Search Results (37254 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-28735 2 Gnu, Redhat 4 Grub2, Enterprise Linux, Rhel E4s and 1 more 2025-02-13 6.7 Medium
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.
CVE-2022-28347 3 Debian, Djangoproject, Redhat 6 Debian Linux, Django, Ansible Automation Platform and 3 more 2025-02-13 9.8 Critical
A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.
CVE-2022-28346 3 Debian, Djangoproject, Redhat 7 Debian Linux, Django, Ansible Automation Platform and 4 more 2025-02-13 9.8 Critical
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.
CVE-2021-3563 3 Debian, Openstack, Redhat 3 Debian Linux, Keystone, Openstack Platform 2025-02-13 7.4 High
A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.
CVE-2021-3468 3 Avahi, Debian, Redhat 4 Avahi, Debian Linux, Enterprise Linux and 1 more 2025-02-13 5.5 Medium
A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.
CVE-2021-28657 2 Apache, Oracle 5 Tika, Communications Messaging Server, Healthcare Foundation and 2 more 2025-02-13 5.5 Medium
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
CVE-2021-27807 4 Apache, Fedoraproject, Oracle and 1 more 17 Pdfbox, Fedora, Banking Trade Finance Process Management and 14 more 2025-02-13 5.5 Medium
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
CVE-2019-3560 1 Facebook 1 Fizz 2025-02-13 7.5 High
An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00.
CVE-2018-14628 2 Fedoraproject, Samba 2 Fedora, Samba 2025-02-13 4.3 Medium
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.
CVE-2023-26856 1 Dynamic Transaction Queuing System Project 1 Dynamic Transaction Queuing System 2025-02-13 7.2 High
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/ajax.php?action=login.
CVE-2023-26750 1 Yiiframework 1 Yii 2025-02-13 9.8 Critical
SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. NOTE: the software maintainer's position is that the vulnerability is in third-party code, not in the framework.
CVE-2023-25356 1 Coredial 1 Sipxcom 2025-02-13 8.8 High
CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leveraged to gain remote command execution.
CVE-2015-9457 1 Caseproof 1 Prettylinks 2025-02-13 7.2 High
The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter.
CVE-2024-36779 1 Stock Management System Project 1 Stock Management System 2025-02-13 9.8 Critical
Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php.
CVE-2024-36673 1 Pharmacy\/medical Store Point Of Sale System Project 1 Pharmacy\/medical Store Point Of Sale System 2025-02-13 9.8 Critical
Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL queries.
CVE-2024-35359 1 Dino Physics School Assistant Project 1 Dino Physics School Assistant 2025-02-13 5.4 Medium
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=view_item. Manipulating the argument id can result in SQL injection.
CVE-2024-35349 1 Dino Physics School Assistant Project 1 Dino Physics School Assistant 2025-02-13 9.8 Critical
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /admin/category/view_category.php. Manipulating the argument id can result in SQL injection.
CVE-2022-2220 2025-02-13 0.0 Low
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2012-5664 2025-02-13 N/A
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6496, CVE-2012-6497. Reason: this candidate was intended for one issue, but the candidate was publicly used to label concerns about multiple products. Notes: All CVE users should consult CVE-2012-6496 and CVE-2012-6497 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2023-26513 1 Apache 1 Sling Resource Merger 2025-02-13 7.5 High
Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger.This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2.