Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2022-29398 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN_0041309c. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29397 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004196c8. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29396 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418f10. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29395 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the apcliKey parameter in the function FUN_0041bac4. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29394 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macAddress parameter in the function FUN_0041b448. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29393 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004192cc. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30815 elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar= | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29392 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418c24. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29556 The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant acti... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29904 The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-23676 A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29906 The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29391 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004200c8. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-1531 SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint_2022-04-20 . This vulnerability is critical as it can lead to remote code execu... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30500 Jfinal cms 5.1.0 is vulnerable to SQL Injection. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29329 D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29328 D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack overflow via the function checkvalidupgrade. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-44596 Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29327 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28452 Red Planet Laundry Management System 1.0 is vulnerable to SQL Injection. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29326 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29325 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29324 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29323 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29322 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29321 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28915 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28913 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28912 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28911 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28910 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28909 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28908 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28907 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28906 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30477 Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetClientState request. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28480 ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.exe. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28994 Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28905 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28901 A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30476 Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28896 A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28895 A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29591 Tenda TX9 Pro 22.03.02.10 devices have a SetNetControlList buffer overflow. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-43094 An SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition <=2.11 and Platform Standalone Edition <=2.4.0 via GET requests on arbitrary parameters in patient.page. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30474 Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a heap overflow in the httpd module when handling /goform/saveParentControlInfo request. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30335 Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28110 Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28481 CSV-Safe gem < 3.0.0 doesn't filter out special characters which could trigger CSV Injection. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28738 A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to u... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.