Total
17373 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19499 | 2 Grafana, Redhat | 2 Grafana, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations. | ||||
| CVE-2019-19292 | 1 Siemens | 2 Sinvr 3 Central Control Server, Sinvr 3 Video Server | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an SQL injection vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to read or modify the CCS database and potentially execute administrative database operations or operating system commands. | ||||
| CVE-2019-19286 | 1 Siemens | 1 Xhq | 2024-11-21 | 7.2 High |
| A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow SQL injection attacks if an attacker is able to modify content of particular web pages. | ||||
| CVE-2019-19250 | 1 Opentrade Project | 1 Opentrade | 2024-11-21 | 9.8 Critical |
| OpenTrade before 2019-11-23 allows SQL injection, related to server/modules/api/v1.js and server/utils.js. | ||||
| CVE-2019-19242 | 5 Canonical, Oracle, Redhat and 2 more | 5 Ubuntu Linux, Mysql Workbench, Enterprise Linux and 2 more | 2024-11-21 | 5.9 Medium |
| SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c. | ||||
| CVE-2019-19209 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 7.5 High |
| Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. | ||||
| CVE-2019-19207 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 8.8 High |
| rConfig 3.9.2 allows devices.php?searchColumn= SQL injection. | ||||
| CVE-2019-19113 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-11-21 | 9.8 Critical |
| main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection. | ||||
| CVE-2019-19094 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 7.6 High |
| Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database. | ||||
| CVE-2019-19029 | 2 Linuxfoundation, Pivotal | 2 Harbor, Vmware Harbor Registry | 2024-11-21 | 7.2 High |
| Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform. | ||||
| CVE-2019-19026 | 2 Linuxfoundation, Pivotal | 2 Harbor, Vmware Harbor Registry | 2024-11-21 | 4.9 Medium |
| Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform. | ||||
| CVE-2019-19016 | 1 Titanhq | 1 Webtitan | 2024-11-21 | 7.5 High |
| An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance database. | ||||
| CVE-2019-18890 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-11-21 | 6.5 Medium |
| A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query. | ||||
| CVE-2019-18866 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 7.5 High |
| Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database. | ||||
| CVE-2019-18784 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 9.8 Critical |
| SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection. | ||||
| CVE-2019-18663 | 1 Isl | 1 Arp-guard | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability in a /login/forgot1 POST request in ARP-GUARD 4.0.0-5 allows unauthenticated remote attackers to execute arbitrary SQL commands via the user_id parameter. | ||||
| CVE-2019-18662 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 9.8 Critical |
| An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized (in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php) before being used to construct a SQL query. This can be exploited by malicious users to, e.g., read sensitive data from the database through in-band SQL Injection attacks. Successful exploitation of this vulnerability requires the Live Chat plugin to be enabled. | ||||
| CVE-2019-18646 | 1 Untangle | 1 Ng Firewall | 2024-11-21 | 7.2 High |
| The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user. | ||||
| CVE-2019-18622 | 3 Fedoraproject, Opensuse, Phpmyadmin | 4 Fedora, Backports Sle, Leap and 1 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature. | ||||
| CVE-2019-18464 | 1 Ipswitch | 1 Moveit Transfer | 2024-11-21 | 9.8 Critical |
| In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database or may be able to alter the database. | ||||