Search Results (36953 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-27551 1 Hcltechsw 1 Hcl Launch 2024-11-21 5.3 Medium
HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking.
CVE-2022-27485 1 Fortinet 1 Fortisandbox 2024-11-21 6.2 Medium
A improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-89] in Fortinet FortiSandbox version 4.2.0, 4.0.0 through 4.0.2, 3.2.0 through 3.2.3, 3.1.x and 3.0.x allows a remote and authenticated attacker with read permission to retrieve arbitrary files from the underlying Linux system via a crafted HTTP request.
CVE-2022-27480 1 Siemens 4 Sicam A8000 Cp-8031, Sicam A8000 Cp-8031 Firmware, Sicam A8000 Cp-8050 and 1 more 2024-11-21 7.5 High
A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files.
CVE-2022-27479 1 Apache 1 Superset 2024-11-21 9.8 Critical
Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue.
CVE-2022-27473 1 Roothub Project 1 Roothub 2024-11-21 9.8 Critical
SQL injection vulnerability in Topics Searching feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely.
CVE-2022-27472 1 Roothub Project 1 Roothub 2024-11-21 9.8 Critical
SQL injection vulnerability in Topics Counting feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely.
CVE-2022-27466 1 Mingsoft 1 Mcms 2024-11-21 9.8 Critical
MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do.
CVE-2022-27444 2 Mariadb, Redhat 3 Mariadb, Enterprise Linux, Rhel Software Collections 2024-11-21 7.5 High
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.
CVE-2022-27434 1 Unit4 1 Teta 2024-11-21 9.8 Critical
UNIT4 TETA Mobile Edition (ME) before 29.5.HF17 was discovered to contain a SQL injection vulnerability via the ProfileName parameter in the errorReporting page.
CVE-2022-27423 1 Chamilo 1 Chamilo Lms 2024-11-21 9.8 Critical
Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php.
CVE-2022-27420 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 9.8 Critical
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.
CVE-2022-27413 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 9.8 Critical
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php.
CVE-2022-27412 1 Exploreit 1 Explore Cms 2024-11-21 9.8 Critical
Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request.
CVE-2022-27406 3 Fedoraproject, Freetype, Redhat 4 Fedora, Freetype, Enterprise Linux and 1 more 2024-11-21 7.5 High
FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.
CVE-2022-27405 3 Fedoraproject, Freetype, Redhat 4 Fedora, Freetype, Enterprise Linux and 1 more 2024-11-21 7.5 High
FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.
CVE-2022-27386 3 Debian, Mariadb, Redhat 4 Debian Linux, Mariadb, Enterprise Linux and 1 more 2024-11-21 7.5 High
MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.
CVE-2022-27385 2 Mariadb, Redhat 4 Mariadb, Enterprise Linux, Rhel Eus and 1 more 2024-11-21 7.5 High
An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
CVE-2022-27384 3 Debian, Mariadb, Redhat 4 Debian Linux, Mariadb, Enterprise Linux and 1 more 2024-11-21 7.5 High
An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
CVE-2022-27381 3 Debian, Mariadb, Redhat 4 Debian Linux, Mariadb, Enterprise Linux and 1 more 2024-11-21 7.5 High
An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
CVE-2022-27380 3 Debian, Mariadb, Redhat 4 Debian Linux, Mariadb, Enterprise Linux and 1 more 2024-11-21 7.5 High
An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.