CVE List - 2022 / June
Showing 1801 - 1900 of 2149 CVEs for June 2022 (Page 19 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-24893 | 2022-06-25 | Espressif Bluetooth Mesh Stack Vulnerable to Out-of-bounds Write leading to memory buffer corruption |
| CVE-2022-29168 | 2022-06-25 | Cross Site Scripting in Wire Messages |
| CVE-2022-31016 | 2022-06-25 | Argo CD vulnerable to Uncontrolled Memory Consumption |
| CVE-2022-31017 | 2022-06-25 | Expression Always True vulnerability in Zulip Server |
| CVE-2022-29931 | 2022-06-25 | The administration interface of the Raytion Custom Security Manager (Raytion CSM) in Version 7.2.0 allows reflected Cross-site Scripting (XSS). |
| CVE-2022-2206 | 2022-06-26 | Out-of-bounds Read in vim/vim |
| CVE-2020-27509 | 2022-06-26 | Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email... |
| CVE-2022-34495 | 2022-06-26 | rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. |
| CVE-2022-34494 | 2022-06-26 | rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. |
| CVE-2022-2207 | 2022-06-27 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-2208 | 2022-06-27 | NULL Pointer Dereference in vim/vim |
| CVE-2022-2210 | 2022-06-27 | Out-of-bounds Write in vim/vim |
| CVE-2022-31081 | 2022-06-27 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in HTTP::Daemon |
| CVE-2022-31090 | 2022-06-27 | CURLOPT_HTTPAUTH option not cleared on change of origin in Guzzle |
| CVE-2022-31091 | 2022-06-27 | Change in port should be considered a change in origin in Guzzle |
| CVE-2022-33146 | 2022-06-27 | Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a... |
| CVE-2022-33202 | 2022-06-27 | Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored... |
| CVE-2020-9754 | 2022-06-27 | NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode. |
| CVE-2022-2212 | 2022-06-27 | SourceCodester Library Management System /card/index.php unrestricted upload |
| CVE-2022-2213 | 2022-06-27 | SourceCodester Library Management System cross site scripting |
| CVE-2022-2214 | 2022-06-27 | SourceCodester Library Management System bookdetails.php sql injection |
| CVE-2022-0444 | 2022-06-27 | XCloner < 4.3.6 - Plugin Settings Reset |
| CVE-2022-0875 | 2022-06-27 | miniOrange Google Authenticator < 1.0.5 - CSRF to Stored Cross-Site Scripting |
| CVE-2022-1010 | 2022-06-27 | Login using WordPress Users < 1.13.4 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1028 | 2022-06-27 | WordPress Security < 4.2.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1029 | 2022-06-27 | Limit Login Attempts < 4.0.72 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1095 | 2022-06-27 | Mihdan: No External Links < 5.0.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1113 | 2022-06-27 | Flower Delivery by Florist One <= 3.7 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1321 | 2022-06-27 | miniOrange's Google Authenticator < 5.5.6 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1326 | 2022-06-27 | Form - Contact Form <= 1.2.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1327 | 2022-06-27 | Image Gallery - Grid Gallery < 1.1.6 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1470 | 2022-06-27 | Ultimate WooCommerce CSV Importer <= 2.0 - Reflected Cross-Site Scripting |
| CVE-2022-1572 | 2022-06-27 | HTML2WP <= 1.0.0 - Subscriber+ Arbitrary File Deletion |
| CVE-2022-1573 | 2022-06-27 | HTML2WP <= 1.0.0 - Arbitrary Settings Update via CSRF |
| CVE-2022-1574 | 2022-06-27 | HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload |
| CVE-2022-1593 | 2022-06-27 | Site Offline or Coming Soon <= 1.6.6 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-1625 | 2022-06-27 | New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF |
| CVE-2022-1627 | 2022-06-27 | My Private Site < 3.0.8 - Arbitrary Settings Update via CSRF |
| CVE-2022-1653 | 2022-06-27 | Social Share Buttons by Supsystic < 2.2.4 - Multiple CSRF |
| CVE-2022-1776 | 2022-06-27 | Icegram < 2.1.8 - Contributor+ Stored Cross-Site Scripting |
| CVE-2022-1842 | 2022-06-27 | OpenBook Book Data <= 3.5.2 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1843 | 2022-06-27 | MailPress <= 7.2.1 - Arbitrary Settings Update & Log Files Purge via CSRF |
| CVE-2022-1844 | 2022-06-27 | WP Sentry <= 1.0 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1845 | 2022-06-27 | WP Post Styling < 1.3.1 - Multiple CSRF |
| CVE-2022-1846 | 2022-06-27 | Tiny Contact Form <= 0.7 - Arbitrary Settings Update via CSRF |
| CVE-2022-1847 | 2022-06-27 | Rotating Posts <= 1.11 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1885 | 2022-06-27 | Cimy Header Image Rotator <= 6.1.1 - Arbitrary Settings Update via CSRF |
| CVE-2022-1903 | 2022-06-27 | ARMember < 3.4.8 - Unauthenticated Admin Account Takeover |
| CVE-2022-1904 | 2022-06-27 | Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting |
| CVE-2022-1913 | 2022-06-27 | Add Post URL <= 2.1.0 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1914 | 2022-06-27 | Clean-Contact <= 1.6 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1916 | 2022-06-27 | Active Products Tables for WooCommerce < 1.0.5 - Reflected Cross-Site-Scripting |
