The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-30500 | Jfinal cms 5.1.0 is vulnerable to SQL Injection. | HIGH | May 26, 2022 | n/a |
| CVE-2022-30503 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h. | LOW | Jun 2, 2022 | n/a |
| CVE-2022-30506 | An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file. | HIGH | Jun 2, 2022 | n/a |
| CVE-2022-30508 | DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter. | MEDIUM | May 27, 2022 | n/a |
| CVE-2022-30510 | School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59. | HIGH | Jun 2, 2022 | n/a |
| CVE-2022-30511 | School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/view_details.php:4. | HIGH | Jun 2, 2022 | n/a |
| CVE-2022-30512 | School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.php:31. | HIGH | Jun 2, 2022 | n/a |
| CVE-2022-30513 | School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125 | MEDIUM | Jun 2, 2022 | n/a |
| CVE-2022-30514 | School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126. | MEDIUM | Jun 2, 2022 | n/a |
| CVE-2022-30515 | ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration. | -- | Nov 9, 2022 | n/a |
| CVE-2022-30516 | In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks. | HIGH | May 26, 2022 | n/a |
| CVE-2022-30517 | Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS). | MEDIUM | Jul 13, 2022 | n/a |
| CVE-2022-30518 | ChatBot Application with a Suggestion Feature 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /simple_chat_bot/admin/responses/view_response.php. | HIGH | May 20, 2022 | n/a |
| CVE-2022-30519 | XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field. | -- | Dec 30, 2022 | n/a |
| CVE-2022-30521 | The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users easily. The attackers can exploit the vulnerability to carry out arbitrary code by means of sending a specially constructed payload to port 49152. | HIGH | Jun 2, 2022 | n/a |
| CVE-2022-30522 | If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. | MEDIUM | Jun 9, 2022 | n/a |
| CVE-2022-30523 | Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege escalation on the affected machine. | HIGH | May 16, 2022 | n/a |
| CVE-2022-30524 | There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | MEDIUM | May 9, 2022 | n/a |
| CVE-2022-30525 | A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. | HIGH | May 12, 2022 | n/a |
| CVE-2022-30526 | A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device. | -- | Jul 19, 2022 | n/a |
| CVE-2022-30527 | A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application assigns improper access rights to specific folders containing executable files and libraries. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | -- | Oct 10, 2023 | n/a |
| CVE-2022-30528 | SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to /system/user/modules/mod_users/controller.php. | -- | Dec 1, 2022 | n/a |
| CVE-2022-30529 | File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php. | -- | Nov 22, 2022 | n/a |
| CVE-2022-30530 | Protection mechanism failure in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | Feb 17, 2023 | n/a |
| CVE-2022-30531 | Out-of-bounds read in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1474 may allow a privileged user to potentially enable information disclosure via local access. | -- | Feb 17, 2023 | n/a |
| CVE-2022-30532 | In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy. | -- | Jul 19, 2022 | n/a |
| CVE-2022-30533 | Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors. | LOW | Jun 16, 2022 | n/a |
| CVE-2022-30534 | An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | -- | Aug 26, 2022 | n/a |
| CVE-2022-30535 | In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | -- | Aug 4, 2022 | n/a |
| CVE-2022-30536 | Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud\'s WP Maintenance plugin <= 6.0.7 at WordPress. | -- | Jul 21, 2022 | n/a |
| CVE-2022-30538 | Out-of-bounds write vulnerability exists in the simulator module contained in the graphic editor \'V-SFT\' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | MEDIUM | Jun 16, 2022 | n/a |
| CVE-2022-30539 | Use after free in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | -- | Feb 17, 2023 | n/a |
| CVE-2022-30540 | The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code | MEDIUM | Jun 2, 2022 | n/a |
| CVE-2022-30541 | An OS command injection vulnerability exists in the XCMD setUPnP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability. | -- | Oct 26, 2022 | n/a |
| CVE-2022-30542 | Improper input validation in the firmware for some Intel(R) Server Board S2600WF, Intel(R) Server System R1000WF and Intel(R) Server System R2000WF families before version R02.01.0014 may allow a privileged user to potentially enable an escalation of privilege via local access. | LOW | Nov 11, 2022 | n/a |
| CVE-2022-30543 | A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability. | -- | Nov 9, 2022 | n/a |
| CVE-2022-30544 | Cross-Site Request Forgery (CSRF) in MiKa\'s OSM – OpenStreetMap plugin <= 6.0.1 versions. | -- | Jan 25, 2023 | n/a |
| CVE-2022-30545 | Auth. Reflected Cross-Site Scripting (XSS) vulnerability in 5 Anker Connect plugin <= 1.2.6 on WordPress. | -- | Nov 9, 2022 | n/a |
| CVE-2022-30546 | Out-of-bounds read vulnerability exists in the simulator module contained in the graphic editor \'V-SFT\' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | MEDIUM | Jun 16, 2022 | n/a |
| CVE-2022-30547 | A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | -- | Aug 26, 2022 | n/a |
| CVE-2022-30548 | Uncontrolled search path element in the Intel(R) Glorp software may allow an authenticated user to potentially enable escalation of privilege via local access. | LOW | Nov 11, 2022 | n/a |
| CVE-2022-30549 | Out-of-bounds read vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | MEDIUM | Jun 16, 2022 | n/a |
| CVE-2022-30550 | An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. The documentation does not advise against the use of passdb definitions that have the same driver and args settings. One such configuration would be where an administrator wishes to use the same PAM configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user. | -- | Jul 7, 2022 | n/a |
| CVE-2022-30551 | OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources. | MEDIUM | May 20, 2022 | n/a |
| CVE-2022-30552 | Das U-Boot 2022.01 has a Buffer Overflow. | LOW | Jun 8, 2022 | n/a |
| CVE-2022-30556 | Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. | MEDIUM | Jun 9, 2022 | n/a |
| CVE-2022-30557 | Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution. | MEDIUM | May 12, 2022 | n/a |
| CVE-2022-30560 | When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash. | MEDIUM | Jun 28, 2022 | n/a |
| CVE-2022-30561 | When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user\'s login packet. | MEDIUM | Jun 28, 2022 | n/a |
| CVE-2022-30562 | If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. | MEDIUM | Jun 28, 2022 | n/a |
