CVE List - 2022 / June
Showing 1901 - 2000 of 2149 CVEs for June 2022 (Page 20 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-31035 | 2022-06-27 | External URLs for Deployments can include javascript in argo-cd |
| CVE-2022-31036 | 2022-06-27 | Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server |
| CVE-2022-31039 | 2022-06-27 | Improper privilege management - Anyone can view room settings in GreenLight |
| CVE-2022-31057 | 2022-06-27 | Authenticated Stored XSS in Shopware Administration |
| CVE-2022-31065 | 2022-06-27 | Cross site scripting vulnerability for private chat in bigbluebutton |
| CVE-2022-31064 | 2022-06-27 | Cross site scripting in username that will trigger by sending chat |
| CVE-2022-31076 | 2022-06-27 | Malicious Message can crash CloudCore in KubeEdge |
| CVE-2022-31077 | 2022-06-27 | Malicious response from KubeEdge can crash CSI Driver controller server |
| CVE-2021-40942 | 2022-06-27 | In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c:1454, as demonstrated by GPAC. This can cause a denial of service (DOS). |
| CVE-2022-31082 | 2022-06-27 | SQL Injection via package deployment tasks in glpi-inventory-plugin |
| CVE-2022-33116 | 2022-06-27 | An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal. |
| CVE-2022-31088 | 2022-06-27 | Unauthenticated LDAP Injection in ldap-account-manager |
| CVE-2022-31087 | 2022-06-27 | Incorrect Default Permissions in ldap-account-manager |
| CVE-2022-31086 | 2022-06-27 | Incorrect Regular Expressions in ldap-account-manager |
| CVE-2022-31084 | 2022-06-27 | Unauthenticated Remote Code Execution in ldap-account-manager |
| CVE-2022-31085 | 2022-06-27 | Missing Encryption of Sensitive Data in ldap-account-manager |
| CVE-2022-33005 | 2022-06-27 | A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the... |
| CVE-2022-31094 | 2022-06-27 | Cross site scripting vulnerability in ScratchTools |
| CVE-2022-31089 | 2022-06-27 | Invalid file request can crashe parse-server |
| CVE-2022-31092 | 2022-06-27 | SQL injection in pimcore |
| CVE-2022-31093 | 2022-06-27 | Improper Handling of `callbackUrl` parameter in next-auth |
| CVE-2022-31096 | 2022-06-27 | Invites restricted to an email or invite links restricted to an email domain may be bypassed by a under certain conditions in Discourse |
| CVE-2022-32092 | 2022-06-27 | D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi. |
| CVE-2022-33007 | 2022-06-27 | TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discovered to contain a stack overflow via the function genacgi_main. |
| CVE-2022-33879 | 2022-06-27 | Incomplete fix and new regex DoS in StandardsExtractingContentHandler |
| CVE-2017-20103 | 2022-06-27 | Kama Click Counter Plugin admin.php Blind sql injection |
| CVE-2022-31098 | 2022-06-27 | Weave GitOps leaked cluster credentials into logs on connection errors |
| CVE-2022-31100 | 2022-06-27 | Reachable Assertion in rulex |
| CVE-2022-31099 | 2022-06-27 | Uncontrolled Recursion in rulex |
| CVE-2022-31101 | 2022-06-27 | SQL Injection in prestashop/blockwishlist |
| CVE-2022-32994 | 2022-06-27 | Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload. |
| CVE-2022-32995 | 2022-06-27 | Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function. |
| CVE-2022-31103 | 2022-06-27 | Improper handling of CSS at-rules in lettersanitizer |
| CVE-2022-33009 | 2022-06-27 | A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file. |
| CVE-2022-34133 | 2022-06-27 | Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php. |
| CVE-2022-34134 | 2022-06-27 | Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php. |
| CVE-2022-34132 | 2022-06-27 | Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php. |
| CVE-2022-31104 | 2022-06-27 | Miscompilation of `i8x16.swizzle` and `select` with v128 inputs in Wasmtime |
| CVE-2021-40606 | 2022-06-28 | The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. |
| CVE-2021-40608 | 2022-06-28 | The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. |
| CVE-2021-40609 | 2022-06-28 | The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. |
| CVE-2021-40944 | 2022-06-28 | In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS). |
| CVE-2022-2231 | 2022-06-28 | NULL Pointer Dereference in vim/vim |
| CVE-2022-31056 | 2022-06-28 | SQL injection with _actor parameter in GLPI |
| CVE-2017-20104 | 2022-06-28 | Simplessus Cookie Time sql injection |
| CVE-2017-20105 | 2022-06-28 | Simplessus path traversal |
| CVE-2017-20106 | 2022-06-28 | Lithium Forum Compose Message server-side request forgery |
| CVE-2017-20107 | 2022-06-28 | ShadeYouVPN.com Client privileges management |
| CVE-2022-0624 | 2022-06-28 | Authorization Bypass Through User-Controlled Key in ionicabizau/parse-path |
| CVE-2021-41689 | 2022-06-28 | DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is... |