| CVE-2022-1953 | 2022-06-27 | Product Configurator for WooCommerce < 1.2.32 - Unauthenticated Arbitrary File Deletion |
| CVE-2022-1960 | 2022-06-27 | MyCSS <= 1.1 - Arbitrary Settings Update via CSRF |
| CVE-2022-1964 | 2022-06-27 | Easy SVG Support < 3.3.0 - Author+ Stored Cross Site Scripting via SVG |
| CVE-2022-1971 | 2022-06-27 | NextCellent Gallery <= 1.9.35 - Admin+ Stored XSS |
| CVE-2022-1977 | 2022-06-27 | WP Ultimate CSV Importer < 6.5.3 - Admin+ Blind SSRF |
| CVE-2022-1990 | 2022-06-27 | Nested Pages < 3.1.21 - Admin+ Stored Cross Site Scripting |
| CVE-2022-1994 | 2022-06-27 | Google Authenticator < 1.0.8 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1995 | 2022-06-27 | miniOrange's Malware Scanner < 4.5.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-2040 | 2022-06-27 | Brizy Page Builder < 2.4.2 - Contributor+ Stored Cross-Site Scripting via Element URL |
| CVE-2022-2041 | 2022-06-27 | Brizy Page Builder < 2.4.2 - Contributor+ Stored Cross-Site Scripting via Element Content |
| CVE-2021-40895 | 2022-06-27 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in todo-regex v0.1.1 when matching crafted invalid TODO statements. |
| CVE-2021-40896 | 2022-06-27 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in that-value v0.1.3 when validating crafted invalid emails. |
| CVE-2021-40897 | 2022-06-27 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in split-html-to-chars v1.0.5 when splitting crafted invalid htmls. |
| CVE-2022-2217 | 2022-06-27 | Cross-site Scripting (XSS) - Generic in ionicabizau/parse-url |
| CVE-2021-40898 | 2022-06-27 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scaffold-helper v1.2.0 when copying crafted invalid files. |
| CVE-2022-0722 | 2022-06-27 | Exposure of Sensitive Information to an Unauthorized Actor in ionicabizau/parse-url |
| CVE-2021-40899 | 2022-06-27 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in repo-git-downloader v0.1.1 when downloading crafted invalid git repositories. |
| CVE-2021-40900 | 2022-06-27 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in regexfn v1.0.5 when validating crafted invalid emails. |
| CVE-2021-40901 | 2022-06-27 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails. |
| CVE-2022-2218 | 2022-06-27 | Cross-site Scripting (XSS) - Stored in ionicabizau/parse-url |
| CVE-2022-2216 | 2022-06-27 | Server-Side Request Forgery (SSRF) in ionicabizau/parse-url |
| CVE-2017-20100 | 2022-06-27 | Air Transfer cross site scripting |
| CVE-2017-20101 | 2022-06-27 | ProjectSend information disclosure |
| CVE-2017-20102 | 2022-06-27 | Album Lock getImage path traversal |
| CVE-2020-21161 | 2022-06-27 | Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirector 9.8.3.0. |
| CVE-2022-2088 | 2022-06-27 | Elcomplus SmartICS Access Control |
| CVE-2022-2140 | 2022-06-27 | Elcomplus SmartICS Cross-site Scripting |
| CVE-2022-2106 | 2022-06-27 | Elcomplus SmartICS Path Traversal |
| CVE-2021-33648 | 2022-06-27 | When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of... |
| CVE-2021-33647 | 2022-06-27 | When performing the inference shape operation of the Tile operator, if the input data type is not int or int32, it will access data outside of bounds of heap allocated... |
| CVE-2021-33649 | 2022-06-27 | When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will... |
| CVE-2021-33652 | 2022-06-27 | When the Reduce operator run operation is executed, if there is a value of 0 in the parameter axis_sizes element, it will cause a division by 0 exception. |
| CVE-2021-33651 | 2022-06-27 | When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception. |
| CVE-2021-33650 | 2022-06-27 | When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated... |
| CVE-2021-33653 | 2022-06-27 | When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception. |
| CVE-2021-33654 | 2022-06-27 | When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception. |
| CVE-2022-26477 | 2022-06-27 | Denial of service in readExternal method |
| CVE-2021-40941 | 2022-06-27 | In Bento4 1.6.0-638, there is an allocator is out of memory in the function AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity in Ap4Array.h:172, as demonstrated by GPAC. This can cause a denial of service (DOS). |
| CVE-2022-28171 | 2022-06-27 | The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands... |
| CVE-2022-28172 | 2022-06-27 | The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by... |
| CVE-2022-28166 | 2022-06-27 | In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082. |
| CVE-2022-28167 | 2022-06-27 | Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log |
| CVE-2022-28168 | 2022-06-27 | In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily... |
| CVE-2017-20099 | 2022-06-27 | Analytics Stats Counter Statistics Plugin code injection |
| CVE-2017-20098 | 2022-06-27 | Admin Custom Login Plugin Persistent cross site scripting |
| CVE-2022-2221 | 2022-06-27 | Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager... |
| CVE-2022-28622 | 2022-06-27 | A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the... |
| CVE-2022-31034 | 2022-06-27 | Insecure entropy in argo-cd |