CVE List - 2022 / May
Showing 901 - 1000 of 2161 CVEs for May 2022 (Page 10 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-30060 | 2022-05-11 | ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Write via admin/controllers/tp.php |
| CVE-2022-28838 | 2022-05-11 | Adobe Acrobat Pro DC Doc flattenPages Use-After-Free Remote Code Execution Vulnerability |
| CVE-2022-30062 | 2022-05-11 | ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Read via tp.php |
| CVE-2022-30063 | 2022-05-11 | ftcms <=2.1 was discovered to be vulnerable to code execution attacks . |
| CVE-2022-30448 | 2022-05-11 | Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php. |
| CVE-2022-30451 | 2022-05-11 | An authenticated user could execute code via a SQLi vulnerability in waimairenCMS before version 9.1. |
| CVE-2022-30450 | 2022-05-11 | A Remote Code Execution (RCE) vulnerability exists in waimairen 9.1 via wx.php |
| CVE-2022-30449 | 2022-05-11 | Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in room.php. |
| CVE-2022-29596 | 2022-05-11 | MicroStrategy Enterprise Manager 2022 allows authentication bypass by triggering a login failure and then entering the Uid=/../../../../../../../../../../../windows/win.ini%00.jpg&Pwd=_any_password_&ConnMode=1&3054=Login substring for directory traversal. |
| CVE-2022-29855 | 2022-05-11 | Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016)... |
| CVE-2022-30557 | 2022-05-11 | Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution. |
| CVE-2022-30592 | 2022-05-11 | liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY. |
| CVE-2022-1650 | 2022-05-12 | Improper Removal of Sensitive Information Before Storage or Transfer in eventsource/eventsource |
| CVE-2022-1674 | 2022-05-12 | NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in vim/vim |
| CVE-2022-29885 | 2022-05-12 | EncryptInterceptor does not provide complete protection on insecure networks |
| CVE-2022-30594 | 2022-05-12 | The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. |
| CVE-2022-1681 | 2022-05-12 | Authentication Bypass Using an Alternate Path or Channel in requarks/wiki |
| CVE-2022-1044 | 2022-05-12 | Sensitive Data Exposure Due To Insecure Storage Of Profile Image in polonel/trudesk |
| CVE-2022-1682 | 2022-05-12 | Reflected Xss using url based payload in neorazorx/facturascripts |
| CVE-2022-29927 | 2022-05-12 | In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible |
| CVE-2022-29928 | 2022-05-12 | In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible |
| CVE-2022-29929 | 2022-05-12 | In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible |
| CVE-2022-29930 | 2022-05-12 | SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1. |
| CVE-2022-28872 | 2022-05-12 | Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android |
| CVE-2022-28873 | 2022-05-12 | Multiple Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android |
| CVE-2021-42863 | 2022-05-12 | A buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size. |
| CVE-2022-30525 | 2022-05-12 | A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch... |
| CVE-2022-29984 | 2022-05-12 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=client/view_client&id=. |
| CVE-2022-29983 | 2022-05-12 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/view_invoice&id=. |
| CVE-2022-29982 | 2022-05-12 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/maintenance/manage_service.php?id=. |
| CVE-2022-29980 | 2022-05-12 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=user/manage_user&id=. |
| CVE-2022-29539 | 2022-05-12 | resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to... |
| CVE-2022-29979 | 2022-05-12 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_designation. |
| CVE-2022-29538 | 2022-05-12 | RESI Gemini-Net Web 4.2 is affected by Improper Access Control in authorization logic. An unauthenticated user is able to access some critical resources. |
| CVE-2022-29981 | 2022-05-12 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Users.php?f=delete. |
| CVE-2022-29751 | 2022-05-12 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client. |
| CVE-2022-29750 | 2022-05-12 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service. |
| CVE-2022-29749 | 2022-05-12 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_invoice. |
| CVE-2022-29748 | 2022-05-12 | Simple Client Management System 1.0 is vulnerable to SQL Injection via \cms\admin?page=client/manage_client&id=. |
| CVE-2022-29747 | 2022-05-12 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoice&id= // Leak place ---> id. |
| CVE-2022-29995 | 2022-05-12 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=clients/manage_client&id=. |
| CVE-2022-29994 | 2022-05-12 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=facilities/manage_facility&id=. |
| CVE-2022-29993 | 2022-05-12 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/bookings/view_booking.php?id=. |
| CVE-2022-30279 | 2022-05-12 | An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to... |
| CVE-2022-29992 | 2022-05-12 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/manage_category.php?id=. |
| CVE-2022-29990 | 2022-05-12 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/view_category.php?id=. |
| CVE-2022-29989 | 2022-05-12 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_booking. |
| CVE-2022-29988 | 2022-05-12 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete. |
| CVE-2022-29987 | 2022-05-12 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=user/manage_user&id=. |
| CVE-2022-29986 | 2022-05-12 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_facility. |
| CVE-2022-29985 | 2022-05-12 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_category. |
| CVE-2022-30002 | 2022-05-12 | Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editNominee.php?nominee_id=. |
| CVE-2022-30001 | 2022-05-12 | Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editAgent.php?agent_id=. |
| CVE-2022-30000 | 2022-05-12 | Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editPayment.php?recipt_no=. |
