Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sweet vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-15160
The SweetXml (aka sweet_xml) package up to and including 0.6.6 for Erlang and Elixir allows malicious users to cause a denial of service (resource consumption) via an XML entity expansion attack with an inline DTD.
Kbrw Sweet Xml
6.1
CVSSv3
CVE-2017-18262
Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI.
Blackboard Blackboard Learn 9.1
Blackboard Blackboard Learn
5.3
CVSSv3
CVE-2022-23001
When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user's assistance can exploit this vulnerability with only knowledge of the public key and the libr...
Westerndigital Sweet B 1
5.3
CVSSv3
CVE-2022-23002
When compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output will cause an error when used in other operations. This may be l...
Westerndigital Sweet B 1
5.3
CVSSv3
CVE-2022-23004
When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by an malicious user to cau...
Westerndigital Sweet B 1
5.3
CVSSv3
CVE-2022-23003
When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations....
Westerndigital Sweet B 1
4.7
CVSSv3
CVE-2018-14995
The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z839/sweet:7.1.1/NMF26V/20180120.095344:user/release-keys, the ZTE Blade Spark Android device with a build fingerprint of ZTE/Z971/peony:7.1.1/NMF26V/20171129.143111:user/release-keys, the ZTE ZMAX Pro Android d...
Zteusa Zte Blade Vantage Firmware 7.1.1
Zteusa Zte Blade Spark Firmware 7.1.1
Zteusa Zte Zmax Pro Firmware 6.0.1
Zteusa Zte Zmax Champ Firmware 6.0.1
NA
CVE-2010-3212
SQL injection vulnerability in index.php in Seagull 0.6.7 and previous versions allows remote malicious users to execute arbitrary SQL commands via the frmQuestion parameter in a retrieve action, in conjunction with a user/password PATH_INFO.
Seagullproject.org Seagull
Seagullproject.org Seagull 0.6.0
Seagullproject.org Seagull 0.6.4
Seagullproject.org Seagull 0.6.3
Seagullproject.org Seagull 0.4.6
Seagullproject.org Seagull 0.6.2
Seagullproject.org Seagull 0.6.1
Seagullproject.org Seagull 0.6.6
Seagullproject.org Seagull 0.6.5
Seagullproject.org Seagull 0.4.7
1 EDB exploit
NA
CVE-2010-2340
SQL injection vulnerability in members.php in Arab Portal 2.2, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the by parameter in the msearch action.
Arabportal Arab Portal 2.2
1 EDB exploit
NA
CVE-2009-4862
Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote malicious users to execute arbitrary SQL commands via the id parameter to (1) show.php and (2) xml.php.
Abushhab Alwasel 1.5
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »