Design/Logic Flaw

A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into...

CVE-2018-1000863

CVE-2018-1000863 affects Jenkins up to version 2.153 and LTS up to 2.138.3. A data modification vulnerability in User.java and IdStrategy.java lets an attacker submit crafted usernames that can cause improper migration of user record storage formats, potentially preventing the victim from logging...

CVE-2018-1000863

A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into...

SQL Injection Vulnerability in D-link Central WifiManager Co***.php Page

D-LINK Central WifiManager CWM-100 is D-LINK centralized wireless management software. A SQL injection vulnerability exists in the D-LINK Central WifiManager Co.php page, which can be exploited by an attacker to gain access to database information and also modify or delete arbitrary database data...

Parallel Override Vulnerability in SDCMS v1.6

SDCMS era website information management system is a product of Suzhou Fireworks Network Technology Co., Ltd. to asp + access for the development of the portal system. SDCMS v1.6 has a parallel override vulnerability. Attackers can use the vulnerability to illegally modify the user release...

Cisco Patches Critical Bug in License Management Tool

Cisco Systems is warning of a critical bug in two of its license management tools that could allow an unauthenticated remote attacker to execute arbitrary queries. A successful attack could allow for an attacker to modify and delete random data in Cisco product lifecycle management applications...

CVE-2018-15441

A vulnerability in the web framework code of Cisco Prime License Manager PLM could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerabilit...

Multiple RICOH Interactive Whiteboard Products SQL Injection Vulnerabilities

RICOH Interactive Whiteboard D2200 and others are multifunction printer devices from Ricoh, Japan. A SQL injection vulnerability exists in multiple RICOH Interactive Whiteboard products, which can be exploited by remote attackers to obtain or modify information in a database...

OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

mysql: InnoDB unspecified vulnerability (CPU Apr 2018)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2018)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

mysql: Server: Replication unspecified vulnerability (CPU Jul 2019)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 5.7.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

mysql: Client programs unspecified vulnerability (CPU Jul 2018)

Vulnerability in the MySQL Client component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via...

mysql: Server: Merge unspecified vulnerability (CPU Oct 2018)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Merge. Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

mysql: InnoDB unspecified vulnerability (CPU Oct 2018)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

mysql: MyISAM unspecified vulnerability (CPU Jul 2018)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: MyISAM. Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

mysql: InnoDB unspecified vulnerability (CPU Apr 2018)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

School Event Management System SQL Injection Vulnerability

School Event Management System is a school event management system. A SQL injection vulnerability exists in School Event Management System version 1.0, which can be exploited by remote attackers to view, add, modify or delete information in the back-end database by sending the 'id' parameter to t...

CVE-2018-7926

Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Due to improper permission configuration for specific operations, an attacker who obtained the Huawei ID bound to the watch can bypass permission verification to perform specific...