The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-29270 | In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address. | MEDIUM | Jun 29, 2022 | n/a |
| CVE-2022-29271 | In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks. | MEDIUM | Jun 29, 2022 | n/a |
| CVE-2022-29272 | In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing. | MEDIUM | Jun 29, 2022 | n/a |
| CVE-2022-29273 | pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters. | -- | Feb 23, 2023 | n/a |
| CVE-2022-29275 | In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 Kernel 5.1: version 05.17.21 Kernel 5.2: version 05.27.21 Kernel 5.3: version 05.36.21 Kernel 5.4: version 05.44.21 Kernel 5.5: version 05.52.21 https://www.insyde.com/security-pledge/SA-2022058 | -- | Nov 15, 2022 | n/a |
| CVE-2022-29276 | SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18 Kernel 5.2: version 05.27.18 Kernel 5.3: version 05.36.18 Kernel 5.4: version 05.44.18 Kernel 5.5: version 05.52.18 https://www.insyde.com/security-pledge/SA-2022059 | -- | Nov 16, 2022 | n/a |
| CVE-2022-29277 | Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R: 05.21.51.0048 Whitley: 05.42.23.0066 Cedar Island: 05.42.11.0021 Eagle Stream: 05.44.25.0052 Greenlow/Greenlow-R(skylake/kabylake): Trunk Mehlow/Mehlow-R (CoffeeLake-S): Trunk Tatlow (RKL-S): Trunk Denverton: 05.10.12.0042 Snow Ridge: Trunk Graneville DE: 05.05.15.0038 Grangeville DE NS: 05.27.26.0023 Bakerville: 05.21.51.0026 Idaville: 05.44.27.0030 Whiskey Lake: Trunk Comet Lake-S: Trunk Tiger Lake H/UP3: 05.43.12.0052 Alder Lake: 05.44.23.0047 Gemini Lake: Not Affected Apollo Lake: Not Affected Elkhart Lake: 05.44.30.0018 AMD ROME: trunk MILAN: 05.36.10.0017 GENOA: 05.52.25.0006 Snowy Owl: Trunk R1000: 05.32.50.0018 R2000: 05.44.30.0005 V2000: Trunk V3000: 05.44.30.0007 Ryzen 5000: 05.44.30.0004 Embedded ROME: Trunk Embedded MILAN: Trunk Hygon Hygon #1/#2: 05.36.26.0016 Hygon #3: 05.44.26.0007 https://www.insyde.com/security-pledge/SA-2022060 | -- | Nov 16, 2022 | n/a |
| CVE-2022-29278 | Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. This issue was discovered by Insyde during security review. Fixed in: Kernel 5.1: Version 05.17.23 Kernel 5.2: Version 05.27.23 Kernel 5.3: Version 05.36.23 Kernel 5.4: Version 05.44.23 Kernel 5.5: Version 05.52.23 https://www.insyde.com/security-pledge/SA-2022061 | -- | Nov 16, 2022 | n/a |
| CVE-2022-29279 | Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.17 Kernel 5.1: version 05.17.17 Kernel 5.2: version 05.27.17 Kernel 5.3: version 05.36.17 Kernel 5.4: version 05.44.17 Kernel 5.5: version 05.52.17 https://www.insyde.com/security-pledge/SA-2022062 | -- | Nov 16, 2022 | n/a |
| CVE-2022-29280 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-28366. Reason: This candidate is a reservation duplicate of CVE-2022-28366. Notes: All CVE users should reference CVE-2022-28366 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | n/a |
| CVE-2022-29281 | Notable before 1.9.0-beta.8 doesn\'t effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application resolves UNC paths). | MEDIUM | Apr 15, 2022 | n/a |
| CVE-2022-29286 | Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling. | MEDIUM | Jul 17, 2022 | n/a |
| CVE-2022-29287 | Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights (default is Administrator) to export the user options of any user, even ones with higher privileges (like Global Administrators) than the current user. The exported XML contains every option of the exported user (even the hashed password). | MEDIUM | Apr 16, 2022 | n/a |
| CVE-2022-29296 | A reflected cross-site scripting (XSS) vulnerability in the login portal of Avantune Genialcloud ProJ - 10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | MEDIUM | Jun 7, 2022 | n/a |
| CVE-2022-29298 | SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal. | MEDIUM | May 12, 2022 | n/a |
| CVE-2022-29299 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-20660. Reason: This candidate is a reservation duplicate of CVE-2021-20660. Notes: All CVE users should reference CVE-2021-20660 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | n/a |
| CVE-2022-29301 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-20660. Reason: This candidate is a reservation duplicate of CVE-2021-20660. Notes: All CVE users should reference CVE-2021-20660 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | n/a |
