Search Results (36979 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-34952 1 Phptpoint 1 Pharmacy Management System 2024-11-21 9.8 Critical
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edituser.php.
CVE-2022-34951 1 Phptpoint 1 Pharmacy Management System 2024-11-21 9.8 Critical
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getsalereport.php.
CVE-2022-34950 1 Pharmacy Management System Project 1 Pharmacy Management System 2024-11-21 9.8 Critical
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editproduct.php.
CVE-2022-34949 1 Pharmacy Management System Project 1 Pharmacy Management System 2024-11-21 9.8 Critical
Pharmacy Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the email or password parameter at login.php.
CVE-2022-34948 1 Pharmacy Management System Project 1 Pharmacy Management System 2024-11-21 9.8 Critical
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editbrand.php.
CVE-2022-34947 1 Pharmacy Management System Project 1 Pharmacy Management System 2024-11-21 9.8 Critical
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editcategory.php.
CVE-2022-34946 1 Pharmacy Management System Project 1 Pharmacy Management System 2024-11-21 9.8 Critical
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getexpproduct.php.
CVE-2022-34945 1 Pharmacy Management System Project 1 Pharmacy Management System 2024-11-21 9.8 Critical
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getproductreport.php.
CVE-2022-34928 1 Jflyfox 1 Jfinal Cms 2024-11-21 8.8 High
JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user.
CVE-2022-34918 5 Canonical, Debian, Linux and 2 more 14 Ubuntu Linux, Debian Linux, Linux Kernel and 11 more 2024-11-21 7.8 High
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.
CVE-2022-34890 1 Parallels 1 Parallels Desktop 2024-11-21 8.8 High
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 17.1.1 (51537). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Parallels Tools component. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-16653.
CVE-2022-34878 1 Vicidial 1 Vicidial 2024-11-21 5.5 Medium
SQL Injection vulnerability in User Stats interface (/vicidial/user_stats.php) of VICIdial via the file_download parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.
CVE-2022-34877 1 Vicidial 1 Vicidial 2024-11-21 6.4 Medium
SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.
CVE-2022-34876 1 Vicidial 1 Vicidial 2024-11-21 5.5 Medium
SQL Injection vulnerability in admin interface (/vicidial/admin.php) of VICIdial via modify_email_accounts, access_recordings, and agentcall_email parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.
CVE-2022-34872 1 Centreon 1 Centreon 2024-11-21 6.5 Medium
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of Virtual Metrics. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16336.
CVE-2022-34862 1 F5 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more 2024-11-21 7.5 High
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2022-34818 1 Jenkins 1 Failed Job Deactivator 2024-11-21 4.3 Medium
Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs.
CVE-2022-34814 1 Jenkins 1 Request Rename Or Delete 2024-11-21 4.3 Medium
Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration page listing pending requests.
CVE-2022-34813 1 Jenkins 1 Xpath Configuration Viewer 2024-11-21 4.3 Medium
A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions.
CVE-2022-34811 1 Jenkins 1 Xpath Configuration Viewer 2024-11-21 4.3 Medium
A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page.