| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows Error Reporting Information Disclosure Vulnerability |
| Windows Network Connections Service Elevation of Privilege Vulnerability |
| Microsoft SharePoint Elevation of Privilege Vulnerability |
| Azure SDK for C Security Feature Bypass Vulnerability |
| Kerberos Security Feature Bypass Vulnerability |
| Windows Backup Engine Elevation of Privilege Vulnerability |
| Windows Backup Engine Elevation of Privilege Vulnerability |
| Windows Backup Engine Elevation of Privilege Vulnerability |
| Windows Backup Engine Elevation of Privilege Vulnerability |
| Windows Backup Engine Elevation of Privilege Vulnerability |
| Windows Backup Engine Elevation of Privilege Vulnerability |
| Windows Backup Engine Elevation of Privilege Vulnerability |
| Azure SDK for Java Security Feature Bypass Vulnerability |
| A vulnerability was identified in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Affected by this issue is some unknown functionality of the file /crm/crmapi/erp/tabdetail_moduleSave.php. The manipulation of the argument getvaluestring leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. Upgrading to version 8.6.5.4 can resolve this issue. The affected component should be upgraded. The vendor explains: "All SQL injection vectors were patched via parameterized queries and input sanitization in v8.6.5+." |
| IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior. |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. |
| An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks. |
| In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via a series of requests. |
| A vulnerability was found in shishuocms 1.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
| Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials.
Affected products:
ABB ASPECT - Enterprise v3.07.02;
NEXUS Series v3.07.02;
MATRIX Series v3.07.02 |