| CVE-2022-29302 | SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp.php. | LOW | May 12, 2022 | n/a |
| CVE-2022-29303 | SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php. | HIGH | May 12, 2022 | n/a |
| CVE-2022-29304 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /classes/master.php?f=delete_ Facility. | MEDIUM | May 20, 2022 | n/a |
| CVE-2022-29305 | imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost. | MEDIUM | May 24, 2022 | n/a |
| CVE-2022-29306 | IonizeCMS v1.0.8.1 was discovered to contain a SQL injection vulnerability via the id_page parameter in application/models/article_model.php. | HIGH | May 12, 2022 | n/a |
| CVE-2022-29307 | IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function copy_lang_content in application/models/lang_model.php. | HIGH | May 12, 2022 | n/a |
| CVE-2022-29309 | mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. | MEDIUM | May 24, 2022 | n/a |
| CVE-2022-29315 | Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used. | HIGH | Apr 19, 2022 | n/a |
| CVE-2022-29316 | Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via /eris/index.php?q=result&searchfor=advancesearch. | HIGH | May 11, 2022 | n/a |
| CVE-2022-29317 | Simple Bus Ticket Booking System v1.0 was discovered to contain multiple SQL injection vulnerbilities via the username and password parameters at /assets/partials/_handleLogin.php. | HIGH | May 11, 2022 | n/a |
| CVE-2022-29318 | An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | MEDIUM | May 11, 2022 | n/a |
| CVE-2022-29320 | MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. | HIGH | May 20, 2022 | n/a |
| CVE-2022-29321 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan. | HIGH | May 10, 2022 | n/a |
| CVE-2022-29322 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip. | HIGH | May 10, 2022 | n/a |
| CVE-2022-29323 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment. | HIGH | May 10, 2022 | n/a |
| CVE-2022-29324 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd. | HIGH | May 10, 2022 | n/a |
| CVE-2022-29325 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter. | HIGH | May 10, 2022 | n/a |
| CVE-2022-29326 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter. | HIGH | May 10, 2022 | n/a |
| CVE-2022-29327 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel. | HIGH | May 10, 2022 | n/a |
| CVE-2022-29328 | D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack overflow via the function checkvalidupgrade. | HIGH | May 10, 2022 | n/a |
| CVE-2022-29329 | D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings. | HIGH | May 10, 2022 | n/a |
| CVE-2022-29330 | Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors. | MEDIUM | Jun 24, 2022 | n/a |
| CVE-2022-29332 | D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the ../../../../ setting of the FTP server folder to set the router\'s root folder for FTP access. This allows you to access the entire router file system via the FTP server. | MEDIUM | May 17, 2022 | n/a |
| CVE-2022-29333 | A vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file. | MEDIUM | May 25, 2022 | n/a |
| CVE-2022-29334 | An issue in H v1.0 allows attackers to bypass authentication via a session replay attack. | HIGH | May 25, 2022 | n/a |
| CVE-2022-29337 | C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. This vulnerability allows attackers to execute arbitrary commands via a crafted HTTP request. | HIGH | May 25, 2022 | n/a |
| CVE-2022-29339 | In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2. | MEDIUM | May 5, 2022 | n/a |
| CVE-2022-29340 | GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad. | MEDIUM | May 5, 2022 | n/a |
| CVE-2022-29347 | An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary commands via a crafted PHP file. | HIGH | May 4, 2022 | n/a |
| CVE-2022-29349 | kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java. | MEDIUM | May 25, 2022 | n/a |
| CVE-2022-29351 | An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows attackers to execute arbitrary code via a crafted SVG file. Note: The vendor argues that this is not a legitimate issue and there is no vulnerability here. | HIGH | May 16, 2022 | n/a |
| CVE-2022-29353 | An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows attackers to execute arbitrary code via a crafted filename. | HIGH | May 16, 2022 | n/a |
| CVE-2022-29354 | An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary code via a crafted file. | HIGH | May 16, 2022 | n/a |
