| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. |
| Some Navarino Infinity functions, up to version 2.2, placed in the URL can bypass any authentication mechanism leading to an information leak. |
| Navarino Infinity is prone to session fixation attacks. The server accepts the session ID as a GET parameter which can lead to bypassing the two factor authentication in some installations. This could lead to phishing attacks that can bypass the two factor authentication that is present in some installations. |
| Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available with no authentication. |
| Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. |
| The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service. |
| The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. |
| The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code. |
| The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash. |
| Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter. |
| Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter. |
| Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action. |
| The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter). |
| The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid parameter). |
| The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter). |
| diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request. |
| BizLogic xnami 1.0 has XSS via the comment parameter in an addComment action to the /media/ajax URI. |
| The SrbTransLatin plugin 1.46 for WordPress has XSS via an srbtranslatoptions action to wp-admin/options-general.php with a lang_identificator parameter. |
| The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/options-general.php. |
| The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][post] parameter to wp-admin/options.php. |
