The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2022-35421 | Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the pname parameter at /admin/operations/packages.php. | -- | Aug 4, 2022 |
CVE-2022-35272 | In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework (MRF) virtual server, undisclosed traffic may cause the Traffic Management Microkernel (TMM) to produce a core file and the connection to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | -- | Aug 4, 2022 |
CVE-2022-35245 | In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5.1, when a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | -- | Aug 4, 2022 |
CVE-2022-35243 | In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | -- | Aug 4, 2022 |
CVE-2022-35241 | In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | -- | Aug 4, 2022 |
CVE-2022-35240 | In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when the Message Routing (MR) Message Queuing Telemetry Transport (MQTT) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | -- | Aug 4, 2022 |
CVE-2022-35236 | In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an HTTP2 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | -- | Aug 4, 2022 |
CVE-2022-35223 | EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate system command or interrupt service. | -- | Aug 2, 2022 |
CVE-2022-35222 | HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service. | -- | Aug 2, 2022 |
CVE-2022-35221 | Teamplus Pro community discussion has an ‘allocation of resource without limits or throttling’ vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service. | -- | Aug 2, 2022 |
CVE-2022-35220 | Teamplus Pro community discussion function has an ‘allocation of resource without limits or throttling’ vulnerability. A remote attacker with general user privilege posting a thread with large content can cause the receiving client device to allocate too much memory, leading to abnormal termination of this client’s Teamplus Pro application. | -- | Aug 2, 2022 |
CVE-2022-35219 | The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet key parameter. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service. | -- | Aug 2, 2022 |
CVE-2022-35218 | The NHI card’s web service component has a heap-based buffer overflow vulnerability due to insufficient validation for packet origin parameter length. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service. | -- | Aug 2, 2022 |
CVE-2022-35217 | The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A local area network attacker with general user privilege can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service. | -- | Aug 2, 2022 |
CVE-2022-35216 | OMICARD EDM’s mail image relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files. | -- | Aug 4, 2022 |
CVE-2022-35163 | Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the U_NAME parameter at /category/controller.php?action=edit. | -- | Aug 6, 2022 |
CVE-2022-35162 | Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the CATEGORY parameter at /category/controller.php?action=edit. | -- | Aug 6, 2022 |
CVE-2022-35161 | GVRET Stable Release as of Aug 15, 2015 was discovered to contain a buffer overflow via the handleConfigCmd function at SerialConsole.cpp. | -- | Aug 4, 2022 |
CVE-2022-35158 | A vulnerability in the lua parser of TscanCode tsclua v2.15.01 allows attackers to cause a Denial of Service (DoS) via a crafted lua script. | -- | Aug 4, 2022 |
CVE-2022-35144 | Renato v0.17.0 was discovered to contain a cross-site scripting (XSS) vulnerability. | -- | Aug 4, 2022 |
CVE-2022-35143 | Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. | -- | Aug 4, 2022 |
CVE-2022-35142 | An issue in Renato v0.17.0 allows attackers to cause a Denial of Service (DoS) via a crafted payload injected into the Search parameter. | -- | Aug 4, 2022 |
CVE-2022-35118 | PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. | -- | Aug 5, 2022 |
CVE-2022-34993 | Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample. | -- | Aug 4, 2022 |
CVE-2022-34992 | Luadec v0.9.9 was discovered to contain a heap-buffer overflow via the function UnsetPending. | -- | Aug 4, 2022 |
CVE-2022-34974 | D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function. | -- | Aug 3, 2022 |
CVE-2022-34973 | D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ping.ccp. | -- | Aug 3, 2022 |
CVE-2022-34970 | Crow before 1.0+4 has a heap-based buffer overflow via the function qs_parse in query_string.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service. | -- | Aug 4, 2022 |
CVE-2022-34969 | PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer dereference. | -- | Aug 3, 2022 |
CVE-2022-34968 | An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query. | -- | Aug 3, 2022 |
CVE-2022-34967 | The assertion `stmt->Dbc->FirstStmt\' failed in MonetDB Database Server v11.43.13. | -- | Aug 3, 2022 |
CVE-2022-34956 | Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_groups.php. | -- | Aug 4, 2022 |
CVE-2022-34955 | Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_topusers.php. | -- | Aug 4, 2022 |
CVE-2022-34954 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at invoiceprint.php. | -- | Aug 4, 2022 |
CVE-2022-34953 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getOrderReport.php. | -- | Aug 5, 2022 |
CVE-2022-34952 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edituser.php. | -- | Aug 5, 2022 |
CVE-2022-34951 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getsalereport.php. | -- | Aug 5, 2022 |
CVE-2022-34950 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editproduct.php. | -- | Aug 4, 2022 |
CVE-2022-34949 | Pharmacy Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the email or password parameter at login.php. | -- | Aug 4, 2022 |
CVE-2022-34948 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editbrand.php. | -- | Aug 4, 2022 |
CVE-2022-34947 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editcategory.php. | -- | Aug 4, 2022 |
CVE-2022-34946 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getexpproduct.php. | -- | Aug 4, 2022 |
CVE-2022-34945 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getproductreport.php. | -- | Aug 4, 2022 |
CVE-2022-34943 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | -- | Aug 3, 2022 |
CVE-2022-34937 | Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component savepage.php. This vulnerability allows attackers to execute arbitrary code. | -- | Aug 3, 2022 |
CVE-2022-34928 | JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user. | -- | Aug 6, 2022 |
CVE-2022-34927 | MilkyTracker v1.03.00 was discovered to contain a stack overflow via the component LoaderXM::load. This vulnerability is triggered when the program is supplied a crafted XM module file. | -- | Aug 3, 2022 |
CVE-2022-34924 | Lanling OA Landray Office Automation (OA) internal patch number #133383/#137780 contains an arbitrary file read vulnerability via the component /sys/ui/extend/varkind/custom.jsp. | -- | Aug 3, 2022 |
CVE-2022-34872 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of Virtual Metrics. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16336. | -- | Aug 3, 2022 |
CVE-2022-34871 | This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-16335. | -- | Aug 3, 2022 |