| CVE-2022-29298 | 2022-05-12 | SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal. |
| CVE-2022-29302 | 2022-05-12 | SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp.php. |
| CVE-2022-29303 | 2022-05-12 | SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php. |
| CVE-2022-29999 | 2022-05-12 | Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editClient.php?client_id=. |
| CVE-2022-29998 | 2022-05-12 | Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/clientStatus.php?client_id=. |
| CVE-2022-1699 | 2022-05-12 | Uncontrolled Resource Consumption in causefx/organizr |
| CVE-2022-1698 | 2022-05-12 | Allowing long password leads to denial of service in causefx/organizr |
| CVE-2022-29746 | 2022-05-12 | Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/classes/Users.php?f=delete. |
| CVE-2022-29745 | 2022-05-12 | Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_transaction. |
| CVE-2022-22413 | 2022-05-12 | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add,... |
| CVE-2022-29741 | 2022-05-12 | Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_fee. |
| CVE-2022-29306 | 2022-05-12 | IonizeCMS v1.0.8.1 was discovered to contain a SQL injection vulnerability via the id_page parameter in application/models/article_model.php. |
| CVE-2022-29307 | 2022-05-12 | IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function copy_lang_content in application/models/lang_model.php. |
| CVE-2022-29739 | 2022-05-12 | Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=user/manage_user&id=. |
| CVE-2022-29738 | 2022-05-12 | Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=transaction/send&id=, id. |
| CVE-2022-28919 | 2022-05-12 | HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename. |
| CVE-2022-28920 | 2022-05-12 | Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scripting (XSS) vulnerability via the function strip_tags. |
| CVE-2021-33130 | 2022-05-12 | Insecure default variable initialization of Intel(R) RealSense(TM) ID Solution F450 before version 2.6.0.74 may allow an unauthenticated user to potentially enable information disclosure via physical access. |
| CVE-2022-21131 | 2022-05-12 | Improper access control for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2022-21136 | 2022-05-12 | Improper input validation for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable denial of service via local access. |
| CVE-2021-33135 | 2022-05-12 | Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2021-0193 | 2022-05-12 | Improper authentication in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access. |
| CVE-2021-33108 | 2022-05-12 | Improper input validation in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2021-0194 | 2022-05-12 | Improper access control in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access. |
| CVE-2022-21128 | 2022-05-12 | Insufficient control flow management in the Intel(R) Advisor software before version 7.6.0.37 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-22139 | 2022-05-12 | Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2021-26258 | 2022-05-12 | Improper access control for the Intel(R) Killer(TM) Control Center software before version 2.4.3337.0 may allow an authorized user to potentially enable escalation of privilege via local access. |
| CVE-2022-24382 | 2022-05-12 | Improper input validation in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-24297 | 2022-05-12 | Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-21237 | 2022-05-12 | Improper buffer access in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2021-0126 | 2022-05-12 | Improper input validation for the Intel(R) Manageability Commander before version 2.2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. |
| CVE-2021-33078 | 2022-05-12 | Race condition within a thread in firmware for some Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local... |
| CVE-2021-33077 | 2022-05-12 | Insufficient control flow management in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via... |
| CVE-2021-33080 | 2022-05-12 | Exposure of sensitive system information due to uncleared debug information in firmware for some Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC Products may allow an unauthenticated... |
| CVE-2021-33074 | 2022-05-12 | Protection mechanism failure in firmware for some Intel(R) SSD, Intel(R) SSD DC and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access. |
| CVE-2021-33069 | 2022-05-12 | Improper resource shutdown or release in firmware for some Intel(R) SSD, Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC may allow a privileged user to potentially enable... |
| CVE-2021-33075 | 2022-05-12 | Race condition in firmware for some Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via... |
| CVE-2021-33083 | 2022-05-12 | Improper authentication in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow an privileged user to potentially enable information disclosure... |
| CVE-2021-33082 | 2022-05-12 | Sensitive information in resource not removed before reuse in firmware for some Intel(R) SSD and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via... |
| CVE-2022-0004 | 2022-05-12 | Hardware debug modes and processor INIT setting that allow override of locks for some Intel(R) Processors in Intel(R) Boot Guard and Intel(R) TXT may allow an unauthenticated user to potentially... |
| CVE-2021-33117 | 2022-05-12 | Improper access control for some 3rd Generation Intel(R) Xeon(R) Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access. |
| CVE-2022-0005 | 2022-05-12 | Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access. |
| CVE-2021-33149 | 2022-05-12 | Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. |
| CVE-2022-21151 | 2022-05-12 | Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2021-0153 | 2022-05-12 | Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. |
| CVE-2021-0154 | 2022-05-12 | Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. |