| CVE-2022-41482 | Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47c5dc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | high |
| CVE-2022-41481 | Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47de1c function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | high |
| CVE-2022-41480 | Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x475dc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | high |
| CVE-2022-41479 | The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References (IDOR) vulnerability which allows attackers to access the application source code. NOTE: the vendor disputes this because the retrieved source code is only the DevExpress client-side application code that is, of course, intentionally readable by web browsers (a site's custom code and data is never accessible via an IDOR approach). | high |
| CVE-2022-41475 | RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account. | high |
| CVE-2022-41474 | RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account. | medium |
| CVE-2022-41473 | RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Search function. | medium |
| CVE-2022-41403 | OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter. | critical |
| CVE-2022-41391 | OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php. | critical |
| CVE-2022-41390 | OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php. | critical |
| CVE-2022-41351 | In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string (instead of default value of 10). | medium |
| CVE-2022-41350 | In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine. | medium |
| CVE-2022-41349 | In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine. | medium |
| CVE-2022-41348 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via the onerror attribute of an IMG element, leading to information disclosure. | medium |
| CVE-2022-41316 | HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10. | medium |
| CVE-2022-41199 | Due to lack of proper memory management, when a victim opens a manipulated Open Inventor File (.iv, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | high |
| CVE-2022-40871 | Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval. | critical |
| CVE-2022-40664 | Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher. | critical |
| CVE-2022-40469 | iKuai OS v3.6.7 was discovered to contain an authenticated remote code execution (RCE) vulnerability. | high |
| CVE-2022-40187 | Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled. This service listens on a TCP port on all interfaces and allows for process debugging, file system modification, and terminal access as the root user. In conjunction with a hosted wireless access point and the known passphrase of FSSPORTS, an attacker could use this service to modify a device and steal intellectual property. | high |
| CVE-2022-39120 | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | medium |
| CVE-2022-39117 | In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | medium |
| CVE-2022-39115 | In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. | medium |
| CVE-2022-39114 | In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. | medium |
| CVE-2022-39113 | In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. | medium |
| CVE-2022-39112 | In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. | medium |
| CVE-2022-39111 | In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. | high |
| CVE-2022-39110 | In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. | high |
| CVE-2022-39109 | In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. | high |
| CVE-2022-39108 | In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. | high |
| CVE-2022-39107 | In Soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in Soundrecorder service with no additional execution privileges needed. | high |
| CVE-2022-39105 | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | medium |
| CVE-2022-39103 | In Gallery service, there is a missing permission check. This could lead to local denial of service in Gallery service with no additional execution privileges needed. | medium |
| CVE-2022-39080 | In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. | high |
| CVE-2022-39065 | A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI gateway unresponsive, such that connected lighting cannot be controlled with the IKEA Home Smart app and TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score: 6.5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | medium |
| CVE-2022-39064 | An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score 7.1 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H | high |
| CVE-2022-39011 | The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module. | high |
| CVE-2022-38998 | The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality. | high |
| CVE-2022-38986 | The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering, affecting device confidentiality and availability. | critical |
| CVE-2022-38985 | The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality. | high |
| CVE-2022-38984 | The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality. | high |
| CVE-2022-38983 | The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution. | critical |
| CVE-2022-38982 | The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked. | critical |
| CVE-2022-38981 | The HwAirlink module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause information leakage. | high |
| CVE-2022-38980 | The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions. | critical |
| CVE-2022-38977 | The HwAirlink module has a heap overflow vulnerability.Successful exploitation of this vulnerability may cause out-of-bounds writes, resulting in modification of sensitive data. | high |
| CVE-2022-38902 | A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic. | medium |
| CVE-2022-38698 | In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. | high |
| CVE-2022-38697 | In messaging service, there is a missing permission check. This could lead to access unexpected provider in contacts service with no additional execution privileges needed. | medium |
| CVE-2022-38690 | In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. | medium |
