Search Results (36950 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-24953 1 Pear 1 Crypt Gpg 2024-11-21 5.3 Medium
The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions.
CVE-2022-24928 1 Google 1 Android 2024-11-21 5.9 Medium
Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP.
CVE-2022-24691 1 Dsk 1 Dsknet 2024-11-21 7.1 High
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A SQL Injection vulnerability allows authenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based.
CVE-2022-24690 1 Dsk 1 Dsknet 2024-11-21 8.2 High
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A PresAbs.php SQL Injection vulnerability allows unauthenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based. (An unauthenticated attacker can discover the endpoint by abusing a Broken Access Control issue with further SQL injection attacks to gather all user's badge numbers and PIN codes.)
CVE-2022-24646 1 Phpgurukul 1 Hospital Management System 2024-11-21 7.5 High
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters.
CVE-2022-24609 1 Luocms Project 1 Luocms 2024-11-21 9.8 Critical
Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/template_manage.php, an attacker can write an arbitrary shell file.
CVE-2022-24607 1 Luocms Project 1 Luocms 2024-11-21 9.8 Critical
Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php.
CVE-2022-24606 1 Luocms Project 1 Luocms 2024-11-21 9.8 Critical
Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php.
CVE-2022-24605 1 Luocms Project 1 Luocms 2024-11-21 9.8 Critical
Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php.
CVE-2022-24604 1 Luocms Project 1 Luocms 2024-11-21 9.8 Critical
Luocms v2.0 is affected by SQL Injection in /admin/link/link_mod.php.
CVE-2022-24603 1 Luocms Project 1 Luocms 2024-11-21 9.8 Critical
Luocms v2.0 is affected by SQL Injection in /admin/news/sort_mod.php.
CVE-2022-24602 1 Luocms Project 1 Luocms 2024-11-21 9.8 Critical
Luocms v2.0 is affected by SQL Injection in /admin/news/news_mod.php.
CVE-2022-24601 1 Luocms Project 1 Luocms 2024-11-21 7.5 High
Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. An attacker can obtain sensitive information through SQL injection statements.
CVE-2022-24600 1 Luocms Project 1 Luocms 2024-11-21 9.8 Critical
Luocms v2.0 is affected by SQL Injection through /admin/login.php. An attacker can log in to the background through SQL injection statements.
CVE-2022-24594 1 Waline 1 Waline 2024-11-21 5.3 Medium
In waline 1.6.1, an attacker can submit messages using X-Forwarded-For to forge any IP address.
CVE-2022-24584 1 Yubico 1 Otp 2024-11-21 6.5 Medium
Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server. The Yubico OTP supposedly creates hardware bound second factor credentials. When a user reprograms the OTP functionality by "writing" it on a token using the Yubico Personalization Tool, they can then upload the new configuration to Yubicos OTP validation servers. NOTE: the vendor disputes this because there is no way for a YubiKey device to prevent a user from deciding that a secret value, which is imported into the device, should also be stored elsewhere
CVE-2022-24571 1 Car Driving School Management System Project 1 Car Driving School Management System 2024-11-21 9.8 Critical
Car Driving School Management System v1.0 is affected by SQL injection in the login page. An attacker can use simple SQL login injection payload to get admin access.
CVE-2022-24440 1 Cocoapods 1 Cocoapods-downloader 2024-11-21 8.1 High
The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocess_options function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.
CVE-2022-24437 1 Git-pull-or-clone Project 1 Git-pull-or-clone 2024-11-21 9.8 Critical
The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn(). However, the outpath parameter passed to it may be a command-line argument to the git clone command and result in arbitrary command injection.
CVE-2022-24433 1 Simple-git Project 1 Simple-git 2024-11-21 8.1 High
The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary command execution.