The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-36640 | influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor\'s documentation states If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization. | -- | Sep 4, 2022 | n/a |
| CVE-2022-36639 | A stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | -- | Sep 3, 2022 | n/a |
| CVE-2022-36638 | An access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders. | -- | Sep 3, 2022 | n/a |
| CVE-2022-36637 | Garage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the brand_name parameter at /brand.php. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36636 | Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36622 | Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36621 | Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36620 | D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36619 | In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36616 | TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36615 | TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36614 | TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36613 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36612 | TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36611 | TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36610 | TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36609 | Clinic\'s Patient Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pms/update_patient.php. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36604 | An access control issue in Canaan Avalon ASIC Miner 2020.3.30 and below allows unauthenticated attackers to arbitrarily change user passwords via a crafted POST request. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36603 | InnoSilicon T3T+ t2t+_soc_20190911_151433.swu was discovered to contain a remote code execution (RCE) vulnerability in the checkUrl function. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36602 | InnoSilicon A10 a10_20200924_120556 was discovered to contain a remote code execution (RCE) vulnerability in the setPlatformAPI function. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36600 | BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36594 | Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36593 | kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36583 | DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36582 | An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36581 | Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via the user_email parameter at /admin/login.php. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36580 | An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36573 | A cross-site scripting (XSS) vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36572 | Sinsiu Sinsiu Enterprise Website System v1.1.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /upload/admin.php?/deal/. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36571 | Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36570 | Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/SetLEDCfg. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36569 | Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36568 | Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the list parameter at /goform/setPptpUserList. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36566 | Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function. | -- | Aug 31, 2022 | n/a |
| CVE-2022-36565 | Incorrect access control in the install directory (C:\\Wamp64) of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | -- | Aug 30, 2022 | n/a |
| CVE-2022-36564 | Incorrect access control in the install directory (C:\\Strawberry) of StrawberryPerl v5.32.1.1 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | -- | Aug 30, 2022 | n/a |
| CVE-2022-36563 | Incorrect access control in the install directory (C:\\RailsInstaller) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | -- | Aug 30, 2022 | n/a |
| CVE-2022-36562 | Incorrect access control in the install directory (C:\\Ruby31-x64) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | -- | Aug 30, 2022 | n/a |
| CVE-2022-36561 | XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36560 | Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36559 | Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at ping_exec.cgi. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36558 | Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36557 | Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. This vulnerability allows attackers to execute arbitrary code via a crafted html file. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36556 | Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain a command injection vulnerability via the ipAddress parameter at 07system08execute_ping_01. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36555 | Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash for the root account which can be easily cracked via a brute-force attack. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36554 | A command injection vulnerability in the CLI (Command Line Interface) implementation of Hytec Inter HWL-2511-SS v1.05 and below allows attackers to execute arbitrary commands with root privileges. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36553 | Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36552 | Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi-bin/DownloadFlash which allows attackers to steal all data such as source code and system files via a crafted GET request. | -- | Aug 30, 2022 | n/a |
| CVE-2022-36449 | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36373 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Simon Ward MP3 jPlayer plugin <= 2.7.3 at WordPress. | -- | Sep 2, 2022 | n/a |
