Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-24 | CVE-2020-36283 | Cross-Site Request Forgery (CSRF) vulnerability in Hidglobal Omnikey 5127 Firmware and Omnikey 5427 Firmware HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet Emulation Mode). | 6.8 |
| 2021-03-24 | CVE-2020-35337 | SQL Injection vulnerability in Thinksaas 2.6/2.91 ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands. | 7.5 |
| 2021-03-24 | CVE-2019-19350 | Incorrect Privilege Assignment vulnerability in Redhat Openshift 3.11/4.0 An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. | 4.6 |
| 2021-03-24 | CVE-2019-19349 | Incorrect Privilege Assignment vulnerability in Redhat Openshift 4.0 An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. | 4.4 |
| 2021-03-24 | CVE-2021-29002 | Cross-site Scripting vulnerability in Plone 5.2.3 A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_title" parameter. | 3.5 |
| 2021-03-24 | CVE-2020-5015 | Unspecified vulnerability in IBM Elastic Storage Server and Elastic Storage System IBM Elastic Storage System 6.0.0 through 6.0.1.2 and IBM Elastic Storage Server 5.3.0 through 5.3.6.2 could allow a remote attacker to cause a denial of service by sending malformed UDP requests. | 5.0 |
| 2021-03-24 | CVE-2021-28362 | Integer Underflow (Wrap or Wraparound) vulnerability in Contiki-Os Contiki An issue was discovered in Contiki through 3.0. | 5.0 |
| 2021-03-24 | CVE-2021-27320 | SQL Injection vulnerability in Doctor Appointment System Project Doctor Appointment System 1.0 Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter. | 5.0 |
| 2021-03-24 | CVE-2021-27319 | SQL Injection vulnerability in Doctor Appointment System Project Doctor Appointment System 1.0 Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter. | 5.0 |
| 2021-03-24 | CVE-2021-27316 | SQL Injection vulnerability in Doctor Appointment System Project Doctor Appointment System 1.0 Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter. | 5.0 |