CVE List - 2022 / June
Showing 1201 - 1300 of 2149 CVEs for June 2022 (Page 13 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-30179 | 2022-06-15 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability |
| CVE-2022-30180 | 2022-06-15 | Azure RTOS GUIX Studio Information Disclosure Vulnerability |
| CVE-2022-30184 | 2022-06-15 | .NET and Visual Studio Information Disclosure Vulnerability |
| CVE-2022-30188 | 2022-06-15 | HEVC Video Extensions Remote Code Execution Vulnerability |
| CVE-2022-30189 | 2022-06-15 | Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability |
| CVE-2022-30193 | 2022-06-15 | AV1 Video Extension Remote Code Execution Vulnerability |
| CVE-2022-31072 | 2022-06-15 | Octokit gem published with world-writable files |
| CVE-2022-31071 | 2022-06-15 | Octopoller gem published with world-writable files |
| CVE-2022-31291 | 2022-06-16 | An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets. |
| CVE-2022-32545 | 2022-06-16 | A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to... |
| CVE-2022-32546 | 2022-06-16 | A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to... |
| CVE-2022-32547 | 2022-06-16 | In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or... |
| CVE-2022-2085 | 2022-06-16 | A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies... |
| CVE-2022-30533 | 2022-06-16 | Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors. |
| CVE-2022-30538 | 2022-06-16 | Out-of-bounds write vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code... |
| CVE-2022-30546 | 2022-06-16 | Out-of-bounds read vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code... |
| CVE-2022-30549 | 2022-06-16 | Out-of-bounds read vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a... |
| CVE-2022-31625 | 2022-06-16 | Freeing unallocated memory in php_pgsql_free_params() |
| CVE-2022-31626 | 2022-06-16 | mysqlnd/pdo password buffer overflow |
| CVE-2017-20051 | 2022-06-16 | InnoSetup Installer uncontrolled search path |
| CVE-2017-20052 | 2022-06-16 | Python pgAdmin4 uncontrolled search path |
| CVE-2021-41458 | 2022-06-16 | In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability. |
| CVE-2021-41402 | 2022-06-16 | flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user execute arbitrary PHP code. |
| CVE-2022-2098 | 2022-06-16 | Weak Password Requirements in kromitgmbh/titra |
| CVE-2021-41411 | 2022-06-16 | drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability. |
| CVE-2021-41654 | 2022-06-16 | SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php |
| CVE-2017-20053 | 2022-06-16 | XYZScripts Contact Form Manager Plugin cross-site request forgery |
| CVE-2017-20054 | 2022-06-16 | XYZScripts Contact Form Manager Plugin cross site scriting |
| CVE-2017-20055 | 2022-06-16 | BestWebSoft Contact Form Plugin Stored cross site scriting |
| CVE-2017-20056 | 2022-06-16 | weblizar User Login Log Plugin Stored cross site scriting |
| CVE-2022-31372 | 2022-06-16 | Wiris Mathtype v7.28.0 was discovered to contain a path traversal vulnerability in the resourceFile parameter. This vulnerability is exploited via a crafted request to the resource handler. |
| CVE-2022-31300 | 2022-06-16 | A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. |
| CVE-2022-30023 | 2022-06-16 | Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function. |
| CVE-2022-31906 | 2022-06-16 | Online Fire Reporting System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ofrs/classes/Master.php. |
| CVE-2022-31908 | 2022-06-16 | Student Registration and Fee Payment System v1.0 is vulnerable to SQL Injection via /scms/student.php. |
| CVE-2022-31277 | 2022-06-16 | Xiaomi Lamp 1 v2.0.4_0066 was discovered to be vulnerable to replay attacks. This allows attackers to to bypass the expected access restrictions and gain control of the switch and other... |
| CVE-2022-31849 | 2022-06-16 | MERCURY MIPC451-4 1.0.22 Build 220105 Rel.55642n was discovered to contain a remote code execution (RCE) vulnerability which is exploitable via a crafted POST request. |
| CVE-2022-31910 | 2022-06-16 | Online Tutor Portal Site v1.0 is vulnerable to Cross Site Scripting (XSS). via /otps/classes/Master.php. |
| CVE-2022-31911 | 2022-06-16 | Online Discussion Forum Site v1.0 is vulnerable to SQL Injection via /odfs/classes/Master.php?f=delete_team. |
| CVE-2022-31912 | 2022-06-16 | Online Tutor Portal Site v1.0 is vulnerable to SQL Injection via /otps/classes/Master.php?f=delete_team. |
| CVE-2022-31913 | 2022-06-16 | Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /odfs/classes/Master.php?f=save_category, name. |
| CVE-2022-31914 | 2022-06-16 | Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via zms/admin/public_html/save_animal?an_id=24. |
| CVE-2022-27531 | 2022-06-16 | A maliciously crafted TIF file can be forced to read beyond allocated boundaries in Autodesk 3ds Max 2022, and 2021 when parsing the TIF files. This vulnerability in conjunction with... |
| CVE-2022-27532 | 2022-06-16 | A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the allocated buffer while parsing TIF files. This vulnerability in conjunction with... |
| CVE-2022-22953 | 2022-06-16 | VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information. |
| CVE-2021-3675 | 2022-06-16 | synaTEE.signed.dll Out-Of-Bounds Heap Write |
| CVE-2022-31384 | 2022-06-16 | Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php. |
| CVE-2022-1642 | 2022-06-16 | A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producing a JSON document containing a type mismatch. This vulnerability is caused... |
| CVE-2022-31383 | 2022-06-16 | Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php. |
