The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2022-29854 | A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution. | -- | May 13, 2022 |
| CVE-2022-29849 | In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible to privilege escalation. If exploited, a local attacker could elevate their privileges and compromise the affected system. | HIGH | May 2, 2022 |
| CVE-2022-29848 | In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system. | -- | May 11, 2022 |
| CVE-2022-29847 | In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host. | -- | May 11, 2022 |
| CVE-2022-29846 | In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number. | -- | May 11, 2022 |
| CVE-2022-29845 | In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file. | -- | May 11, 2022 |
| CVE-2022-29824 | In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don\'t check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2\'s buffer functions, for example libxslt through 1.1.35, is affected as well. | MEDIUM | May 7, 2022 |
| CVE-2022-29821 | In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible | MEDIUM | May 5, 2022 |
| CVE-2022-29820 | In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible | LOW | May 5, 2022 |
| CVE-2022-29819 | In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible | MEDIUM | May 5, 2022 |
| CVE-2022-29818 | In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed | LOW | May 5, 2022 |
| CVE-2022-29817 | In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible | MEDIUM | May 5, 2022 |
| CVE-2022-29816 | In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible | LOW | May 5, 2022 |
| CVE-2022-29815 | In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible | MEDIUM | May 5, 2022 |
| CVE-2022-29814 | In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible | MEDIUM | May 5, 2022 |
| CVE-2022-29813 | In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible | MEDIUM | May 5, 2022 |
| CVE-2022-29812 | In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient | LOW | May 5, 2022 |
| CVE-2022-29811 | In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. | LOW | May 5, 2022 |
| CVE-2022-29810 | The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter. | LOW | May 5, 2022 |
| CVE-2022-29806 | ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability. | HIGH | May 6, 2022 |
| CVE-2022-29800 | networkd-dispatcher: Time-of-check-time-of-use (TOCTOU) race condition | -- | May 3, 2022 |
| CVE-2022-29799 | networkd-dispatcher: Directory traversal | -- | May 3, 2022 |
| CVE-2022-29796 | The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. | -- | May 13, 2022 |
| CVE-2022-29795 | The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability. | -- | May 13, 2022 |
| CVE-2022-29794 | The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this vulnerability will affect data integrity, availability, and confidentiality. | -- | May 13, 2022 |
| CVE-2022-29793 | There is a configuration defect in the activation lock of mobile phones.Successful exploitation of this vulnerability may affect application availability. | -- | May 13, 2022 |
| CVE-2022-29792 | The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnerability may affect data confidentiality. | -- | May 13, 2022 |
| CVE-2022-29791 | The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. | -- | May 13, 2022 |
| CVE-2022-29790 | The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions. | -- | May 13, 2022 |
| CVE-2022-29789 | The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Successful exploitation of this vulnerability will affect AI services. | -- | May 13, 2022 |
| CVE-2022-29751 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client. | -- | May 12, 2022 |
| CVE-2022-29750 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service. | -- | May 12, 2022 |
| CVE-2022-29749 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_invoice. | -- | May 12, 2022 |
| CVE-2022-29748 | Simple Client Management System 1.0 is vulnerable to SQL Injection via \\cms\\admin?page=client/manage_client&id=. | -- | May 12, 2022 |
| CVE-2022-29747 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoice&id= // Leak place ---> id. | -- | May 12, 2022 |
| CVE-2022-29746 | Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/classes/Users.php?f=delete. | -- | May 12, 2022 |
| CVE-2022-29745 | Money Transfer Management System 1.0 is vulnerable to SQL Injection via \\mtms\\classes\\Master.php?f=delete_transaction. | -- | May 12, 2022 |
| CVE-2022-29741 | Money Transfer Management System 1.0 is vulnerable to SQL Injection via \\mtms\\classes\\Master.php?f=delete_fee. | -- | May 12, 2022 |
| CVE-2022-29739 | Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=user/manage_user&id=. | -- | May 12, 2022 |
| CVE-2022-29738 | Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=transaction/send&id=, id. | -- | May 12, 2022 |
| CVE-2022-29728 | Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-site scripting (XSS) vulnerability in the test parameter. | -- | May 11, 2022 |
| CVE-2022-29727 | Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter. | -- | May 11, 2022 |
| CVE-2022-29701 | A lack of rate limiting in the \'forgot password\' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | MEDIUM | May 5, 2022 |
| CVE-2022-29700 | A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification. | MEDIUM | May 5, 2022 |
| CVE-2022-29656 | Wedding Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Wedding-Management/package_detail.php. | -- | May 11, 2022 |
| CVE-2022-29655 | An arbitrary file upload vulnerability in the Upload Photos module of Wedding Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | -- | May 11, 2022 |
| CVE-2022-29616 | SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption. | -- | May 11, 2022 |
| CVE-2022-29613 | Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application. | -- | May 11, 2022 |
| CVE-2022-29611 | SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | -- | May 11, 2022 |
| CVE-2022-29610 | SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack. | -- | May 11, 2022 |
