CVE List - 2022 / May
Showing 301 - 400 of 2161 CVEs for May 2022 (Page 4 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-28461 | 2022-05-05 | mingyuefusu Library Management System all versions as of 03-27-2022 is vulnerable to SQL Injection. |
| CVE-2022-28462 | 2022-05-05 | novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability. |
| CVE-2022-28471 | 2022-05-05 | In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to... |
| CVE-2022-29339 | 2022-05-05 | In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2. |
| CVE-2022-29340 | 2022-05-05 | GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit... |
| CVE-2021-42183 | 2022-05-05 | MasaCMS 7.2.1 is affected by a path traversal vulnerability in /index.cfm/_api/asset/image/. |
| CVE-2022-1464 | 2022-05-05 | Stored xss bug in gogs/gogs |
| CVE-2022-1516 | 2022-05-05 | A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet... |
| CVE-2021-38439 | 2022-05-05 | GurumDDS Heap-based Buffer Overflow |
| CVE-2021-38441 | 2022-05-05 | Eclipse CycloneDDS Write-what-where Condition |
| CVE-2021-38443 | 2022-05-05 | Eclipse CycloneDDS Improper Handling of Syntactically Invalid Structure |
| CVE-2021-38445 | 2022-05-05 | OCI OpenDDS Secure Improper Handling of Length Parameter Inconsistency |
| CVE-2021-38447 | 2022-05-05 | OCI OpenDDS Secure Amplification |
| CVE-2021-38487 | 2022-05-05 | Potential Network Amplification and Information Exposure in RTI Connext Professional and Connext Micro |
| CVE-2021-43547 | 2022-05-05 | TwinOaks Computing CoreDX DDS Secure Network Amplification |
| CVE-2021-38423 | 2022-05-05 | GurumDDS Heap-based Incorrect Calculation of Buffer Size |
| CVE-2021-38425 | 2022-05-05 | eProsima Fast DDS Network Amplification |
| CVE-2021-38427 | 2022-05-05 | RTI Connext DDS Professional and Connext DDS Secure Stack-based Buffer Overflow |
| CVE-2021-38429 | 2022-05-05 | OCI OpenDDS Secure Network Amplification |
| CVE-2021-38433 | 2022-05-05 | RTI Connext DDS Professional and Connext DDS Secure Stack-based Buffer Overflow |
| CVE-2021-38435 | 2022-05-05 | RTI Connext DDS Professional and Connext DDS Secure Incorrect Calculation of Buffer Size |
| CVE-2022-28079 | 2022-05-05 | College Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code parameter. |
| CVE-2022-29592 | 2022-05-05 | Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_route (called by doSystemCmd_route). |
| CVE-2021-39020 | 2022-05-05 | IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server... |
| CVE-2022-22415 | 2022-05-05 | A vulnerability exists where an IBM Robotic Process Automation 21.0.1 regular user is able to obtain view-only access to some admin pages in the Control Center IBM X-Force ID: 223029. |
| CVE-2022-28606 | 2022-05-05 | An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server. |
| CVE-2022-22433 | 2022-05-05 | IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce... |
| CVE-2022-22434 | 2022-05-05 | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with physical access to create an API request modified to create additional objects. IBM X-Force ID: 224159. |
| CVE-2022-28120 | 2022-05-05 | Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control... |
| CVE-2022-26835 | 2022-05-05 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x,... |
| CVE-2022-26890 | 2022-05-05 | On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1.2.1, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when... |
| CVE-2022-28080 | 2022-05-05 | Royal Event Management System v1.0 was discovered to contain a SQL injection vulnerability via the todate parameter. |
| CVE-2022-27181 | 2022-05-05 | On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and... |
| CVE-2022-27182 | 2022-05-05 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, when BIG-IP packet filters are enabled and a virtual server is... |
| CVE-2022-27189 | 2022-05-05 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x,... |
| CVE-2022-27230 | 2022-05-05 | On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a reflected cross-site scripting... |
| CVE-2022-27495 | 2022-05-05 | On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. Note: Software versions which have reached End of Technical Support... |
| CVE-2022-27634 | 2022-05-05 | On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, BIG-IP APM does not properly validate configurations, allowing an authenticated attacker with high privileges to manipulate the APM... |
| CVE-2022-27636 | 2022-05-05 | On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and... |
| CVE-2022-29502 | 2022-05-05 | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges. |
| CVE-2022-29501 | 2022-05-05 | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. |
| CVE-2022-29500 | 2022-05-05 | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. |
| CVE-2022-27659 | 2022-05-05 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, an authenticated attacker can modify or delete Dashboards created by other... |
| CVE-2022-1388 | 2022-05-05 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed... |
| CVE-2022-1389 | 2022-05-05 | On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP (fixed in 17.0.0), a cross-site request forgery (CSRF) vulnerability exists in an undisclosed page of the... |
| CVE-2022-1468 | 2022-05-05 | On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x on F5 BIG-IP, an authenticated iControl REST user with at least guest role privileges can cause processing delays... |
| CVE-2022-25946 | 2022-05-05 | On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0,... |
| CVE-2022-25990 | 2022-05-05 | On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
| CVE-2022-26071 | 2022-05-05 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x,... |
| CVE-2022-28533 | 2022-05-05 | Sourcecodester Medical Hub Directory Site 1.0 is vulnerable to SQL Injection via /mhds/clinic/view_details.php. |
