dawid-czarnecki/public-vulnerabilities

dawid-czarnecki/public-vulnerabilities

Releases0

Stars6

[Deprecated] Repositories with publicly disclosed vulnerabilities that I found

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-45096 ↗	Dec 16, 2021Thursday, 16 December 2021, 05:15	4.7 MEDIUM	4.3 MEDIUM
KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730.
CVE-2021-45097 ↗	Dec 16, 2021Thursday, 16 December 2021, 05:15	2.9 LOW	2.1 LOW
KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its content.
CVE-2021-42369 ↗	Oct 14, 2021Thursday, 14 October 2021, 18:15	9.9 CRITICAL	6.5 MEDIUM
Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI.
CVE-2020-9405 ↗	Feb 26, 2020Wednesday, 26 February 2020, 00:15	6.1 MEDIUM	4.3 MEDIUM
IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.
CVE-2020-9406 ↗	Feb 26, 2020Wednesday, 26 February 2020, 00:15	9.8 CRITICAL	7.5 HIGH
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.
CVE-2020-9407 ↗	Feb 26, 2020Wednesday, 26 February 2020, 00:15	5.3 MEDIUM	5 MEDIUM
IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie.