The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2018-5168 | Sites can bypass security checks on permissions to install lightweight themes by manipulating the baseURI property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. | MEDIUM | Jun 12, 2018 |
| CVE-2022-44297 | SiteServer CMS 7.1.3 has a SQL injection vulnerability the background. | -- | Jan 27, 2023 |
| CVE-2022-44298 | SiteServer CMS 7.1.3 is vulnerable to SQL Injection. | -- | Jan 27, 2023 |
| CVE-2021-42654 | SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code. | HIGH | May 24, 2022 |
| CVE-2021-42656 | SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability. | LOW | May 24, 2022 |
| CVE-2021-42655 | SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability. | MEDIUM | May 24, 2022 |
| CVE-2022-28118 | SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in. | HIGH | May 3, 2022 |
| CVE-2022-30349 | siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). | MEDIUM | Jun 2, 2022 |
| CVE-2022-36226 | SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx. | -- | Aug 26, 2022 |
| CVE-2022-44299 | SiteServerCMS 7.1.3 sscms has a file read vulnerability. | -- | Feb 17, 2023 |
| CVE-2019-12733 | SiteVision 4 allows Remote Code Execution. | HIGH | Dec 10, 2019 |
| CVE-2019-12734 | SiteVision 4 has Incorrect Access Control. | MEDIUM | Dec 10, 2019 |
| CVE-2023-37824 | Sitolog sitologapplicationconnect v7.8.a and before was discovered to contain a SQL injection vulnerability via the component /activate_hook.php. | -- | Oct 21, 2023 |
| CVE-2019-15749 | SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access to the victim\'s account (e.g., via XSS or an unattended workstation) to change that password and address. | MEDIUM | Oct 9, 2019 |
| CVE-2019-15747 | SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role due to insufficient checks on the server side. | MEDIUM | Oct 9, 2019 |
| CVE-2019-15746 | SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user. | HIGH | Oct 9, 2019 |
| CVE-2019-15748 | SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. An unauthenticated attacker could use the upload and import functionality to import a malicious SCORM package that includes a PHP file, which could execute arbitrary PHP code. | HIGH | Oct 9, 2019 |
| CVE-2008-5846 | Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a system-wide entry listing screen. | Medium | Jan 9, 2009 |
| CVE-2016-4521 | Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors. | HIGH | Jun 1, 2016 |
| CVE-2021-4337 | Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wp_ajax_svx_ajax_factory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to read, edit, or delete WordPress settings, plugin settings, and to arbitrarily list all users on a WordPress website. The plugins impacted are: Product Filter for WooCommerce < 8.2.0, Improved Product Options for WooCommerce < 5.3.0, Improved Sale Badges for WooCommerce < 4.4.0, Share, Print and PDF Products for WooCommerce < 2.8.0, Product Loops for WooCommerce < 1.7.0, XforWooCommerce < 1.7.0, Package Quantity Discount < 1.2.0, Price Commander for WooCommerce < 1.3.0, Comment and Review Spam Control for WooCommerce < 1.5.0, Add Product Tabs for WooCommerce < 1.5.0, Autopilot SEO for WooCommerce < 1.6.0, Floating Cart < 1.3.0, Live Search for WooCommerce < 2.1.0, Bulk Add to Cart for WooCommerce < 1.3.0, Live Product Editor for WooCommerce < 4.7.0, and Warranties and Returns for WooCommerce < 5.3.0. | -- | Jun 7, 2023 |
| CVE-2024-2692 | SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS. | -- | Apr 4, 2024 |
| CVE-2022-43030 | Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can be used by attackers to gain server privileges | -- | Nov 17, 2022 |
| CVE-2008-5156 | si_mkbootserver in systemimager-server 3.6.3 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.inetd.conf or (2) /tmp/pxe.conf.*.tmp temporary file. | Medium | Nov 18, 2008 |
| CVE-2008-7010 | Skalfa Software SkaLinks Exchange Script 1.5 allows remote attackers to add new administrators and gain privileges via a direct request to admin/register.php. | High | Aug 19, 2009 |
| CVE-2018-5202 | SKCertService 2.5.5 and earlier contains a vulnerability that could allow remote attacker to execute arbitrary code. This vulnerability exists due to the way .dll files are loaded by SKCertService. It allows an attacker to load a .dll of the attacker\'s choosing that could execute arbitrary code without the user\'s knowledge. | MEDIUM | Dec 21, 2018 |
| CVE-2008-3196 | skeleton.c in yacc does not properly handle reduction of a rule with an empty right hand side, which allows context-dependent attackers to cause an out-of-bounds stack access when the yacc stack pointer points to the end of the stack. | High | Jul 17, 2008 |
| CVE-2021-40531 | Sketch before 75 allows library feeds to be used to bypass file quarantine. Files are automatically downloaded and opened, without the com.apple.quarantine extended attribute. This results in remote code execution, as demonstrated by CommandString in a terminal profile to Terminal.app. | HIGH | Sep 10, 2021 |
| CVE-2015-3877 | Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696. | High | Oct 7, 2015 |
| CVE-2015-6617 | Skia, as used in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23648740. | High | Dec 9, 2015 |
| CVE-2011-3927 | Skia, as used in Google Chrome before 16.0.912.77, does not perform all required initialization of values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | High | Jan 24, 2012 |
| CVE-2011-3065 | Skia, as used in Google Chrome before 18.0.1025.142, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | High | Apr 2, 2012 |
| CVE-2011-3066 | Skia, as used in Google Chrome before 18.0.1025.151, does not properly perform clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | Medium | Apr 9, 2012 |
| CVE-2011-3104 | Skia, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | Medium | May 24, 2012 |
| CVE-2012-2884 | Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | Medium | Oct 4, 2012 |
| CVE-2012-2883 | Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation, a different vulnerability than CVE-2012-2874. | High | Oct 4, 2012 |
| CVE-2012-2874 | Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation, a different vulnerability than CVE-2012-2883. | High | Oct 4, 2012 |
| CVE-2012-2900 | Skia, as used in Google Chrome before 22.0.1229.92, does not properly render text, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors. | High | Oct 9, 2012 |
| CVE-2012-5123 | Skia, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | Medium | Nov 7, 2012 |
| CVE-2012-5130 | Skia, as used in Google Chrome before 23.0.1271.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | Medium | Nov 28, 2012 |
| CVE-2013-0883 | Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. | Medium | Feb 25, 2013 |
| CVE-2013-0888 | Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | Medium | Feb 25, 2013 |
| CVE-2013-2862 | Skia, as used in Google Chrome before 27.0.1453.110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | High | Jun 5, 2013 |
| CVE-2015-1360 | Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is improperly handled during text drawing, related to gpu/GrBitmapTextContext.cpp and gpu/GrDistanceFieldTextContext.cpp, a different vulnerability than CVE-2015-1205. | High | Jan 27, 2015 |
| CVE-2014-7943 | Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | Medium | Jan 23, 2015 |
| CVE-2015-1238 | Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. | High | Apr 30, 2015 |
| CVE-2016-5168 | Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information. | MEDIUM | Apr 21, 2017 |
| CVE-2016-1691 | Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted curves, related to SkOpCoincidence.cpp and SkPathOpsCommon.cpp. | MEDIUM | Jun 6, 2016 |
| CVE-2019-8426 | skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter. | MEDIUM | Mar 20, 2019 |
| CVE-2024-25802 | SKINsoft S-Museum 7.02.3 allows Unrestricted File Upload via the Add Media function. Unlike in CVE-2024-25801, the attack payload is the file content. | -- | Feb 22, 2024 |
| CVE-2024-25801 | SKINsoft S-Museum 7.02.3 allows XSS via the filename of an uploaded file. Unlike in CVE-2024-25802, the attack payload is in the name (not the content) of a file. | -- | Feb 22, 2024 |
