CVE List - 2022 / June
Showing 1301 - 1400 of 2149 CVEs for June 2022 (Page 14 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-33739 | 2022-06-16 | CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system. |
| CVE-2018-18907 | 2022-06-16 | An issue was discovered on D-Link DIR-850L 1.21WW devices. A partially completed WPA handshake is sufficient for obtaining full access to the wireless network. A client can access the network... |
| CVE-2022-26173 | 2022-06-16 | JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which allows attackers to arbitrarily add admin accounts. |
| CVE-2022-30325 | 2022-06-16 | An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits.... |
| CVE-2022-30326 | 2022-06-16 | An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The network pre-shared key field on the web interface is vulnerable to XSS. An attacker can use a simple XSS... |
| CVE-2022-30327 | 2022-06-16 | An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The web interface is vulnerable to CSRF. An attacker can change the pre-shared key of the Wi-Fi router if the... |
| CVE-2022-30328 | 2022-06-16 | An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The username and password setup for the web interface does not require entering the existing password. A malicious user can... |
| CVE-2022-30329 | 2022-06-16 | An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. An OS injection vulnerability exists within the web interface, allowing an attacker with valid credentials to execute arbitrary shell commands. |
| CVE-2018-25040 | 2022-06-17 | uTorrent Web HTTP RPC Server privileges management |
| CVE-2018-25041 | 2022-06-17 | uTorrent JSON RPC Server privileges management |
| CVE-2018-25042 | 2022-06-17 | uTorrent memory corruption |
| CVE-2018-25043 | 2022-06-17 | uTorrent PRNG improper authentication |
| CVE-2018-25044 | 2022-06-17 | uTorrent Guest Account privileges management |
| CVE-2022-33912 | 2022-06-17 | A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped... |
| CVE-2022-33915 | 2022-06-17 | Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. This Hotpatch package is not... |
| CVE-2021-41408 | 2022-06-17 | VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter. |
| CVE-2022-2111 | 2022-06-17 | Unrestricted Upload of File with Dangerous Type in inventree/inventree |
| CVE-2022-2112 | 2022-06-17 | Improper Neutralization of Formula Elements in a CSV File in inventree/inventree |
| CVE-2022-2113 | 2022-06-17 | Cross-site Scripting (XSS) - Stored in inventree/inventree |
| CVE-2021-41490 | 2022-06-17 | Memory leaks in LazyPRM.cpp of OMPL v1.5.0 can cause unexpected behavior. |
| CVE-2022-32276 | 2022-06-17 | Grafana 8.4.3 allows unauthenticated access via (for example) a /dashboard/snapshot/*?orgId=0 URI. NOTE: the vendor considers this a UI bug, not a vulnerability |
| CVE-2022-31784 | 2022-06-17 | A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (that has network access to... |
| CVE-2021-45024 | 2022-06-17 | ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity (XXE). |
| CVE-2021-45025 | 2022-06-17 | ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cleartext Storage of Sensitive Information in a Cookie. |
| CVE-2021-45026 | 2022-06-17 | ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2019-12359 | 2022-06-17 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/ztliuyan_sendmail.php (when the attacker has admin authority) via the id parameter. |
| CVE-2019-12358 | 2022-06-17 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendsms.php (when the attacker has dls_print authority) via a dlid cookie. |
| CVE-2019-12357 | 2022-06-17 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/deluser.php (when the attacker has admin authority) via the id parameter. |
| CVE-2019-12356 | 2022-06-17 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_download.php (when the attacker has dls_download authority) via the id parameter. |
| CVE-2019-12355 | 2022-06-17 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_print.php (when the attacker has dls_print authority) via the id parameter. |
| CVE-2019-12354 | 2022-06-17 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/showbad.php (when the attacker has admin authority) via the id parameter. |
| CVE-2019-12353 | 2022-06-17 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/dl_sendmail.php (when the attacker has admin authority) via the id parameter. |
| CVE-2019-12352 | 2022-06-17 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendmail.php (when the attacker has dls_print authority) via a dlid cookie. |
| CVE-2022-31296 | 2022-06-17 | Online Discussion Forum Site 1 was discovered to contain a blind SQL injection vulnerability via the component /odfs/posts/view_post.php. |
| CVE-2020-36547 | 2022-06-17 | GE Voluson S8 Service Browser hard-coded credentials |
| CVE-2020-36548 | 2022-06-17 | GE Voluson S8 Service Browser users.cgi improper authentication |
| CVE-2020-36549 | 2022-06-17 | GE Voluson S8 Windows Operating System Patches privileges management |
| CVE-2022-31356 | 2022-06-17 | Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/store/index.php?view=edit&id=. |
| CVE-2022-31357 | 2022-06-17 | Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/inventory/index.php?view=edit&id=. |
| CVE-2022-31355 | 2022-06-17 | Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/index.php?q=category&search=. |
| CVE-2022-31246 | 2022-06-17 | paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request (e.g., within QR code data). On Windows, this can lead to capture of... |
| CVE-2021-40903 | 2022-06-17 | A vulnerability in Antminer Monitor 0.50.0 exists because of backdoor or misconfiguration inside a settings file in flask server. Settings file has a predefined secret string, which would be randomly... |
| CVE-2022-32444 | 2022-06-17 | An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php. |
| CVE-2022-22485 | 2022-06-17 | In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the... |
| CVE-2022-30607 | 2022-06-17 | IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain sensitive information due to information properly masked in the control... |
| CVE-2022-32442 | 2022-06-17 | u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS). When a user accesses the default home page if the parameter passed in is http://127.0.0.1/? "Onmouseover=%27tzgl (96502)%27bad=", it can cause... |
| CVE-2022-30422 | 2022-06-17 | Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0.0,3.3.1.0,3.3.0.0 is vulnerable to Remote code execution via the Viewstate parameter. |
| CVE-2022-21184 | 2022-06-17 | An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login... |
| CVE-2022-21806 | 2022-06-17 | A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to remote code execution. The device is... |
| CVE-2022-29496 | 2022-06-17 | A stack-based buffer overflow vulnerability exists in the BlynkConsole.h runCommand functionality of Blynk -Library v1.0.1. A specially-crafted network request can lead to command execution. An attacker can send a network... |
| CVE-2022-31083 | 2022-06-17 | Authentication bypass in Parse Server Apple Game Center auth adapter |
| CVE-2022-31941 | 2022-06-17 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via \rdms\admin?page=user\manage_user&id=. |
| CVE-2022-31876 | 2022-06-17 | netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies. |
| CVE-2022-31875 | 2022-06-17 | Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnerability via the proname parameter in /admin/scheprofile.cgi |
| CVE-2022-31873 | 2022-06-17 | Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnerability via the prefix parameter in /admin/general.cgi. |
| CVE-2022-31874 | 2022-06-17 | ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface. |
| CVE-2022-25856 | 2022-06-17 | Directory Traversal |
| CVE-2022-25345 | 2022-06-17 | Denial of Service (DoS) |
| CVE-2022-21213 | 2022-06-17 | Prototype Pollution |
| CVE-2022-22138 | 2022-06-17 | Denial of Service (DoS) |
| CVE-2022-25872 | 2022-06-17 | Out-of-bounds Read |
| CVE-2022-25852 | 2022-06-17 | Denial of Service (DoS) |
| CVE-2022-25871 | 2022-06-17 | Prototype Pollution |
| CVE-2022-21503 | 2022-06-17 | Vulnerability in the Oracle Cloud Infrastructure product of Oracle Cloud Services. Easily exploitable vulnerability allows high privileged attacker with network access to compromise Oracle Cloud Infrastructure. Successful attacks of this... |
| CVE-2014-125002 | 2022-06-18 | FFmpeg dnxhdenc.c dnxhd_init_rc memory corruption |
| CVE-2014-125003 | 2022-06-18 | FFmpeg jpeg2000dec.c get_siz memory corruption |
| CVE-2014-125004 | 2022-06-18 | FFmpeg vmnc.c decode_hextile memory corruption |
| CVE-2014-125005 | 2022-06-18 | FFmpeg mpeg4videodec.c decode_vol_header memory corruption |
| CVE-2014-125006 | 2022-06-18 | FFmpeg h264.c output_frame memory corruption |
| CVE-2014-125007 | 2022-06-18 | FFmpeg hevcpred_template.c intra_pred memory corruption |
| CVE-2014-125008 | 2022-06-18 | FFmpeg oggparsevorbis.c vorbis_header memory corruption |
| CVE-2014-125009 | 2022-06-18 | FFmpeg snow.h add_yblock memory corruption |
| CVE-2014-125010 | 2022-06-18 | FFmpeg h64.c decode_slice_header memory corruption |
| CVE-2014-125011 | 2022-06-18 | FFmpeg ansi.c decode_frame integer coercion |
| CVE-2014-125012 | 2022-06-18 | FFmpeg dxtroy.c integer coercion |
| CVE-2014-125013 | 2022-06-18 | FFmpeg msrle.c msrle_decode_frame memory corruption |
| CVE-2014-125014 | 2022-06-18 | FFmpeg HEVC Video Decoder memory corruption |
| CVE-2014-125015 | 2022-06-18 | FFmpeg read_var_block_data memory corruption |
| CVE-2014-125016 | 2022-06-18 | FFmpeg utils.c ff_init_buffer_info memory corruption |
| CVE-2014-125017 | 2022-06-18 | FFmpeg rpza_decode_stream memory corruption |
| CVE-2021-46823 | 2022-06-18 | python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the... |
| CVE-2022-33981 | 2022-06-18 | drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function. |
| CVE-2021-46822 | 2022-06-18 | The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into... |
| CVE-2022-33987 | 2022-06-18 | The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket. |
| CVE-2022-2124 | 2022-06-19 | Buffer Over-read in vim/vim |
| CVE-2022-2125 | 2022-06-19 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-2126 | 2022-06-19 | Out-of-bounds Read in vim/vim |
| CVE-2022-34000 | 2022-06-19 | libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc. |
| CVE-2022-2129 | 2022-06-19 | Out-of-bounds Write in vim/vim |
| CVE-2014-125018 | 2022-06-19 | FFmpeg decode_slice_header memory corruption |
| CVE-2014-125019 | 2022-06-19 | FFmpeg Slice Segment decode_nal_unit memory corruption |
| CVE-2014-125020 | 2022-06-19 | FFmpeg decode_update_thread_context memory corruption |
| CVE-2014-125021 | 2022-06-19 | FFmpeg cmv_process_header memory corruption |
| CVE-2014-125022 | 2022-06-19 | FFmpeg Bitstream Buffer shorten_decode_frame memory corruption |
| CVE-2014-125023 | 2022-06-19 | FFmpeg Truemotion1 truemotion1_decode_header memory corruption |
| CVE-2014-125024 | 2022-06-19 | FFmpeg lag_decode_frame memory corruption |
| CVE-2014-125025 | 2022-06-19 | FFmpeg decode_pulses memory corruption |
| CVE-2022-23071 | 2022-06-19 | Recipes - SSRF on Import |
| CVE-2022-34006 | 2022-06-19 | An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\Users... |
| CVE-2022-34005 | 2022-06-19 | An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL... |