| CVE-2022-26130 | 2022-05-05 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an Active mode-enabled FTP profile... |
| CVE-2022-26340 | 2022-05-05 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x,... |
| CVE-2022-26370 | 2022-05-05 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, and 14.1.x versions prior to 14.1.4.6, when a Session Initiation Protocol (SIP) message routing framework (MRF) application... |
| CVE-2022-26372 | 2022-05-05 | On F5 BIG-IP 15.1.x versions prior to 15.1.0.2, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when a DNS listener is... |
| CVE-2022-26415 | 2022-05-05 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x, when running... |
| CVE-2022-26517 | 2022-05-05 | On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when the BIG-IP CGNAT Large Scale NAT (LSN) pool is configured... |
| CVE-2022-27662 | 2022-05-05 | On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC... |
| CVE-2022-27806 | 2022-05-05 | On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0,... |
| CVE-2022-27875 | 2022-05-05 | On F5 Access for Android 3.x versions prior to 3.0.8, a Task Hijacking vulnerability exists in the F5 Access for Android application, which may allow an attacker to steal sensitive... |
| CVE-2022-27878 | 2022-05-05 | On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a stored cross-site scripting (XSS)... |
| CVE-2022-27880 | 2022-05-05 | On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the Traffix SDC... |
| CVE-2022-28691 | 2022-05-05 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when a Real Time Streaming Protocol... |
| CVE-2022-28695 | 2022-05-05 | On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, an authenticated attacker with high... |
| CVE-2022-28701 | 2022-05-05 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, when the stream profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software... |
| CVE-2022-28705 | 2022-05-05 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, on platforms with an ePVA and... |
| CVE-2022-28706 | 2022-05-05 | On F5 BIG-IP 16.1.x versions prior to 16.1.2 and 15.1.x versions prior to 15.1.5.1, when the DNS resolver configuration is used, undisclosed requests can cause the Traffic Management Microkernel (TMM)... |
| CVE-2022-28707 | 2022-05-05 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page... |
| CVE-2022-28708 | 2022-05-05 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, when a BIG-IP DNS resolver-enabled, HTTP-Explicit or SOCKS profile is configured on a virtual server, an... |
| CVE-2022-28714 | 2022-05-05 | On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and... |
| CVE-2022-28716 | 2022-05-05 | On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x 11.6.x, a DOM-based cross-site... |
| CVE-2022-28859 | 2022-05-05 | On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions prior to 14.1.4.6, when installing Net HSM, the scripts (nethsm-safenet-install.sh and nethsm-thales-install.sh) expose the Net HSM partition password. Note:... |
| CVE-2022-28530 | 2022-05-05 | Sourcecodester Covid-19 Directory on Vaccination System 1.0 is vulnerable to SQL Injection via cmdcategory. |
| CVE-2022-29263 | 2022-05-05 | On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and... |
| CVE-2022-29473 | 2022-05-05 | On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an IPSec ALG profile is configured on a virtual server,... |
| CVE-2022-29474 | 2022-05-05 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x,... |
| CVE-2022-29479 | 2022-05-05 | On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management... |
| CVE-2022-29480 | 2022-05-05 | On F5 BIG-IP 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when multiple route domains are configured, undisclosed requests to big3d can cause an increase in... |
| CVE-2022-29491 | 2022-05-05 | On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x,... |
| CVE-2021-38693 | 2022-05-05 | Path Traversal in thttpd |
| CVE-2021-44051 | 2022-05-05 | Command injection |
| CVE-2021-44052 | 2022-05-05 | Arbitrary file read |
| CVE-2021-44053 | 2022-05-05 | Reflected XSS |
| CVE-2021-44054 | 2022-05-05 | Open redirect |
| CVE-2021-44055 | 2022-05-05 | Information leakage in Video Station |
| CVE-2021-44056 | 2022-05-05 | Improper authentication in Video Station |
| CVE-2021-44057 | 2022-05-05 | Improper authentication in Photo Station |
| CVE-2022-27588 | 2022-05-05 | Vulnerability in QVR |
| CVE-2022-28584 | 2022-05-05 | It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully... |
| CVE-2022-28575 | 2022-05-05 | It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed... |
| CVE-2022-28577 | 2022-05-05 | It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully... |
| CVE-2022-25989 | 2022-05-05 | An authentication bypass vulnerability exists in the libxm_av.so getpeermac() functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted DHCP packet can lead to authentication bypass. An attacker can DHCP poison... |
| CVE-2022-26073 | 2022-05-05 | A denial of service vulnerability exists in the libxm_av.so DemuxCmdInBuffer functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to a device reboot. An... |
| CVE-2022-28578 | 2022-05-05 | It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully... |
| CVE-2022-28579 | 2022-05-05 | It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully... |
| CVE-2022-28580 | 2022-05-05 | It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully... |
| CVE-2022-28581 | 2022-05-05 | It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully... |
| CVE-2022-28582 | 2022-05-05 | It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully... |
| CVE-2022-28583 | 2022-05-05 | It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully... |
| CVE-2021-25267 | 2022-05-05 | Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA. |
| CVE-2021-25268 | 2022-05-05 | Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA. |