The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2022-30129 | Visual Studio Code Remote Code Execution Vulnerability. | -- | May 11, 2022 |
| CVE-2022-30062 | ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Read via tp.php | -- | May 11, 2022 |
| CVE-2022-30061 | ftcms <=2.1 was discovered to be vulnerable to directory traversal attacks via the parameter tp. | -- | May 11, 2022 |
| CVE-2022-30060 | ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Write via admin/controllers/tp.php | -- | May 11, 2022 |
| CVE-2022-30059 | Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at \\backend\\controllers\\DbController.php. | -- | May 11, 2022 |
| CVE-2022-30058 | Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at \\backend\\controllers\\DbController.php. | -- | May 11, 2022 |
| CVE-2022-30057 | Shopwind <=v3.4.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability. | -- | May 11, 2022 |
| CVE-2022-30048 | Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter. | -- | May 11, 2022 |
| CVE-2022-30047 | Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter. | -- | May 11, 2022 |
| CVE-2022-30040 | Tenda AX1803 v1.0.0.1_2890 is vulnerable to Buffer Overflow. The vulnerability lies in rootfs_ In / goform / setsystimecfg of / bin / tdhttpd in ubif file system, attackers can access http://ip/goform/SetSysTimeCfg, and by setting the ntpserve parameter, the stack buffer overflow can be caused to achieve the effect of router denial of service. | -- | May 11, 2022 |
| CVE-2022-29978 | There is a floating point exception error in sixel_encoder_do_resize, encoder.c:633 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file. | -- | May 11, 2022 |
| CVE-2022-29977 | There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file. | -- | May 11, 2022 |
| CVE-2022-29976 | An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0 . | -- | May 11, 2022 |
| CVE-2022-29975 | An Authenticated Reflected Cross-site scripting at CC Parameter was discovered in MDaemon before 22.0.0 . | -- | May 11, 2022 |
| CVE-2022-29932 | The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allows an unauthenticated attacker to obtain sensitive data (related to the content of transferred files) via a crafted HTTP request. | -- | May 11, 2022 |
| CVE-2022-29898 | On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper validation of an integrity check value in all versions of the firmware. | -- | May 11, 2022 |
| CVE-2022-29897 | On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the traceroute utility integrated in the WebUI to execute arbitrary code with root privileges on the OS due to an improper input validation in all versions of the firmware. | -- | May 11, 2022 |
| CVE-2022-29848 | In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system. | -- | May 11, 2022 |
| CVE-2022-29847 | In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host. | -- | May 11, 2022 |
| CVE-2022-29846 | In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number. | -- | May 11, 2022 |
| CVE-2022-29845 | In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file. | -- | May 11, 2022 |
| CVE-2022-29728 | Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-site scripting (XSS) vulnerability in the test parameter. | -- | May 11, 2022 |
| CVE-2022-29727 | Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter. | -- | May 11, 2022 |
| CVE-2022-29656 | Wedding Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Wedding-Management/package_detail.php. | -- | May 11, 2022 |
| CVE-2022-29655 | An arbitrary file upload vulnerability in the Upload Photos module of Wedding Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | -- | May 11, 2022 |
| CVE-2022-29616 | SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption. | -- | May 11, 2022 |
| CVE-2022-29613 | Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application. | -- | May 11, 2022 |
| CVE-2022-29611 | SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | -- | May 11, 2022 |
| CVE-2022-29610 | SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack. | -- | May 11, 2022 |
| CVE-2022-29399 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parameter in the function FUN_00415bf0. | -- | May 11, 2022 |
| CVE-2022-29398 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN_0041309c. | -- | May 11, 2022 |
| CVE-2022-29397 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004196c8. | -- | May 11, 2022 |
| CVE-2022-29396 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418f10. | -- | May 11, 2022 |
| CVE-2022-29395 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the apcliKey parameter in the function FUN_0041bac4. | -- | May 11, 2022 |
| CVE-2022-29394 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macAddress parameter in the function FUN_0041b448. | -- | May 11, 2022 |
| CVE-2022-29393 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004192cc. | -- | May 11, 2022 |
| CVE-2022-29392 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418c24. | -- | May 11, 2022 |
| CVE-2022-29391 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004200c8. | -- | May 11, 2022 |
| CVE-2022-29318 | An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | -- | May 11, 2022 |
| CVE-2022-29317 | Simple Bus Ticket Booking System v1.0 was discovered to contain multiple SQL injection vulnerbilities via the username and password parameters at /assets/partials/_handleLogin.php. | -- | May 11, 2022 |
| CVE-2022-29316 | Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via /eris/index.php?q=result&searchfor=advancesearch. | -- | May 11, 2022 |
| CVE-2022-29151 | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29135, CVE-2022-29150. | -- | May 11, 2022 |
| CVE-2022-29150 | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29135, CVE-2022-29151. | -- | May 11, 2022 |
| CVE-2022-29148 | Visual Studio Remote Code Execution Vulnerability. | -- | May 11, 2022 |
| CVE-2022-29145 | .NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29117. | -- | May 11, 2022 |
| CVE-2022-29142 | Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29133. | -- | May 11, 2022 |
| CVE-2022-29141 | Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139. | -- | May 11, 2022 |
| CVE-2022-29140 | Windows Print Spooler Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-29114. | -- | May 11, 2022 |
| CVE-2022-29139 | Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29141. | -- | May 11, 2022 |
| CVE-2022-29138 | Windows Clustered Shared Volume Elevation of Privilege Vulnerability. | -- | May 11, 2022 |
