Search Results (36949 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-23865 1 Wecul 1 Nyron 2024-11-21 9.8 Critical
Nyron 1.0 is affected by a SQL injection vulnerability through Nyron/Library/Catalog/winlibsrch.aspx. To exploit this vulnerability, an attacker must inject '"> on the thes1 parameter.
CVE-2022-23857 1 Navidrome 1 Navidrome 2024-11-21 6.5 Medium
model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table (which contains sensitive information such as the users' encrypted passwords).
CVE-2022-23833 4 Debian, Djangoproject, Fedoraproject and 1 more 6 Debian Linux, Django, Fedora and 3 more 2024-11-21 7.5 High
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.
CVE-2022-23822 1 Xilinx 4 Zynq-7000, Zynq-7000 Firmware, Zynq-7000s and 1 more 2024-11-21 6.8 Medium
In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue.
CVE-2022-23773 3 Golang, Netapp, Redhat 12 Go, Beegfs Csi Driver, Cloud Insights Telegraf Agent and 9 more 2024-11-21 7.5 High
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
CVE-2022-23709 1 Elastic 1 Kibana 2024-11-21 4.3 Medium
A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this privilege could not modify alerting connectors. This effectively means that Read users could disable existing alerting rules.
CVE-2022-23452 2 Openstack, Redhat 3 Barbican, Openstack, Openstack Platform 2024-11-21 4.9 Medium
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.
CVE-2022-23451 2 Openstack, Redhat 3 Barbican, Openstack, Openstack Platform 2024-11-21 8.1 High
An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.
CVE-2022-23437 4 Apache, Netapp, Oracle and 1 more 31 Xerces-j, Active Iq Unified Manager, Agile Engineering Data Management and 28 more 2024-11-21 6.5 Medium
There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.
CVE-2022-23387 1 Taocms 1 Taocms 2024-11-21 7.5 High
An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field.
CVE-2022-23380 1 Taogogo 1 Taocms 2024-11-21 8.8 High
There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit.
CVE-2022-23379 1 Emlog 1 Emlog 2024-11-21 9.8 Critical
Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid().
CVE-2022-23366 1 Hms Project 1 Hms 2024-11-21 9.8 Critical
HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php.
CVE-2022-23365 1 Hms Project 1 Hms 2024-11-21 9.8 Critical
HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php.
CVE-2022-23364 1 Hms Project 1 Hms 2024-11-21 9.8 Critical
HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php.
CVE-2022-23363 1 Online Banking System Project 1 Online Banking System 2024-11-21 9.8 Critical
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via index.php.
CVE-2022-23358 1 Easycms 1 Easycms 2024-11-21 9.8 Critical
EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms provided by the user were not sanitized and were used directly to construct a SQL statement.
CVE-2022-23352 1 Bigantsoft 1 Bigant Server 2024-11-21 7.5 High
An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS).
CVE-2022-23337 1 Dedecms 1 Dedecms 2024-11-21 9.8 Critical
DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter.
CVE-2022-23336 1 S-cms 1 S-cms 2024-11-21 9.8 Critical
S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter.