The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-37773 | An authenticated SQL Injection vulnerability in the statistics page (/statistics/retrieve) of Maarch RM 2.8, via the filter parameter, allows the complete disclosure of all databases. | -- | Nov 26, 2022 | n/a |
| CVE-2022-37774 | There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document\'s URL (https://{url}/tmp/{MD5 hash of the document}) is then accessible without authentication. | -- | Nov 26, 2022 | n/a |
| CVE-2022-37775 | Genesys PureConnect Interaction Web Tools Chat Service (up to at least 26- September- 2019) allows XSS within the Printable Chat History via the participant -> name JSON POST parameter. | -- | Sep 16, 2022 | n/a |
| CVE-2022-37777 | Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers 3.0.1.17 and earlier were discovered to contain a remote command execution (RCE) vulnerability via the trHops parameter of the tracert function. | -- | Sep 12, 2022 | n/a |
| CVE-2022-37778 | Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the current_time parameter of the time function. | -- | Sep 12, 2022 | n/a |
| CVE-2022-37779 | Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the sendnum parameter of the ping function. | -- | Sep 12, 2022 | n/a |
| CVE-2022-37780 | Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the pingAddr parameter of the tracert function. | -- | Sep 12, 2022 | n/a |
| CVE-2022-37781 | fdkaac v1.0.3 was discovered to contain a heap buffer overflow via __interceptor_memcpy.part.46 at /sanitizer_common/sanitizer_common_interceptors.inc. | -- | Aug 18, 2022 | n/a |
| CVE-2022-37783 | All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_TOKEN to avoid Cross Site Request Forgery attacks. The CRAFT_CSRF_TOKEN cookie discloses the password hash in without encoding it whereas the corresponding HTML hidden field discloses the users\' password hash in a masked manner, which can be decoded by using public functions of the YII framework. | -- | Dec 7, 2022 | n/a |
| CVE-2022-37785 | An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords are displayed in the configuration for terminal plugins. | -- | Jan 2, 2023 | n/a |
| CVE-2022-37786 | An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the [Home / Admin / Resources] page, the [Home / Admin / System Params] page, and the [Home / Design / Basekey Configuration] page. | -- | Jan 2, 2023 | n/a |
| CVE-2022-37787 | An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page. | -- | Jan 2, 2023 | n/a |
| CVE-2022-37794 | In Library Management System 1.0 the /card/in-card.php file id_no parameters are vulnerable to SQL injection. | -- | Sep 12, 2022 | n/a |
| CVE-2022-37796 | In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site Scripting(XSS). | -- | Sep 12, 2022 | n/a |
| CVE-2022-37797 | In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. | -- | Sep 12, 2022 | n/a |
| CVE-2022-37798 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetVirtualSer. | -- | Aug 26, 2022 | n/a |
| CVE-2022-37799 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter at the function setSmartPowerManagement. | -- | Aug 26, 2022 | n/a |
| CVE-2022-37800 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function fromSetRouteStatic. | -- | Aug 26, 2022 | n/a |
| CVE-2022-37801 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand. | -- | Aug 26, 2022 | n/a |
| CVE-2022-37802 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromNatStaticSetting. | -- | Aug 26, 2022 | n/a |
| CVE-2022-37803 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromAddressNat. | -- | Aug 26, 2022 | n/a |
| CVE-2022-37804 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo. | -- | Aug 26, 2022 | n/a |
| CVE-2022-37805 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromWizardHandle. | -- | Aug 26, 2022 | n/a |
| CVE-2022-37806 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromDhcpListClient. | -- | Aug 26, 2022 | n/a |
| CVE-2022-37807 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function formSetClientState. | -- | Aug 26, 2022 | n/a |
| CVE-2022-37808 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the index parameter in the function formWifiWpsOOB. | -- | Aug 26, 2022 | n/a |
| CVE-2022-37809 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the speed_dir parameter in the function formSetSpeedWan. | -- | Aug 26, 2022 | n/a |
| CVE-2022-37810 | Tenda AC1206 V15.03.06.23 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac. | -- | Aug 26, 2022 | n/a |
| CVE-2022-37811 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the startIp parameter in the function formSetPPTPServer. | -- | Aug 26, 2022 | n/a |
| CVE-2022-37812 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the firewallEn parameter in the function formSetFirewallCfg. | -- | Aug 26, 2022 | n/a |
| CVE-2022-37813 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetSysTime. | -- | Aug 26, 2022 | n/a |
| CVE-2022-37814 | Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack overflows via the deviceMac and the device_id parameters in the function addWifiMacFilter. | -- | Aug 26, 2022 | n/a |
| CVE-2022-37815 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the PPPOEPassword parameter in the function formQuickIndex. | -- | Aug 26, 2022 | n/a |
| CVE-2022-37816 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetIpMacBind. | -- | Aug 25, 2022 | n/a |
| CVE-2022-37817 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetIpMacBind. | -- | Aug 27, 2022 | n/a |
| CVE-2022-37818 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand. | -- | Aug 27, 2022 | n/a |
| CVE-2022-37819 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the timezone parameter in the function fromSetSysTime. | -- | Aug 27, 2022 | n/a |
| CVE-2022-37820 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the ddnsEn parameter in the function formSetSysToolDDNS. | -- | Aug 27, 2022 | n/a |
| CVE-2022-37821 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the ProvinceCode parameter in the function formSetProvince. | -- | Aug 27, 2022 | n/a |
| CVE-2022-37822 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetRouteStatic. | -- | Aug 27, 2022 | n/a |
| CVE-2022-37823 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetVirtualSer. | -- | Aug 27, 2022 | n/a |
| CVE-2022-37824 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic. | -- | Aug 27, 2022 | n/a |
| CVE-2022-37830 | Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS). | -- | Oct 19, 2023 | n/a |
| CVE-2022-37832 | Mutiny 7.2.0-10788 suffers from Hardcoded root password. | -- | Dec 16, 2022 | n/a |
| CVE-2022-37835 | Torguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such as credentials and information about the server, without admin privileges. | -- | Sep 12, 2022 | n/a |
| CVE-2022-37839 | TOTOLINK A860R V4.1.2cu.5182_B20201027 is vulnerable to Buffer Overflow via Cstecgi.cgi. | -- | Sep 8, 2022 | n/a |
| CVE-2022-37840 | In TOTOLINK A860R V4.1.2cu.5182_B20201027, the main function in downloadfile.cgi has a buffer overflow vulnerability. | -- | Sep 8, 2022 | n/a |
| CVE-2022-37841 | In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in /etc/shadow.sample. | -- | Sep 8, 2022 | n/a |
| CVE-2022-37842 | In TOTOLINK A860R V4.1.2cu.5182_B20201027, the parameters in infostat.cgi are not filtered, causing a buffer overflow vulnerability. | -- | Sep 8, 2022 | n/a |
| CVE-2022-37843 | In TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi, the acquired parameters are directly put into the system for execution without filtering, resulting in a command injection vulnerability. | -- | Sep 8, 2022 | n/a |
