The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-30322 | go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0. | HIGH | May 25, 2022 | n/a |
| CVE-2022-30323 | go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0. | HIGH | May 25, 2022 | n/a |
| CVE-2022-30324 | HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1. | HIGH | Jun 2, 2022 | n/a |
| CVE-2022-30325 | An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits. The device default pre-shared key for both 2.4 GHz and 5 GHz networks can be guessed or brute-forced by an attacker within range of the Wi-Fi network. | LOW | Jun 17, 2022 | n/a |
| CVE-2022-30326 | An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The network pre-shared key field on the web interface is vulnerable to XSS. An attacker can use a simple XSS payload to crash the basic.config page of the web interface. | LOW | Jun 17, 2022 | n/a |
| CVE-2022-30327 | An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The web interface is vulnerable to CSRF. An attacker can change the pre-shared key of the Wi-Fi router if the interface\'s IP address is known. | MEDIUM | Jun 17, 2022 | n/a |
| CVE-2022-30328 | An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The username and password setup for the web interface does not require entering the existing password. A malicious user can change the username and password of the interface. | MEDIUM | Jun 17, 2022 | n/a |
| CVE-2022-30329 | An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. An OS injection vulnerability exists within the web interface, allowing an attacker with valid credentials to execute arbitrary shell commands. | HIGH | Jun 17, 2022 | n/a |
| CVE-2022-30330 | In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader code to compromise the hardware wallet across reboots or storage wipes. | MEDIUM | May 7, 2022 | n/a |
| CVE-2022-30331 | The User-Defined Functions (UDF) feature in TigerGraph 3.6.0 allows installation of a query (in the GSQL query language) without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor\'s position is GSQL was behaving as expected. | -- | Sep 6, 2022 | n/a |
| CVE-2022-30332 | In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via a series of requests. | -- | Jan 11, 2023 | n/a |
| CVE-2022-30333 | RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected. | MEDIUM | May 9, 2022 | n/a |
| CVE-2022-30334 | Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser. | MEDIUM | May 7, 2022 | n/a |
| CVE-2022-30335 | Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component. | HIGH | May 9, 2022 | n/a |
| CVE-2022-30337 | Cross-Site Request Forgery (CSRF) vulnerability in JoomUnited WP Meta SEO plugin <= 4.4.8 at WordPress allows an attacker to update the social settings. | -- | Jul 21, 2022 | n/a |
| CVE-2022-30338 | Incorrect default permissions in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 10, 2023 | n/a |
| CVE-2022-30339 | Out-of-bounds read in firmware for the Intel(R) Integrated Sensor Solution before versions 5.4.2.4579v3, 5.4.1.4479 and 5.0.0.4143 may allow a privileged user to potentially enable denial of service via local access. | -- | Feb 17, 2023 | n/a |
| CVE-2022-30349 | siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). | MEDIUM | Jun 2, 2022 | n/a |
| CVE-2022-30350 | Avanquest Software RAD PDF (PDFEscape Online) 3.19.2.2 is vulnerable to Information Leak / Disclosure. The PDFEscape Online tool provides users with a white out functionality for redacting images, text, and other graphics from a PDF document. However, this mechanism does not remove underlying text or PDF object specification information from the PDF. As a result, for example, redacted text may be copy-pasted by a PDF reader. | -- | Mar 31, 2023 | n/a |
| CVE-2022-30351 | PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having workflows claiming to correctly remove redacted information from a supplied PDF file, does not properly sanitize this information in all cases, causing redacted information, including images and text embedded in the PDF file, to be leaked unintentionally. In cases where PDF text objects are present it is possible to copy-paste redacted information into the system clipboard. Once a document is locked and marked for redaction once, all redactions performed after this feature is triggered are vulnerable. | -- | Mar 31, 2023 | n/a |
| CVE-2022-30352 | phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the auth_user parameter in index.php script. | HIGH | Jun 2, 2022 | n/a |
| CVE-2022-30367 | Air Cargo Management System v1.0 is vulnerable to file deletion via /acms/classes/Master.php?f=delete_img. | MEDIUM | May 13, 2022 | n/a |
| CVE-2022-30370 | Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo_type. | HIGH | May 13, 2022 | n/a |
| CVE-2022-30371 | Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/view_cargo_type.php?id=. | MEDIUM | May 13, 2022 | n/a |
| CVE-2022-30372 | Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo. | MEDIUM | May 13, 2022 | n/a |
| CVE-2022-30373 | Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/manage_cargo_type.php?id=. | MEDIUM | May 13, 2022 | n/a |
| CVE-2022-30374 | Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/?page=transactions/manage_transaction&id=. | MEDIUM | May 13, 2022 | n/a |
| CVE-2022-30375 | Sourcecodester Simple Social Networking Site v1.0 is vulnerable to file deletion via /sns/classes/Master.php?f=delete_img. | MEDIUM | May 13, 2022 | n/a |
| CVE-2022-30376 | Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/members/view_member.php?id=. | MEDIUM | May 13, 2022 | n/a |
| CVE-2022-30378 | Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=posts/view_post&id=. | MEDIUM | May 13, 2022 | n/a |
| CVE-2022-30379 | Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=user/manage_user&id=. | MEDIUM | May 13, 2022 | n/a |
| CVE-2022-30381 | Merchandise Online Store v1.0 is vulnerable to file deletion via /vloggers_merch/classes/Master.php?f=delete_img. | MEDIUM | May 13, 2022 | n/a |
| CVE-2022-30384 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_inventory. | HIGH | May 13, 2022 | n/a |
| CVE-2022-30385 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_order. | HIGH | May 13, 2022 | n/a |
| CVE-2022-30386 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured. | HIGH | May 13, 2022 | n/a |
| CVE-2022-30387 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order. | HIGH | May 13, 2022 | n/a |
| CVE-2022-30391 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_category. | HIGH | May 13, 2022 | n/a |
| CVE-2022-30392 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category. | HIGH | May 13, 2022 | n/a |
| CVE-2022-30393 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=product/manage_product&id=. | MEDIUM | May 13, 2022 | n/a |
| CVE-2022-30395 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_cart. | HIGH | May 13, 2022 | n/a |
| CVE-2022-30396 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=inventory/manage_inventory&id=. | MEDIUM | May 13, 2022 | n/a |
| CVE-2022-30398 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=orders/view_order&id=. | MEDIUM | May 13, 2022 | n/a |
| CVE-2022-30399 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_category&id=. | MEDIUM | May 13, 2022 | n/a |
| CVE-2022-30400 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/orders/view_order.php?view=user&id=. | MEDIUM | May 13, 2022 | n/a |
| CVE-2022-30401 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=view_product&id=. | MEDIUM | May 13, 2022 | n/a |
| CVE-2022-30402 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_sub_category&id=. | MEDIUM | May 13, 2022 | n/a |
| CVE-2022-30403 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=products&c=. | MEDIUM | May 13, 2022 | n/a |
| CVE-2022-30404 | College Management System v1.0 is vulnerable to SQL Injection via /College_Management_System/admin/display-teacher.php?teacher_id=. | MEDIUM | May 13, 2022 | n/a |
| CVE-2022-30407 | Pharmacy Sales And Inventory System v1.0 is vulnerable to SQL Injection via /pharmacy-sales-and-inventory-system/manage_user.php?id=. | HIGH | May 13, 2022 | n/a |
| CVE-2022-30408 | Covid-19 Travel Pass Management System v1.0 is vulnerable to file deletion via /ctpms/classes/Master.php?f=delete_img. | MEDIUM | May 13, 2022 | n/a |
