The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2022-29810 | The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter. | LOW | May 5, 2022 | n/a |
CVE-2022-29808 | In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled. | -- | Aug 3, 2022 | n/a |
CVE-2022-29807 | A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php. | -- | Aug 3, 2022 | n/a |
CVE-2022-29806 | ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability. | HIGH | May 6, 2022 | n/a |
CVE-2022-29805 | A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload. | -- | Aug 19, 2022 | n/a |
CVE-2022-29804 | Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack. | -- | Jun 4, 2022 | n/a |
CVE-2022-29801 | A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem. | MEDIUM | May 20, 2022 | n/a |
CVE-2022-29800 | A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not. | -- | May 3, 2022 | n/a |
CVE-2022-29799 | A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the “/etc/networkd-dispatcher” base directory. | -- | May 3, 2022 | n/a |
CVE-2022-29798 | There is a denial of service vulnerability in CV81-WDM FW versions 01.70.49.29.46. Successful exploitation could cause denial of service. | HIGH | Jun 18, 2022 | n/a |
CVE-2022-29797 | There is a buffer overflow vulnerability in CV81-WDM FW 01.70.49.29.46. Successful exploitation of this vulnerability may lead to privilege escalation. | HIGH | Jun 18, 2022 | n/a |
CVE-2022-29796 | The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. | MEDIUM | May 13, 2022 | n/a |
CVE-2022-29795 | The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability. | MEDIUM | May 13, 2022 | n/a |
CVE-2022-29794 | The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this vulnerability will affect data integrity, availability, and confidentiality. | HIGH | May 13, 2022 | n/a |
CVE-2022-29793 | There is a configuration defect in the activation lock of mobile phones.Successful exploitation of this vulnerability may affect application availability. | MEDIUM | May 13, 2022 | n/a |
CVE-2022-29792 | The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnerability may affect data confidentiality. | MEDIUM | May 13, 2022 | n/a |
CVE-2022-29791 | The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. | MEDIUM | May 13, 2022 | n/a |
CVE-2022-29790 | The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions. | MEDIUM | May 13, 2022 | n/a |
CVE-2022-29789 | The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Successful exploitation of this vulnerability will affect AI services. | MEDIUM | May 13, 2022 | n/a |
CVE-2022-29788 | libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mobi file. | MEDIUM | Jun 2, 2022 | n/a |
CVE-2022-29784 | PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java. | MEDIUM | Jun 3, 2022 | n/a |
CVE-2022-29780 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. | LOW | Jun 2, 2022 | n/a |
CVE-2022-29779 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. | LOW | Jun 2, 2022 | n/a |
CVE-2022-29778 | D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter \'descriptor\' at SetVirtualServerSettings.php | MEDIUM | Jun 3, 2022 | n/a |
CVE-2022-29777 | Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h. | HIGH | Jun 2, 2022 | n/a |
CVE-2022-29776 | Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp. | HIGH | Jun 2, 2022 | n/a |
CVE-2022-29775 | iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL. | HIGH | Jun 21, 2022 | n/a |
CVE-2022-29774 | iSpy v7.2.2.0 is vulnerable to remote command execution via path traversal. | HIGH | Jun 21, 2022 | n/a |
CVE-2022-29773 | An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set. | LOW | Jun 3, 2022 | n/a |
CVE-2022-29770 | XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo. | LOW | Jun 3, 2022 | n/a |
CVE-2022-29767 | adbyby v2.7 allows external users to make connections via port 8118. This can cause a program logic error and lead to a Denial of Service (DoS) via high CPU usage due to a large number of connections. | MEDIUM | Jun 3, 2022 | n/a |
CVE-2022-29751 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client. | HIGH | May 12, 2022 | n/a |
CVE-2022-29750 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service. | HIGH | May 12, 2022 | n/a |
CVE-2022-29749 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_invoice. | HIGH | May 12, 2022 | n/a |
CVE-2022-29748 | Simple Client Management System 1.0 is vulnerable to SQL Injection via \\cms\\admin?page=client/manage_client&id=. | HIGH | May 12, 2022 | n/a |
CVE-2022-29747 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoice&id= // Leak place ---> id. | HIGH | May 12, 2022 | n/a |
CVE-2022-29746 | Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/classes/Users.php?f=delete. | HIGH | May 12, 2022 | n/a |
CVE-2022-29745 | Money Transfer Management System 1.0 is vulnerable to SQL Injection via \\mtms\\classes\\Master.php?f=delete_transaction. | HIGH | May 12, 2022 | n/a |
CVE-2022-29741 | Money Transfer Management System 1.0 is vulnerable to SQL Injection via \\mtms\\classes\\Master.php?f=delete_fee. | HIGH | May 12, 2022 | n/a |
CVE-2022-29739 | Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=user/manage_user&id=. | HIGH | May 12, 2022 | n/a |
CVE-2022-29738 | Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=transaction/send&id=, id. | HIGH | May 12, 2022 | n/a |
CVE-2022-29735 | Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request. | MEDIUM | Jun 2, 2022 | n/a |
CVE-2022-29734 | A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. | LOW | Jun 2, 2022 | n/a |
CVE-2022-29733 | Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack. | MEDIUM | Jun 2, 2022 | n/a |
CVE-2022-29732 | Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | MEDIUM | Jun 2, 2022 | n/a |
CVE-2022-29731 | An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users. | MEDIUM | Jun 2, 2022 | n/a |
CVE-2022-29730 | USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device. | HIGH | Jun 2, 2022 | n/a |
CVE-2022-29729 | Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page. | MEDIUM | Jun 2, 2022 | n/a |
CVE-2022-29728 | Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-site scripting (XSS) vulnerability in the test parameter. | MEDIUM | May 11, 2022 | n/a |
CVE-2022-29727 | Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter. | LOW | May 11, 2022 | n/a |