Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sweet vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-15160
The SweetXml (aka sweet_xml) package up to and including 0.6.6 for Erlang and Elixir allows malicious users to cause a denial of service (resource consumption) via an XML entity expansion attack with an inline DTD.
Kbrw Sweet Xml
5.3
CVSSv3
CVE-2022-23001
When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user's assistance can exploit this vulnerability with only knowledge of the public key and the libr...
Westerndigital Sweet B 1
5.3
CVSSv3
CVE-2022-23002
When compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output will cause an error when used in other operations. This may be l...
Westerndigital Sweet B 1
5.3
CVSSv3
CVE-2022-23003
When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations....
Westerndigital Sweet B 1
5.3
CVSSv3
CVE-2022-23004
When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by an malicious user to cau...
Westerndigital Sweet B 1
4.7
CVSSv3
CVE-2018-14995
The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z839/sweet:7.1.1/NMF26V/20180120.095344:user/release-keys, the ZTE Blade Spark Android device with a build fingerprint of ZTE/Z971/peony:7.1.1/NMF26V/20171129.143111:user/release-keys, the ZTE ZMAX Pro Android d...
Zteusa Zte Blade Vantage Firmware 7.1.1
Zteusa Zte Blade Spark Firmware 7.1.1
Zteusa Zte Zmax Pro Firmware 6.0.1
Zteusa Zte Zmax Champ Firmware 6.0.1
NA
CVE-2010-3212
SQL injection vulnerability in index.php in Seagull 0.6.7 and previous versions allows remote malicious users to execute arbitrary SQL commands via the frmQuestion parameter in a retrieve action, in conjunction with a user/password PATH_INFO.
Seagullproject.org Seagull 0.6.6
Seagullproject.org Seagull 0.6.0
Seagullproject.org Seagull 0.6.5
Seagullproject.org Seagull 0.6.4
Seagullproject.org Seagull 0.6.1
Seagullproject.org Seagull
Seagullproject.org Seagull 0.6.3
Seagullproject.org Seagull 0.4.7
Seagullproject.org Seagull 0.4.6
Seagullproject.org Seagull 0.6.2
1 EDB exploit
NA
CVE-2007-0364
Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com INDEXU 5.3 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) error_msg parameter to (a) suggest_category.php; the (2) u parameter to (b) user_detail.php; the (...
Nicecoder Indexu
Nicecoder Indexu 5.0.1
Nicecoder Indexu 5.0
12 EDB exploits
NA
CVE-2006-7052
Multiple PHP remote file inclusion vulnerabilities in DotWidget For Articles (dotwidgeta) 0.2 allow remote malicious users to execute arbitrary code via a URL in the (1) file_path parameter to (a) index.php, (b) showcatpicks.php, and (c) showarticle.php; and the (2) admin_header_...
Keith Reichley Dotwidget For Articles 0.2
7 EDB exploits
NA
CVE-2006-3175
Multiple PHP remote file inclusion vulnerabilities in mcGuestbook 1.3 allow remote malicious users to execute arbitrary PHP code via a URL in the lang parameter to (1) admin.php, (2) ecrire.php, and (3) lire.php. NOTE: it was later reported that the ecrire.php vector also affects...
Mcguestbook Mcguestbook 1.3
3 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »