CVE List - 2022 / June
Showing 1 - 100 of 2149 CVEs for June 2022 (Page 1 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-27774 | 2022-06-01 | An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used... |
| CVE-2022-27775 | 2022-06-01 | An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id... |
| CVE-2022-27776 | 2022-06-01 | A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. |
| CVE-2022-27779 | 2022-06-01 | libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's... |
| CVE-2022-27780 | 2022-06-01 | The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it... |
| CVE-2022-27781 | 2022-06-01 | libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS... |
| CVE-2022-27782 | 2022-06-01 | libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool... |
| CVE-2022-30115 | 2022-06-01 | Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be... |
| CVE-2022-30490 | 2022-06-01 | Badminton Center Management System V1.0 is vulnerable to SQL Injection via parameter 'id' in /bcms/admin/court_rentals/update_status.php. |
| CVE-2021-44080 | 2022-06-01 | A Command Injection vulnerability in httpd web server (setup.cgi) in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connection_type... |
| CVE-2022-32202 | 2022-06-01 | In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp. |
| CVE-2022-32201 | 2022-06-01 | In libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp. |
| CVE-2022-32200 | 2022-06-01 | libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c. |
| CVE-2022-1285 | 2022-06-01 | Server-Side Request Forgery (SSRF) in gogs/gogs |
| CVE-2022-29875 | 2022-06-01 | A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions... |
| CVE-2022-26971 | 2022-06-01 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication. |
| CVE-2022-26972 | 2022-06-01 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to... |
| CVE-2022-26973 | 2022-06-01 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned... |
| CVE-2022-26974 | 2022-06-01 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads... |
| CVE-2022-26975 | 2022-06-01 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication. |
| CVE-2022-26976 | 2022-06-01 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism... |
| CVE-2022-26977 | 2022-06-01 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism... |
| CVE-2022-26978 | 2022-06-01 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to... |
| CVE-2022-29776 | 2022-06-01 | Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp. |
| CVE-2022-29777 | 2022-06-01 | Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h. |
| CVE-2022-31340 | 2022-06-01 | Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/table_edit_ajax.php. |
| CVE-2022-31339 | 2022-06-01 | Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/login.php. |
| CVE-2022-31354 | 2022-06-01 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=get_vehicle_service. |
| CVE-2022-31353 | 2022-06-01 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=. |
| CVE-2022-31352 | 2022-06-01 | Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_service.php?id=. |
| CVE-2022-31351 | 2022-06-01 | Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_price.php?id=. |
| CVE-2022-31350 | 2022-06-01 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=. |
| CVE-2022-31348 | 2022-06-01 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/bookings/update_status.php?id=. |
| CVE-2022-31347 | 2022-06-01 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle. |
| CVE-2022-31346 | 2022-06-01 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service. |
| CVE-2022-31345 | 2022-06-01 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=user/manage_user&id=. |
| CVE-2022-31344 | 2022-06-01 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_booking. |
| CVE-2022-27184 | 2022-06-01 | Horner Automation Cscape Csfont |
| CVE-2022-31343 | 2022-06-01 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/view_details&id=. |
| CVE-2022-28690 | 2022-06-01 | Horner Automation Cscape Csfont |
| CVE-2022-29488 | 2022-06-01 | Horner Automation Cscape Csfont |
| CVE-2022-31342 | 2022-06-01 | Online Car Wash Booking System v1.0 is vulnerable to Delete any file via /ocwbs/classes/Master.php?f=delete_img. |
| CVE-2022-30540 | 2022-06-01 | Horner Automation Cscape Csfont |
| CVE-2022-23236 | 2022-06-01 | E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users. |
| CVE-2022-23237 | 2022-06-01 | E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host header injection attacks that could allow an attacker to redirect users to malicious websites. |
| CVE-2020-26184 | 2022-06-01 | Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation vulnerability. |
| CVE-2020-26185 | 2022-06-01 | Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability. |
| CVE-2022-29098 | 2022-06-01 | Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading... |
| CVE-2022-30470 | 2022-06-01 | In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user. |
