. | |||||
| CVE-2021-37737 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2021-10-20 | 6.5 MEDIUM | 8.8 HIGH |
| A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-42334 | 1 Huaju | 1 Easytest Online Learning Test Platform | 2021-10-20 | 6.5 MEDIUM | 8.8 HIGH |
| The Easytest contains SQL injection vulnerabilities. After obtaining a user’s privilege, remote attackers can inject SQL commands into the parameters of the elective course management page to obtain all database and administrator permissions. | |||||
| CVE-2021-42333 | 1 Huaju | 1 Easytest Online Learning Test Platform | 2021-10-20 | 6.5 MEDIUM | 8.8 HIGH |
| The Easytest contains SQL injection vulnerabilities. After obtaining user’s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database and obtain administrator permissions. | |||||
| CVE-2021-33177 | 1 Nagios | 1 Nagios Xi | 2021-10-20 | 6.5 MEDIUM | 8.8 HIGH |
| The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries. | |||||
| CVE-2021-40842 | 1 Proofpoint | 1 Insider Threat Management Server | 2021-10-19 | 7.5 HIGH | 9.8 CRITICAL |
| Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the server could be used to blindly execute arbitrary SQL statements on the backend database. Version 7.12.0 and all versions prior to 7.11.2 are affected. | |||||
| CVE-2021-41075 | 1 Zohocorp | 1 Manageengine Opmanager | 2021-10-19 | 7.5 HIGH | 9.8 CRITICAL |
| The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API. | |||||
| CVE-2021-40493 | 1 Zohocorp | 1 Manageengine Opmanager | 2021-10-19 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API. | |||||
| CVE-2020-19959 | 1 Zzcms | 1 Zzcms | 2021-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie. | |||||
| CVE-2020-19957 | 1 Zzcms | 1 Zzcms | 2021-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page. | |||||
| CVE-2020-19960 | 1 Zzcms | 1 Zzcms | 2021-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie. | |||||