Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
database vulnerabilities and exploits
(subscribe to this query)
9.9
CVSSv3
CVE-2023-43651
JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI...
Fit2cloud Jumpserver
1 Github repository
9.9
CVSSv3
CVE-2021-21465
The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL in...
Sap Business Warehouse 731
Sap Business Warehouse 740
Sap Business Warehouse 750
Sap Business Warehouse 751
Sap Business Warehouse 752
Sap Business Warehouse 753
Sap Business Warehouse 754
Sap Business Warehouse 755
Sap Business Warehouse 782
Sap Business Warehouse 730
Sap Business Warehouse 710
Sap Business Warehouse 711
1 Article
9.9
CVSSv3
CVE-2020-11075
In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an auth...
Anchore Engine 0.7.0
1 Github repository
9.9
CVSSv3
CVE-2019-5114
An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentiall...
Youphptube Youphptube 7.6
9.9
CVSSv3
CVE-2018-20091
An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 up to and including 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CD...
Cloudera Data Science Workbench
9.9
CVSSv3
CVE-2018-3880
An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles existing recor...
Samsung Sth-eth-250 Firmware 0.20.17
9.9
CVSSv3
CVE-2018-3917
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger ...
Samsung Sth-eth-250 Firmware 0.20.17
9.9
CVSSv3
CVE-2018-3919
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely extracts the fields from the "...
Samsung Sth-eth-250 Firmware 0.20.17
9.9
CVSSv3
CVE-2018-3110
A vulnerability exists in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle ...
Oracle Database Server 12.1.0.2
Oracle Database Server 12.2.0.1
Oracle Database Server 18
Oracle Database Server 11.2.0.4
1 Article
9.9
CVSSv3
CVE-2017-10202
Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multi...
Oracle Database 11.2.0.4
Oracle Database 12.1.0.2
Oracle Database 12.2.0.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »