CVE List - 2022 / June
Showing 1601 - 1700 of 2149 CVEs for June 2022 (Page 17 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-34202 | 2022-06-22 | Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the... |
| CVE-2022-34203 | 2022-06-22 | A cross-site request forgery (CSRF) vulnerability in Jenkins EasyQA Plugin 1.0 and earlier allows attackers to connect to an attacker-specified HTTP server. |
| CVE-2022-34204 | 2022-06-22 | A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server. |
| CVE-2022-34205 | 2022-06-22 | A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL. |
| CVE-2022-34206 | 2022-06-22 | A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL. |
| CVE-2022-34207 | 2022-06-22 | A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL. |
| CVE-2022-34208 | 2022-06-22 | A missing permission check in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. |
| CVE-2022-34209 | 2022-06-22 | A cross-site request forgery (CSRF) vulnerability in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers to connect to an attacker-specified URL. |
| CVE-2022-34210 | 2022-06-22 | A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. |
| CVE-2022-34211 | 2022-06-22 | A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL. |
| CVE-2022-34212 | 2022-06-22 | A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL. |
| CVE-2022-34213 | 2022-06-22 | Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access... |
| CVE-2022-34295 | 2022-06-22 | totd before 1.5.3 does not properly randomize mesg IDs. |
| CVE-2022-23080 | 2022-06-22 | directus - SSRF which leads to internal port scan |
| CVE-2022-31362 | 2022-06-22 | Docebo Community Edition v4.0.5 and below was discovered to contain an arbitrary file upload vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer |
| CVE-2022-31361 | 2022-06-22 | Docebo Community Edition v4.0.5 and below was discovered to contain a SQL injection vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer |
| CVE-2022-23081 | 2022-06-22 | Openlibrary - Reflected XSS |
| CVE-2022-32159 | 2022-06-22 | Openlibrary - Stored XSS |
| CVE-2021-41432 | 2022-06-22 | A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content. |
| CVE-2022-32124 | 2022-06-22 | 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /index/jobfairol/show/. |
| CVE-2022-32125 | 2022-06-22 | 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /job. |
| CVE-2022-32126 | 2022-06-22 | 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company. |
| CVE-2022-32127 | 2022-06-22 | 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/view_be_browsed/total. |
| CVE-2022-32128 | 2022-06-22 | 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/service/increment/add/im. |
| CVE-2022-32129 | 2022-06-22 | 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/account/safety/trade. |
| CVE-2022-32130 | 2022-06-22 | 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/down_resume/total/nature. |
| CVE-2022-32131 | 2022-06-22 | 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /index/notice/show. |
| CVE-2022-33092 | 2022-06-22 | 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/index. |
| CVE-2022-33093 | 2022-06-22 | 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the key parameter at /freelance/resume_list. |
| CVE-2022-33094 | 2022-06-22 | 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/map. |
| CVE-2022-33095 | 2022-06-22 | 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist. |
| CVE-2022-33096 | 2022-06-22 | 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/resume/index. |
| CVE-2022-33097 | 2022-06-22 | 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/campus/campus_job. |
| CVE-2022-34328 | 2022-06-22 | PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php. |
| CVE-2022-33127 | 2022-06-22 | The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute... |
| CVE-2022-33124 | 2022-06-22 | AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service (DoS). NOTE: multiple third parties dispute this issue because there is no... |
| CVE-2022-2175 | 2022-06-23 | Buffer Over-read in vim/vim |
| CVE-2022-2182 | 2022-06-23 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-2183 | 2022-06-23 | Out-of-bounds Read in vim/vim |
| CVE-2017-20085 | 2022-06-23 | Atahualpa Theme cross site scriting |
| CVE-2017-20086 | 2022-06-23 | VaultPress Plugin code injection |
| CVE-2017-20087 | 2022-06-23 | Alpine PhotoTile for Instagram Plugin cross site scriting |
| CVE-2017-20088 | 2022-06-23 | Atahualpa Theme cross-site request forgery |
| CVE-2017-20089 | 2022-06-23 | Gwolle Guestbook Plugin cross site scriting |
| CVE-2017-20090 | 2022-06-23 | Global Content Blocks Plugin cross-site request forgery |
| CVE-2017-20091 | 2022-06-23 | File Manager Plugin cross-site request forgery |
| CVE-2022-31009 | 2022-06-23 | DoS vulnerability: Invalid Accent Colors |
| CVE-2021-40954 | 2022-06-23 | Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker to execute arbitrary code. |
| CVE-2021-40955 | 2022-06-23 | SQL injection exists in LaiKetui v3.5.0 the background administrator list. |
| CVE-2021-40956 | 2022-06-23 | LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained. |
| CVE-2022-34305 | 2022-06-23 | XSS in examples web application |
| CVE-2022-33113 | 2022-06-23 | Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module. |
| CVE-2022-33114 | 2022-06-23 | Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list. |
| CVE-2022-34011 | 2022-06-23 | OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls. |
| CVE-2022-34012 | 2022-06-23 | Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges. |
| CVE-2022-34013 | 2022-06-23 | OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Logo parameter under the Link module. |
| CVE-2021-29055 | 2022-06-23 | Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Firtstname parameter to the Update Account form in student_profile.php. |
| CVE-2021-46824 | 2022-06-23 | Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in student_profile.php. |
| CVE-2022-26862 | 2022-06-23 | Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass... |
| CVE-2022-26863 | 2022-06-23 | Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass... |
| CVE-2022-26864 | 2022-06-23 | Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass... |
| CVE-2022-32987 | 2022-06-23 | Multiple cross-site scripting (XSS) vulnerabilities in /bsms/?page=manage_account of Simple Bakery Shop Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... |
| CVE-2022-2147 | 2022-06-23 | Unquoted Service Path in Cloudflare WARP for Windows |
| CVE-2022-32209 | 2022-06-24 | # Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3##... |
| CVE-2022-32391 | 2022-06-24 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/view_action.php:4 |
| CVE-2022-32392 | 2022-06-24 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/manage_action.php:4 |
| CVE-2022-32393 | 2022-06-24 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/view_cell.php:4 |
| CVE-2022-32394 | 2022-06-24 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/view_inmate.php:3 |
| CVE-2022-32395 | 2022-06-24 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/manage_crime.php:4 |
| CVE-2022-32396 | 2022-06-24 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/visits/manage_visit.php:4 |
| CVE-2022-32397 | 2022-06-24 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/visits/view_visit.php:4 |
| CVE-2022-32398 | 2022-06-24 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/manage_cell.php:4 |
| CVE-2022-32399 | 2022-06-24 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/view_crime.php:4 |
| CVE-2022-32400 | 2022-06-24 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/user/manage_user.php:4. |
| CVE-2022-32401 | 2022-06-24 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_privilege.php:4 |
| CVE-2022-32402 | 2022-06-24 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/prisons/manage_prison.php:4 |
| CVE-2022-32403 | 2022-06-24 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_record.php:4 |
| CVE-2022-32404 | 2022-06-24 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_inmate.php:3 |
| CVE-2022-32405 | 2022-06-24 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/prisons/view_prison.php:4 |
| CVE-2017-20092 | 2022-06-24 | Google Analytics Dashboard Plugin cross site scriting |
| CVE-2017-20093 | 2022-06-24 | Download Manager Plugin cross-site request forgery |
| CVE-2017-20094 | 2022-06-24 | NewStatPress Plugin Persistent cross site scriting |
| CVE-2017-20095 | 2022-06-24 | Simple Ads Manager Plugin code injection |
| CVE-2017-20096 | 2022-06-24 | WP-SpamFree Anti-Spam Plugin cross site scriting |
| CVE-2017-20097 | 2022-06-24 | WP-Filebase Download Manager Plugin cross site scriting |
| CVE-2022-1965 | 2022-06-24 | CODESYS runtime system prone to file deletion due to improper error handling |
| CVE-2022-31802 | 2022-06-24 | Partial string comparison in CODESYS gateway server |
| CVE-2022-31803 | 2022-06-24 | CODESYS Gateway Server V2 prone to Denial of Service Attack |
| CVE-2022-31804 | 2022-06-24 | CODESYS Gateway server prone to denial of service attack due to excessive memory allocation |
| CVE-2022-31805 | 2022-06-24 | Insecure transmission of credentials |
| CVE-2022-31806 | 2022-06-24 | Insecure default settings in CODESYS Runtime Toolkit 32 bit full and CODESYS PLCWinNT |
| CVE-2022-32136 | 2022-06-24 | Codesys runtime systems: Access of uninitialised pointer lead to denial of service. |
| CVE-2022-32137 | 2022-06-24 | CODESYS Runtime System prone to heap based buffer overflow |
| CVE-2022-32138 | 2022-06-24 | CODESYS runtime system prone to denial of service due to Unexpected Sign Extension |
| CVE-2022-32139 | 2022-06-24 | CODESYS runtime system prone to denial of service due to out of bounds read |
| CVE-2022-32140 | 2022-06-24 | CODESYS runtime system prone to denial of service due to buffer copy |
| CVE-2022-32141 | 2022-06-24 | CODESYS runtime system prone to denial of service due to buffer over read |
| CVE-2022-32142 | 2022-06-24 | CODESYS runtime system prone to denial of service due to use of out of range pointer |
| CVE-2022-32143 | 2022-06-24 | CODESYS runtime system prone to directory acces |
| CVE-2021-41639 | 2022-06-24 | MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file. |