Total
2339 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4275 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
| A vulnerability has been found in House Rental System and classified as critical. Affected by this vulnerability is an unknown functionality of the file search-property.php of the component POST Request Handler. The manipulation of the argument search_property leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214771. | |||||
| CVE-2022-4274 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, was found in House Rental System. Affected is an unknown function of the file /view-property.php. The manipulation of the argument property_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214770 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4253 | 1 Canteen Management System Project | 1 Canteen Management System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in SourceCodester Canteen Management System. It has been declared as problematic. This vulnerability affects the function builtin_echo of the file customer.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214630 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4252 | 1 Canteen Management System Project | 1 Canteen Management System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function builtin_echo of the file categories.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214629 was assigned to this vulnerability. | |||||
| CVE-2022-4251 | 2024-11-21 | N/A | 2.4 LOW | ||
| A vulnerability was found in Movie Ticket Booking System and classified as problematic. Affected by this issue is some unknown functionality of the file editBooking.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214628. | |||||
| CVE-2022-4250 | 1 Movie Ticket Booking System Project | 1 Movie Ticket Booking System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability has been found in Movie Ticket Booking System and classified as problematic. Affected by this vulnerability is an unknown functionality of the file booking.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214627. | |||||
| CVE-2022-4248 | 1 Movie Ticket Booking System Project | 1 Movie Ticket Booking System | 2024-11-21 | N/A | 5.0 MEDIUM |
| A vulnerability, which was classified as critical, has been found in Movie Ticket Booking System. This issue affects some unknown processing of the file editBooking.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214625 was assigned to this vulnerability. | |||||
| CVE-2022-4247 | 1 Movie Ticket Booking System Project | 1 Movie Ticket Booking System | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability classified as critical was found in Movie Ticket Booking System. This vulnerability affects unknown code of the file booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214624. | |||||
| CVE-2022-4234 | 1 Canteen Management System Project | 1 Canteen Management System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in SourceCodester Canteen Management System. It has been rated as problematic. This issue affects the function builtin_echo of the file youthappam/brand.php. The manipulation of the argument brand_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214595. | |||||
| CVE-2022-4188 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-4145 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | N/A | 4.3 MEDIUM |
| A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation. | |||||
| CVE-2022-4091 | 1 Canteen Management System Project | 1 Canteen Management System | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function query of the file food.php. The manipulation of the argument product_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214359. | |||||
| CVE-2022-47583 | 1 Mintty Project | 1 Mintty | 2024-11-21 | N/A | 9.8 CRITICAL |
| Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal. | |||||
| CVE-2022-46337 | 1 Apache | 1 Derby | 2024-11-21 | N/A | 9.8 CRITICAL |
| A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was visible to and executable by the account which booted the Derby server. In LDAP-protected databases which weren't also protected by SQL GRANT/REVOKE authorization, this vulnerability could also let an attacker view and corrupt sensitive data and run sensitive database functions and procedures. Mitigation: Users should upgrade to Java 21 and Derby 10.17.1.0. Alternatively, users who wish to remain on older Java versions should build their own Derby distribution from one of the release families to which the fix was backported: 10.16, 10.15, and 10.14. Those are the releases which correspond, respectively, with Java LTS versions 17, 11, and 8. | |||||
| CVE-2022-46265 | 1 Siemens | 1 Polarion Alm | 2024-11-21 | N/A | 5.4 MEDIUM |
| A vulnerability has been identified in Polarion ALM (All versions < V2304.0). The affected application contains a Host header injection vulnerability that could allow an attacker to spoof a Host header information and redirect users to malicious websites. | |||||
| CVE-2022-46180 | 1 Discourse | 1 Mermaid | 2024-11-21 | N/A | 5.0 MEDIUM |
| Discourse Mermaid (discourse-mermaid-theme-component) allows users of Discourse, open-source forum software, to create graphs using the Mermaid syntax. Users of discourse-mermaid-theme-component version 1.0.0 who can create posts are able to inject arbitrary HTML on that post. The issue has been fixed on the `main` branch of the GitHub repository, with 1.1.0 named as a patched version. Admins can update the theme component through the admin UI. As a workaround, admins can temporarily disable discourse-mermaid-theme-component. | |||||
| CVE-2022-45801 | 1 Apache | 1 Streampark | 2024-11-21 | N/A | 5.4 MEDIUM |
| Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP statements through techniques similar to SQL Injection. LDAP injection attacks could result in the granting of permissions to unauthorized queries, and content modification inside the LDAP tree. This risk may only occur when the user logs in with ldap, and the user name and password login will not be affected, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later. | |||||
| CVE-2022-45048 | 1 Apache | 1 Ranger | 2024-11-21 | N/A | 8.4 HIGH |
| Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0. | |||||
| CVE-2022-43756 | 1 Suse | 1 Wrangler | 2024-11-21 | N/A | 5.9 MEDIUM |
| A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying specially crafted git credentials. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions. | |||||
| CVE-2022-43562 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | N/A | 3.0 LOW |
| In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning. | |||||