CVE Vulnerability Database

Search and browse 10 known security vulnerabilities. Filter by severity, vendor, product, and year.

10 vulnerabilities found
Recent Highest Score Oldest
Severity: Critical × Year: 2022 × Clear all
CVE-2022-46393
9.8 critical

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.

Arm Mbed Tls Dec 15, 2022
CVE-2022-2807
9.8 critical

SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection. This issue affects Prens Student Information System: before 2.1.11.

Algan Prens Student Information System Dec 2, 2022
CVE-2022-0495
9.4 critical

The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01.

Parantezteknoloji Koha Library Automation Sep 21, 2022
CVE-2022-2315
9.4 critical

Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2.

Databank Accreditation Tracking\/Presentation Module Sep 21, 2022
CVE-2022-2177
9.4 critical

Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2.

Kayrasoft Kayrasoft Sep 20, 2022
CVE-2022-1277
9.4 critical

Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability.

Inavitas Solar Log Jul 29, 2022
CVE-2021-41556
10.0 critical

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dange

Squirrel-Lang Squirrel Jul 28, 2022
CVE-2022-35409
9.1 critical

An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information dis

Arm Mbed Tls Jul 15, 2022
CVE-2022-0715
9.1 critical

A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040

Schneider-Electric Smt Series 1015 Ups Firmware Mar 9, 2022
CVE-2022-23305
9.8 critical

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into

Apache Log4J Jan 18, 2022