CVE List - 2022 / June
Showing 701 - 800 of 2149 CVEs for June 2022 (Page 8 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-1654 | 2022-06-13 | Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 - Authenticated Privilege Escalation |
| CVE-2022-1659 | 2022-06-13 | JupiterX Core <= 2.0.6 - Information Disclosure, Modification, and Denial of Service |
| CVE-2022-1750 | 2022-06-13 | The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ popup_title' parameter in versions up to, and including, 1.2 due to insufficient input sanitization and... |
| CVE-2022-24077 | 2022-06-13 | Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection. |
| CVE-2022-29244 | 2022-06-13 | npm packing does not respect root-level ignore files in workspaces |
| CVE-2022-30308 | 2022-06-13 | FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability |
| CVE-2022-30309 | 2022-06-13 | FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability |
| CVE-2022-30310 | 2022-06-13 | FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability |
| CVE-2022-30311 | 2022-06-13 | FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability |
| CVE-2021-46814 | 2022-06-13 | The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability. |
| CVE-2022-31763 | 2022-06-13 | The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system availability. |
| CVE-2022-31758 | 2022-06-13 | The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2022-31751 | 2022-06-13 | The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability may affect system availability. |
| CVE-2022-31756 | 2022-06-13 | The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2022-31755 | 2022-06-13 | The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability. |
| CVE-2022-31759 | 2022-06-13 | AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability. |
| CVE-2022-31762 | 2022-06-13 | The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation. |
| CVE-2022-31760 | 2022-06-13 | Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality. |
| CVE-2021-46812 | 2022-06-13 | The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this vulnerability may affect data integrity. |
| CVE-2022-31757 | 2022-06-13 | The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2022-31753 | 2022-06-13 | The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability. |
| CVE-2021-46811 | 2022-06-13 | HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information. |
| CVE-2022-31754 | 2022-06-13 | Logical defects in code implementation in some products. Successful exploitation of this vulnerability may affect the availability of some features. |
| CVE-2021-46813 | 2022-06-13 | Vulnerability of residual files not being deleted after an update in the ChinaDRM module. Successful exploitation of this vulnerability may affect availability. |
| CVE-2022-31761 | 2022-06-13 | Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality. |
| CVE-2022-31752 | 2022-06-13 | Missing authorization vulnerability in the system components. Successful exploitation of this vulnerability will affect confidentiality. |
| CVE-2022-31055 | 2022-06-13 | Improper Access Control in kctf |
| CVE-2022-28217 | 2022-06-13 | Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking... |
| CVE-2022-29455 | 2022-06-13 | WordPress Elementor plugin <= 3.5.5 - Unauthenticated DOM-based Reflected Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-23167 | 2022-06-13 | Amodat - Mobile Application Gateway Local File Inclusion (LFI) |
| CVE-2022-23168 | 2022-06-13 | Amodat - Mobile Application Gateway SQL Injection (SQLi) |
| CVE-2022-23169 | 2022-06-13 | Amodat - Mobile Application Gateway SQL Injection (SQLi) |
| CVE-2022-33175 | 2022-06-13 | Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/get_param.cgi HTTP API.... |
| CVE-2022-33174 | 2022-06-13 | Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet... |
| CVE-2021-41663 | 2022-06-13 | A cross-site scripting (XSS) vulnerability exists in Mini CMS V1.11. The vulnerability exists in the article upload: post-edit.php page. |
| CVE-2021-40604 | 2022-06-13 | A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names... |
| CVE-2021-40036 | 2022-06-13 | The bone voice ID TA has a memory overwrite vulnerability. Successful exploitation of this vulnerability may result in malicious code execution. |
| CVE-2022-29798 | 2022-06-13 | There is a denial of service vulnerability in CV81-WDM FW versions 01.70.49.29.46. Successful exploitation could cause denial of service. |
| CVE-2022-29797 | 2022-06-13 | There is a buffer overflow vulnerability in CV81-WDM FW 01.70.49.29.46. Successful exploitation of this vulnerability may lead to privilege escalation. |
| CVE-2022-22259 | 2022-06-13 | There is an improper authentication vulnerability in FLMG-10 10.0.1.0(H100SP22C00). Successful exploitation of this vulnerability may lead to a control of the victim device. |
| CVE-2022-31053 | 2022-06-13 | Signature forgery in Biscuit |
| CVE-2022-31054 | 2022-06-13 | Uses of deprecated API can be used to cause DoS in user-facing endpoints in Argo Events |
| CVE-2022-32564 | 2022-06-13 | An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie. |
| CVE-2022-32560 | 2022-06-13 | An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings. |
| CVE-2022-32558 | 2022-06-13 | An issue was discovered in Couchbase Server before 7.0.4. Sample bucket loading may leak internal user passwords during a failure. |
| CVE-2022-32193 | 2022-06-13 | Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. |
| CVE-2022-29247 | 2022-06-13 | Exposure of Resource to Wrong Sphere in Electron |
| CVE-2022-29257 | 2022-06-13 | Electron's AutoUpdater module fails to validate certain nested components of the bundle |
| CVE-2022-32278 | 2022-06-13 | XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. |
| CVE-2022-32192 | 2022-06-13 | Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. |
| CVE-2022-32562 | 2022-06-13 | An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission. |
| CVE-2022-32565 | 2022-06-13 | An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids. |
| CVE-2021-41661 | 2022-06-13 | Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads... |