| CVE-2021-41690 | 2022-06-28 | DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending... |
| CVE-2021-41688 | 2022-06-28 | DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the... |
| CVE-2021-41687 | 2022-06-28 | DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests... |
| CVE-2021-40943 | 2022-06-28 | In Bento4 1.6.0-638, there is a null pointer reference in the function AP4_DescriptorListInspector::Action function in Ap4Descriptor.h:124 , as demonstrated by GPAC. This can cause a denial of service (DOS). |
| CVE-2022-29519 | 2022-06-28 | Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter... |
| CVE-2022-30707 | 2022-06-28 | Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS... |
| CVE-2022-30997 | 2022-06-28 | Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or... |
| CVE-2021-40607 | 2022-06-28 | The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. |
| CVE-2022-23896 | 2022-06-28 | Admidio 4.1.2 version is affected by stored cross-site scripting (XSS). |
| CVE-2022-34750 | 2022-06-28 | An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much... |
| CVE-2021-41460 | 2022-06-28 | ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information. |
| CVE-2022-30560 | 2022-06-28 | When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device... |
| CVE-2022-30561 | 2022-06-28 | When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet. |
| CVE-2022-30562 | 2022-06-28 | If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the... |
| CVE-2022-30563 | 2022-06-28 | When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login... |
| CVE-2022-23763 | 2022-06-28 | DOUZONE BIZON NeoRS file download and execute vulnerability |
| CVE-2022-0085 | 2022-06-28 | Server-Side Request Forgery (SSRF) in dompdf/dompdf |
| CVE-2022-0987 | 2022-06-28 | A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time... |
| CVE-2021-40553 | 2022-06-28 | piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor. |
| CVE-2021-3779 | 2022-06-28 | Ruby-MySQL Gem Client File Read |
| CVE-2022-33108 | 2022-06-28 | XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files. |
| CVE-2022-31052 | 2022-06-28 | URL previews can crash Synapse media repositories or Synapse monoliths |
| CVE-2022-31106 | 2022-06-28 | Prototype Pollution in underscore.deep |
| CVE-2022-2145 | 2022-06-28 | Cloudlfare WARP Arbitrary File Overwrite |
| CVE-2022-28621 | 2022-06-28 | A remote disclosure of sensitive information vulnerability was discovered in HPE NonStop DSM/SCM version: T6031H03^ADP. HPE has provided a software update to resolve this vulnerability in HPE NonStop DSM/SCM. |
| CVE-2022-31068 | 2022-06-28 | Sensitive Data Exposure on Refused Inventory Files in GLPI |
| CVE-2022-31061 | 2022-06-28 | SQL injection on login page in GLPI |
| CVE-2022-31108 | 2022-06-28 | Arbitrary `CSS` injection into the generated graph affecting the container HTML in mermaid.js |
| CVE-2022-31229 | 2022-06-28 | Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can... |
| CVE-2022-31230 | 2022-06-28 | Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access. |
| CVE-2021-3430 | 2022-06-28 | BT: Assertion failure on repeated LL_CONNECTION_PARAM_REQ |
| CVE-2021-3431 | 2022-06-28 | BT: Assertion failure on repeated LL_FEATURE_REQ |
| CVE-2021-3432 | 2022-06-28 | BT: Invalid interval in CONNECT_IND leads to Division by Zero |
| CVE-2021-3433 | 2022-06-28 | BT: Invalid channel map in CONNECT_IND results to Deadlock |
| CVE-2021-3434 | 2022-06-28 | L2CAP: Stack based buffer overflow in le_ecred_conn_req() |
| CVE-2021-3435 | 2022-06-28 | L2CAP: Information leakage in le_ecred_conn_req() |
| CVE-2022-31885 | 2022-06-28 | Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts. |
| CVE-2022-31886 | 2022-06-28 | Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form. |
| CVE-2022-31883 | 2022-06-28 | Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys. |
| CVE-2022-31884 | 2022-06-28 | Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys. |
| CVE-2022-31887 | 2022-06-28 | Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve... |
| CVE-2020-19896 | 2022-06-28 | File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php. |
| CVE-2020-19897 | 2022-06-28 | A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter. |
| CVE-2021-41559 | 2022-06-28 | Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document. |
| CVE-2022-24444 | 2022-06-28 | Silverstripe silverstripe/framework through 4.10 allows Session Fixation. |
| CVE-2022-29858 | 2022-06-28 | Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content. |
| CVE-2022-25238 | 2022-06-28 | Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is... |
| CVE-2022-32532 | 2022-06-28 | Authentication Bypass Vulnerability |
| CVE-2022-33639 | 2022-06-29 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2022-31897 | 2022-06-29 | SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=. |