The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2022-31004 | CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in \'data.js\' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were called in production, it is possible that it would write the plaintext key to disk. A patch is not available as of time of publication but is anticipated as a hot fix for version 1.1.1 and for the 2.x branch. | MEDIUM | Jun 2, 2022 |
CVE-2022-31002 | Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue. | MEDIUM | Jun 1, 2022 |
CVE-2022-31001 | Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue. | MEDIUM | Jun 1, 2022 |
CVE-2022-31000 | solidus_backend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery (CSRF) vulnerability. The vulnerability allows attackers to change the state of an order\'s adjustments if they hold its number, and the execution happens on a store administrator\'s computer. Users should upgrade to solidus_backend 3.1.6, 3.0.6, or 2.11.16 to receive a patch. | MEDIUM | Jun 1, 2022 |
CVE-2022-30836 | Wedding Management System v1.0 is vulnerable to SQL Injection. via Wedding-Management/admin/select.php. | MEDIUM | Jun 2, 2022 |
CVE-2022-30835 | Wedding Management System v1.0 is vulnerable to SQL Injection. via /Wedding-Management/admin/budget.php?booking_id=. | MEDIUM | Jun 2, 2022 |
CVE-2022-30834 | Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_manage_account_details.php?booking_id=31&user_id= | MEDIUM | Jun 2, 2022 |
CVE-2022-30833 | Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_edit.php?booking=31&user_id=. | MEDIUM | Jun 2, 2022 |
CVE-2022-30832 | Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_assign.php?booking=31&user_id=. | MEDIUM | Jun 2, 2022 |
CVE-2022-30831 | Wedding Management System v1.0 is vulnerable to SQL Injection via Wedding-Management/wedding_details.php. | MEDIUM | Jun 2, 2022 |
CVE-2022-30830 | Wedding Management System v1.0 is vulnerable to SQL Injection via \\admin\\feature_edit.php. | MEDIUM | Jun 2, 2022 |
CVE-2022-30829 | Wedding Management System v1.0 is vulnerable to SQL Injection via \\admin\\users_edit.php. | MEDIUM | Jun 2, 2022 |
CVE-2022-30828 | Wedding Management System v1.0 is vulnerable to SQL Injection via \\admin\\photos_edit.php. | MEDIUM | Jun 2, 2022 |
CVE-2022-30827 | Wedding Management System v1.0 is vulnerable to SQL Injection via \\admin\\package_edit.php. | MEDIUM | Jun 2, 2022 |
CVE-2022-30826 | Wedding Management System v1.0 is vulnerable to SQL Injection via admin\\client_assign.php. | MEDIUM | Jun 2, 2022 |
CVE-2022-30825 | Wedding Management System v1.0 is vulnerable to SQL Injection via \\admin\\client_edit.php. | MEDIUM | Jun 2, 2022 |
CVE-2022-30823 | Wedding Management System v1.0 is vulnerable to SQL Injection via \\admin\\blog_events_edit.php. | MEDIUM | Jun 2, 2022 |
CVE-2022-30822 | In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of users_profile.php file. | MEDIUM | Jun 2, 2022 |
CVE-2022-30821 | In Wedding Management System v1.0, the editing function of the Services module in the background management system has an arbitrary file upload vulnerability in the picture upload point of package_edit.php file. | MEDIUM | Jun 2, 2022 |
CVE-2022-30820 | In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of users_edit.php file. | MEDIUM | Jun 2, 2022 |
CVE-2022-30819 | In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of photos_edit.php file. | MEDIUM | Jun 2, 2022 |
CVE-2022-30818 | Wedding Management System v1.0 is vulnerable to SQL injection via /Wedding-Management/admin/blog_events_edit.php?id=31. | MEDIUM | Jun 2, 2022 |
CVE-2022-30804 | elitecms v1.01 is vulnerable to Delete any file via /admin/delete_image.php?file=. | MEDIUM | Jun 2, 2022 |
CVE-2022-30799 | Online Ordering System v1.0 by oretnom23 has SQL injection via store/orderpage.php. | MEDIUM | Jun 2, 2022 |
CVE-2022-30798 | Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/viewreport.php. | MEDIUM | Jun 2, 2022 |
CVE-2022-30795 | Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductimage.php. | MEDIUM | Jun 2, 2022 |
CVE-2022-30794 | Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php. | MEDIUM | Jun 2, 2022 |
CVE-2022-30540 | The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code | MEDIUM | Jun 2, 2022 |
CVE-2022-30514 | School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126. | MEDIUM | Jun 2, 2022 |
CVE-2022-30513 | School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125 | MEDIUM | Jun 2, 2022 |
CVE-2022-30496 | SQL injection in Logon Page of IDCE MV\'s application, version 1.0, allows an attacker to inject SQL payloads in the user field, connecting to a database to access enterprise\'s private and sensitive information. | MEDIUM | Jun 2, 2022 |
CVE-2022-30349 | siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). | MEDIUM | Jun 2, 2022 |
CVE-2022-30237 | A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | MEDIUM | Jun 3, 2022 |
CVE-2022-30236 | A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | MEDIUM | Jun 3, 2022 |
CVE-2022-30235 | A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | MEDIUM | Jun 3, 2022 |
CVE-2022-30233 | A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | MEDIUM | Jun 3, 2022 |
CVE-2022-30232 | A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | MEDIUM | Jun 3, 2022 |
CVE-2022-30128 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | MEDIUM | Jun 2, 2022 |
CVE-2022-30127 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | MEDIUM | Jun 2, 2022 |
CVE-2022-29788 | libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mobi file. | MEDIUM | Jun 2, 2022 |
CVE-2022-29784 | PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java. | MEDIUM | Jun 3, 2022 |
CVE-2022-29778 | D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter \'descriptor\' at SetVirtualServerSettings.php | MEDIUM | Jun 3, 2022 |
CVE-2022-29767 | adbyby v2.7 allows external users to make connections via port 8118. This can cause a program logic error and lead to a Denial of Service (DoS) via high CPU usage due to a large number of connections. | MEDIUM | Jun 3, 2022 |
CVE-2022-29735 | Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request. | MEDIUM | Jun 2, 2022 |
CVE-2022-29733 | Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack. | MEDIUM | Jun 2, 2022 |
CVE-2022-29732 | Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | MEDIUM | Jun 2, 2022 |
CVE-2022-29731 | An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users. | MEDIUM | Jun 2, 2022 |
CVE-2022-29729 | Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page. | MEDIUM | Jun 2, 2022 |
CVE-2022-29725 | An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file. | MEDIUM | Jun 2, 2022 |
CVE-2022-29718 | Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. | MEDIUM | Jun 3, 2022 |