The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-29616 | SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption. | MEDIUM | May 11, 2022 | n/a |
| CVE-2022-29617 | Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application. | MEDIUM | Jun 7, 2022 | n/a |
| CVE-2022-29618 | Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | MEDIUM | Jun 15, 2022 | n/a |
| CVE-2022-29619 | Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn\'t own and which would otherwise be restricted. | MEDIUM | Jul 16, 2022 | n/a |
| CVE-2022-29620 | FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via a memory dump.- NOTE: the vendor does not consider this a vulnerability | MEDIUM | Jun 9, 2022 | n/a |
| CVE-2022-29622 | An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are configuration options in all versions that can change the default behavior of how files are handled. Strapi does not consider this to be a valid vulnerability. | HIGH | May 16, 2022 | n/a |
| CVE-2022-29623 | An arbitrary file upload vulnerability in the file upload module of Connect-Multiparty v2.2.0 allows attackers to execute arbitrary code via a crafted PDF file. | MEDIUM | May 16, 2022 | n/a |
| CVE-2022-29624 | An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file. | MEDIUM | Jun 2, 2022 | n/a |
| CVE-2022-29627 | An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers. | MEDIUM | Jun 2, 2022 | n/a |
| CVE-2022-29628 | A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parameter. | LOW | Jun 2, 2022 | n/a |
| CVE-2022-29631 | Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send. These vulnerabilities allow attackers to execute Server-Side Request Forgery (SSRF) via a crafted TCP payload. | MEDIUM | Jun 7, 2022 | n/a |
| CVE-2022-29632 | An arbitrary file upload vulnerability in the component /course/api/upload/pic of Roncoo Education v9.0.0 allows attackers to execute arbitrary code via a crafted file. | HIGH | May 27, 2022 | n/a |
| CVE-2022-29633 | An access control issue in Linglong v1.0 allows attackers to access the background of the application via a crafted cookie. | HIGH | May 27, 2022 | n/a |
| CVE-2022-29637 | An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows attackers to execute arbitrary commands via a crafted Zip file. | MEDIUM | May 27, 2022 | n/a |
| CVE-2022-29638 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setIpQosRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | HIGH | May 18, 2022 | n/a |
| CVE-2022-29639 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function uci_cloudupdate_config. | HIGH | May 18, 2022 | n/a |
| CVE-2022-29640 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setPortForwardRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | HIGH | May 18, 2022 | n/a |
| CVE-2022-29641 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the startTime and endTime parameters in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | HIGH | May 18, 2022 | n/a |
| CVE-2022-29642 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the url parameter in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | HIGH | May 18, 2022 | n/a |
| CVE-2022-29643 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the macAddress parameter in the function setMacQos. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | HIGH | May 18, 2022 | n/a |
| CVE-2022-29644 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini. | HIGH | May 18, 2022 | n/a |
| CVE-2022-29645 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample. | HIGH | May 18, 2022 | n/a |
| CVE-2022-29646 | An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 allows attackers to obtain sensitive information via a crafted web request. | MEDIUM | May 18, 2022 | n/a |
| CVE-2022-29647 | An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do. | MEDIUM | Jun 2, 2022 | n/a |
| CVE-2022-29648 | A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request. | LOW | Jun 2, 2022 | n/a |
| CVE-2022-29649 | Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability. | -- | Sep 18, 2022 | n/a |
| CVE-2022-29650 | Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php. | HIGH | May 25, 2022 | n/a |
| CVE-2022-29651 | An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | MEDIUM | May 25, 2022 | n/a |
| CVE-2022-29652 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=save_client. | MEDIUM | May 20, 2022 | n/a |
| CVE-2022-29653 | OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json. | MEDIUM | Jun 2, 2022 | n/a |
| CVE-2022-29654 | Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file. | -- | Aug 22, 2023 | n/a |
| CVE-2022-29655 | An arbitrary file upload vulnerability in the Upload Photos module of Wedding Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | MEDIUM | May 11, 2022 | n/a |
| CVE-2022-29656 | Wedding Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Wedding-Management/package_detail.php. | HIGH | May 11, 2022 | n/a |
| CVE-2022-29659 | Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php. | HIGH | Jun 2, 2022 | n/a |
| CVE-2022-29660 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del. | HIGH | May 28, 2022 | n/a |
| CVE-2022-29661 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29662 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/news/save. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29663 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/hy. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29664 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/pl_save. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29665 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29666 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29667 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via /admin.php/pic/admin/pic/hy. This vulnerability is exploited via restoring deleted photos. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29669 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/lists/zhuan. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29670 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/del. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29676 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29680 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/zu_del. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29681 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Links/del. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29682 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/vod/admin/topic/del. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29683 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/page_del. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29684 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/js_del. | MEDIUM | May 28, 2022 | n/a |
