The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2022-42097 | Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via \'Comment.\' . | -- | Nov 23, 2022 |
CVE-2022-42096 | Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content. | -- | Nov 23, 2022 |
CVE-2022-42095 | Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content. | -- | Nov 25, 2022 |
CVE-2022-42094 | Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the \'Card\' content. | -- | Nov 23, 2022 |
CVE-2022-42092 | Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via \'themes\' that allows attackers to Remote Code Execution. Note: Third parties dispute this and argue that advanced permissions are required. | -- | Oct 9, 2022 |
CVE-2022-42087 | Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | -- | Oct 14, 2022 |
CVE-2022-42086 | Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function TendaAteMode. | -- | Oct 14, 2022 |
CVE-2022-42081 | Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via sched_end_time parameter. | -- | Oct 14, 2022 |
CVE-2022-42080 | Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a heap overflow via sched_start_time parameter. | -- | Oct 14, 2022 |
CVE-2022-42079 | Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via the function formWifiBasicSet. | -- | Oct 14, 2022 |
CVE-2022-42078 | Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. | -- | Oct 14, 2022 |
CVE-2022-42077 | Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | -- | Oct 14, 2022 |
CVE-2022-42075 | Wedding Planner v1.0 is vulnerable to arbitrary code execution. | -- | Oct 7, 2022 |
CVE-2022-42074 | Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editcategory.php?id=. | -- | Oct 7, 2022 |
CVE-2022-42073 | Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editclient.php?id=. | -- | Oct 7, 2022 |
CVE-2022-42071 | Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting (XSS) Vulnerability. | -- | Oct 14, 2022 |
CVE-2022-42070 | Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (CSRF). | -- | Oct 14, 2022 |
CVE-2022-42069 | Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting (XSS) vulnerability. | -- | Oct 15, 2022 |
CVE-2022-42067 | Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference (IDOR) vulnerability | -- | Oct 14, 2022 |
CVE-2022-42066 | Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php. | -- | Oct 15, 2022 |
CVE-2022-42064 | Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell. | -- | Oct 15, 2022 |
CVE-2022-42060 | Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. | -- | Nov 18, 2022 |
CVE-2022-42058 | Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setRemoteWebManage function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. | -- | Nov 18, 2022 |
CVE-2022-42055 | Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system. | -- | Oct 27, 2022 |
CVE-2022-42054 | Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields. | -- | Oct 27, 2022 |
CVE-2022-42053 | Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the PortMappingServer parameter in the setPortMapping function. | -- | Nov 18, 2022 |
CVE-2022-42046 | wfshbr64.sys and wfshbr32.sys specially crafted IOCTL allows arbitrary user to perform local privilege escalation | -- | Dec 21, 2022 |
CVE-2022-42045 | Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28. | -- | Jul 13, 2023 |
CVE-2022-42044 | The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. | -- | Oct 13, 2022 |
CVE-2022-42043 | The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. | -- | Oct 13, 2022 |
CVE-2022-42042 | The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0. | -- | Oct 13, 2022 |
CVE-2022-42041 | The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0. | -- | Oct 13, 2022 |
CVE-2022-42040 | The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | -- | Oct 13, 2022 |
CVE-2022-42039 | The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | -- | Oct 13, 2022 |
CVE-2022-42038 | The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | -- | Oct 13, 2022 |
CVE-2022-42037 | The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | -- | Oct 13, 2022 |
CVE-2022-42036 | The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | -- | Oct 13, 2022 |
CVE-2022-42034 | Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php. | -- | Oct 11, 2022 |
CVE-2022-42029 | Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to \'big file uploads\' to copy/move files from anywhere in the file system into the web directory. | -- | Oct 19, 2022 |
CVE-2022-42021 | Best Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=. | -- | Oct 21, 2022 |
CVE-2022-42012 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. | -- | Oct 8, 2022 |
CVE-2022-42011 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. | -- | Oct 8, 2022 |
CVE-2022-42010 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. | -- | Oct 8, 2022 |
CVE-2022-42009 | SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7. | -- | Jul 12, 2023 |
CVE-2022-42004 | In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. | -- | Oct 4, 2022 |
CVE-2022-42003 | In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. | -- | Oct 4, 2022 |
CVE-2022-42002 | SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete. | -- | Oct 4, 2022 |
CVE-2022-42001 | Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the book navigation. | -- | Nov 16, 2022 |
CVE-2022-42000 | Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage. | -- | Nov 16, 2022 |
CVE-2022-41999 | A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability. | -- | Dec 23, 2022 |