| CVE-2021-41662 | 2022-06-13 | The South Gate Inn Online Reservation System v1.0 contains an SQL injection vulnerability that can be chained with a malicious PHP file upload, which is caused by improper file handling... |
| CVE-2022-22057 | 2022-06-14 | Use after free in graphics fence due to a race condition while closing fence file descriptor and destroy graphics timeline simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial... |
| CVE-2022-32156 | 2022-06-14 | Splunk Enterprise and Universal Forwarder CLI connections lacked TLS cert validation |
| CVE-2022-31415 | 2022-06-14 | Online Fire Reporting System v1.0 was discovered to contain a SQL injection vulnerability via the GET parameter in /report/list.php. |
| CVE-2022-31446 | 2022-06-14 | Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac. |
| CVE-2022-31447 | 2022-06-14 | An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file. |
| CVE-2022-26302 | 2022-06-14 | Heap-based buffer overflow exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code... |
| CVE-2022-27176 | 2022-06-14 | Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'File Sanitization Option'), and... |
| CVE-2022-29482 | 2022-06-14 | 'Mobaoku-Auction&Flea Market' App for iOS versions prior to 5.5.16 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. |
| CVE-2022-29485 | 2022-06-14 | Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors. |
| CVE-2022-29506 | 2022-06-14 | Out-of-bounds read vulnerability exist in the simulator module contained in the graphic editor 'V-SFT' v6.1.3.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by... |
| CVE-2022-29509 | 2022-06-14 | Directory traversal vulnerability in T&D Data Server (Japanese Edition) Ver.2.22 and earlier, T&D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and... |
| CVE-2022-29522 | 2022-06-14 | Use after free vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary... |
| CVE-2022-29524 | 2022-06-14 | Out-of-bounds write vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a... |
| CVE-2022-29925 | 2022-06-14 | Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute... |
| CVE-2022-25167 | 2022-06-14 | Apache Flume vulnerable to a JNDI RCE in JMSSource |
| CVE-2022-2079 | 2022-06-14 | Cross-site Scripting (XSS) - Stored in nocodb/nocodb |
| CVE-2021-37182 | 2022-06-14 | A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.)... |
| CVE-2022-26476 | 2022-06-14 | A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS).... |
| CVE-2022-27219 | 2022-06-14 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port... |
| CVE-2022-27220 | 2022-06-14 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port... |
| CVE-2022-27221 | 2022-06-14 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series... |
| CVE-2022-29034 | 2022-06-14 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not... |
| CVE-2022-30228 | 2022-06-14 | A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected software does not apply cross-origin resource sharing (CORS) restrictions for critical operations. In case an... |
| CVE-2022-30229 | 2022-06-14 | A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected application does not require authenticated access for privileged functions. This could allow an unauthenticated attacker... |
| CVE-2022-30230 | 2022-06-14 | A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected application does not require authenticated access for privileged functions. This could allow an unauthenticated attacker... |
| CVE-2022-30231 | 2022-06-14 | A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected application discloses password hashes of other users upon request. This could allow an authenticated user... |
| CVE-2022-30937 | 2022-06-14 | A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions... |
| CVE-2022-31465 | 2022-06-14 | A vulnerability has been identified in Xpedition Designer VX.2.10 (All versions < VX.2.10 Update 13), Xpedition Designer VX.2.11 (All versions < VX.2.11 Update 11), Xpedition Designer VX.2.12 (All versions <... |
| CVE-2022-31619 | 2022-06-14 | A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions < V13.2.0.9),... |
| CVE-2022-32145 | 2022-06-14 | A vulnerability has been identified in Teamcenter Active Workspace V5.2 (All versions < V5.2.9), Teamcenter Active Workspace V6.0 (All versions < V6.0.3). A reflected cross-site scripting (XSS) vulnerability exists in... |
| CVE-2022-32251 | 2022-06-14 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). There is a missing authentication verification for a resource used to change the roles and permissions... |
| CVE-2022-32252 | 2022-06-14 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin... |
| CVE-2022-32253 | 2022-06-14 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to improper input validation, the OpenSSL certificate's password could be printed to a file reachable... |
| CVE-2022-32254 | 2022-06-14 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given... |
| CVE-2022-32255 | 2022-06-14 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of... |
| CVE-2022-32256 | 2022-06-14 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of... |
| CVE-2022-32258 | 2022-06-14 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific... |
| CVE-2022-32259 | 2022-06-14 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with... |
| CVE-2022-32260 | 2022-06-14 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker... |
| CVE-2022-32261 | 2022-06-14 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to... |
| CVE-2022-32262 | 2022-06-14 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker... |
| CVE-2022-32285 | 2022-06-14 | A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix... |
| CVE-2022-32286 | 2022-06-14 | A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix... |
| CVE-2021-40649 | 2022-06-14 | In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the HttpOnly flag set. |
| CVE-2021-40650 | 2022-06-14 | In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the secure flag set. |
| CVE-2021-35083 | 2022-06-14 | Possible out of bound read due to improper validation of certificate chain in SSL or Internet key exchange in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon... |