| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability was found in Centralized-Salesforce-Dev-Framework. It has been declared as problematic. Affected by this vulnerability is the function SObjectService of the file src/classes/SObjectService.cls of the component SOQL Handler. The manipulation of the argument orderDirection leads to injection. The patch is named db03ac5b8a9d830095991b529c067a030a0ccf7b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217195. |
| A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issue affects the function getSeed of the file main.c of the component Scrambling Table Handler. The manipulation leads to predictable seed in pseudo-random number generator (prng). The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.3 is able to address this issue. The identifier of the patch is 922bf90ca14a681629ba0b807a997a81d70225b5. It is recommended to upgrade the affected component. The identifier VDB-217181 was assigned to this vulnerability. |
| lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. |
| php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside of a SCRIPT element. |
| An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF. |
| An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window. |
| An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link. |
| An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser. |
| An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details. |
| An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL. |
| An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI. |
| An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account. |
| An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL. |
| An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API. |
| An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused. |
| An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting. |
| An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled. |
| An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place. |
| An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values. |
| An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change. |