| CVE-2021-41420 | 2022-06-16 | A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary JavaScript code execution in the context of authenticated and unauthenticated users through the MaianAffiliate admin panel. |
| CVE-2022-31382 | 2022-06-16 | Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php. |
| CVE-2022-29865 | 2022-06-16 | OPC UA .NET Standard Stack allows a remote attacker to bypass the application authentication check via crafted fake credentials. |
| CVE-2021-41421 | 2022-06-16 | A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain RCE through the MaianAffiliate admin panel. |
| CVE-2022-31298 | 2022-06-16 | A cross-site scripting vulnerability in the ads comment section of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. |
| CVE-2022-30670 | 2022-06-16 | Escalate Privileges to Server Admin - Robohelp Server |
| CVE-2022-30658 | 2022-06-16 | Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2022-30659 | 2022-06-16 | Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-30660 | 2022-06-16 | Adobe InDesign PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-30661 | 2022-06-16 | Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2022-30662 | 2022-06-16 | Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-30663 | 2022-06-16 | Adobe InDesign SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-29862 | 2022-06-16 | An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message. |
| CVE-2022-30665 | 2022-06-16 | Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-30650 | 2022-06-16 | Adobe InCopy Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2022-30651 | 2022-06-16 | Adobe InCopy Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2022-30652 | 2022-06-16 | Adobe InCopy SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-30653 | 2022-06-16 | Adobe InCopy Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-29864 | 2022-06-16 | OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large number of messages that trigger Uncontrolled Resource Consumption. |
| CVE-2022-30654 | 2022-06-16 | Adobe InCopy Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2022-30655 | 2022-06-16 | Adobe InCopy Font Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2022-30656 | 2022-06-16 | Adobe InCopy PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-30657 | 2022-06-16 | Adobe InCopy Font Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2022-30664 | 2022-06-16 | Adobe Animate SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-29863 | 2022-06-16 | OPC UA .NET Standard Stack 1.04.368 allows remote attacker to cause a crash via a crafted message that triggers excessive memory allocation. |
| CVE-2021-36827 | 2022-06-16 | WordPress Ninja Forms Contact Form plugin <= 3.6.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-31301 | 2022-06-16 | Haraj v3.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Post Ads component. |
| CVE-2021-41487 | 2022-06-16 | NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'. |
| CVE-2022-29866 | 2022-06-16 | OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to exhaust the memory resources of a server via a crafted request that triggers Uncontrolled Resource Consumption. |
| CVE-2022-31294 | 2022-06-16 | An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts. |
| CVE-2022-31464 | 2022-06-16 | Insecure permissions configuration in Adaware Protect v1.2.439.4251 allows attackers to escalate privileges via changing the service binary path. |
| CVE-2020-35597 | 2022-06-16 | Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php. |
| CVE-2022-24562 | 2022-06-16 | In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's... |
| CVE-2022-27511 | 2022-06-16 | Corruption of the system by a remote, unauthenticated user potentially leading to the reset of the administrator password |
| CVE-2022-27512 | 2022-06-16 | Temporary disruption of the ADM license service |
| CVE-2022-31295 | 2022-06-16 | An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts. |
| CVE-2021-33295 | 2022-06-16 | Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html. |
| CVE-2020-28865 | 2022-06-16 | An issue was discovered in PowerJob through 3.2.2, allows attackers to change arbitrary user passwords via the id parameter to /appinfo/save. |
| CVE-2021-36609 | 2022-06-16 | Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php. |
| CVE-2021-37764 | 2022-06-16 | Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/manufacturers.php. |
| CVE-2021-46820 | 2022-06-16 | Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/categories.php |
| CVE-2021-36608 | 2022-06-16 | Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /projects/editproject.php. |
| CVE-2020-25459 | 2022-06-16 | An issue was discovered in function sync_tree in hetero_decision_tree_guest.py in WeBank FATE (Federated AI Technology Enabler) 0.1 through 1.4.2 allows attackers to read sensitive information during the training process of... |
| CVE-2022-33750 | 2022-06-16 | CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands. |
| CVE-2022-33751 | 2022-06-16 | CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data. |
| CVE-2022-33752 | 2022-06-16 | CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code. |
| CVE-2022-33753 | 2022-06-16 | CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges. |
| CVE-2022-31299 | 2022-06-16 | Haraj v3.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the User Upgrade Form. |
| CVE-2022-33754 | 2022-06-16 | CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code. |
| CVE-2022-33755 | 2022-06-16 | CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users. |
| CVE-2022-33756 | 2022-06-16 | CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data. |