| CVE-2021-34083 | 2022-06-01 | Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option... |
| CVE-2021-34084 | 2022-06-01 | OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function. |
| CVE-2021-34082 | 2022-06-01 | OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix function. |
| CVE-2021-34081 | 2022-06-01 | OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target git repository. |
| CVE-2021-34080 | 2022-06-01 | OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions. |
| CVE-2021-34078 | 2022-06-01 | lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file. |
| CVE-2021-34079 | 2022-06-01 | OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file. |
| CVE-2021-33254 | 2022-06-01 | An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function. |
| CVE-2020-20971 | 2022-06-01 | Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index. |
| CVE-2021-26633 | 2022-06-01 | Maxboard SQL injection and LFI vulnerability |
| CVE-2021-26634 | 2022-06-01 | Maxboard multiple vulnerabilities |
| CVE-2021-26635 | 2022-06-01 | Bandisoft ARK Library buffer overflow vulnerability |
| CVE-2022-1949 | 2022-06-01 | An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is... |
| CVE-2021-27914 | 2022-06-01 | A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript |
| CVE-2022-31965 | 2022-06-01 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/respondent_types/manage_respondent_type.php?id=. |
| CVE-2022-31964 | 2022-06-01 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/respondent_types/view_respondent_type.php?id=. |
| CVE-2022-31962 | 2022-06-01 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/view_incident.php?id=. |
| CVE-2022-31961 | 2022-06-01 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/manage_incident.php?id=. |
| CVE-2022-31959 | 2022-06-01 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/teams/manage_team.php?id=. |
| CVE-2022-31957 | 2022-06-01 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/teams/view_team.php?id=. |
| CVE-2022-31956 | 2022-06-01 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/manage_report.php?id=. |
| CVE-2022-31953 | 2022-06-01 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/view_report.php?id=. |
| CVE-2022-31952 | 2022-06-01 | Rescue Dispatch Management System v1.0 is vulnerable to SQL injection via /rdms/classes/Master.php?f=delete_incident. |
| CVE-2022-31951 | 2022-06-01 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_respondent_type. |
| CVE-2022-31948 | 2022-06-01 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_report. |
| CVE-2022-31946 | 2022-06-01 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_team. |
| CVE-2022-31945 | 2022-06-01 | Rescue Dispatch Management System v1.0 is vulnerable to Delete any file via /rdms/classes/Master.php?f=delete_img. |
| CVE-2022-22767 | 2022-06-01 | BD Pyxis™ Products – Default Credentials |
| CVE-2022-30277 | 2022-06-01 | BD Synapsys™ – Insufficient Session Expiration |
| CVE-2021-43306 | 2022-06-01 | Exponential ReDoS in jquery-validation |
| CVE-2021-43307 | 2022-06-01 | Exponential ReDoS in semver-regex |
| CVE-2021-43308 | 2022-06-01 | Exponential ReDoS in markdown-link-extractor |
| CVE-2022-1929 | 2022-06-01 | Exponential ReDoS in devcert |
| CVE-2022-29659 | 2022-06-01 | Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php. |
| CVE-2022-24848 | 2022-06-01 | SQL Injection in DHIS2's in OrgUnit program association |
| CVE-2022-31000 | 2022-06-01 | CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend |
| CVE-2022-31971 | 2022-06-01 | ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/view_response&id=. |
| CVE-2022-31970 | 2022-06-01 | ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/manage_response&id=. |
| CVE-2022-31969 | 2022-06-01 | ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=user/manage_user&id=. |
| CVE-2022-31966 | 2022-06-01 | ChatBot App with Suggestion v1.0 is vulnerable to Delete any file via /simple_chat_bot/classes/Master.php?f=delete_img. |
| CVE-2022-31984 | 2022-06-01 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_action.php?id=. |
| CVE-2022-31983 | 2022-06-01 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/manage_request&id=. |
| CVE-2022-31982 | 2022-06-01 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=. |
| CVE-2022-31981 | 2022-06-01 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/view_team&id=. |
| CVE-2022-31980 | 2022-06-01 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manage_team&id=. |
| CVE-2022-31978 | 2022-06-01 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_inquiry. |
| CVE-2022-31977 | 2022-06-01 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team. |
| CVE-2022-31976 | 2022-06-01 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request. |
| CVE-2022-31975 | 2022-06-01 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_user&id=. |
| CVE-2022-31974 | 2022-06-01 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=. |
| CVE-2022-31973 | 2022-06-01 | Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=delete_img. |