CVE List - 2022 / June
Showing 1701 - 1800 of 2149 CVEs for June 2022 (Page 18 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-41638 | 2022-06-24 | The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username. |
| CVE-2021-41637 | 2022-06-24 | Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the "Everyone" group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all... |
| CVE-2021-41636 | 2022-06-24 | MELAG FTP Server 2.2.0.4 allows an attacker to use the CWD command to break out of the FTP servers root directory and operate on the entire operating system, while the... |
| CVE-2021-41635 | 2022-06-24 | When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host... |
| CVE-2021-41634 | 2022-06-24 | A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid FTP usernames. |
| CVE-2022-32530 | 2022-06-24 | A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request... |
| CVE-2022-32990 | 2022-06-24 | An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS). |
| CVE-2021-40892 | 2022-06-24 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-color v2.1.0 when handling crafted invalid rgb(a) strings. |
| CVE-2022-30117 | 2022-06-24 | Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload... |
| CVE-2022-30119 | 2022-06-24 | XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and... |
| CVE-2022-21829 | 2022-06-24 | Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed... |
| CVE-2022-30120 | 2022-06-24 | XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7... |
| CVE-2022-30118 | 2022-06-24 | Title for CVE: XSS in /dashboard/system/express/entities/forms/save_control/[GUID]: old browsers only.Description: When using Internet Explorer with the XSS protection disabled, editing a form control in an express entities form for Concrete 8.5.7... |
| CVE-2022-28619 | 2022-06-24 | A potential security vulnerability has been identified in the installer of HPE Version Control Repository Manager. The vulnerability could allow local escalation of privilege. HPE has made the following software... |
| CVE-2022-28620 | 2022-06-24 | A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware associated with HPE... |
| CVE-2022-23170 | 2022-06-24 | SysAid - Okta SSO integration |
| CVE-2021-30651 | 2022-06-24 | A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access. |
| CVE-2022-1517 | 2022-06-24 | 3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250 |
| CVE-2022-1519 | 2022-06-24 | LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for... |
| CVE-2022-1518 | 2022-06-24 | 3.2.2 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 |
| CVE-2022-1521 | 2022-06-24 | 3.2.4 IMPROPER ACCESS CONTROL CWE-284 |
| CVE-2022-1524 | 2022-06-24 | 3.2.5 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319 |
| CVE-2013-1891 | 2022-06-24 | In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed. |
| CVE-2013-1916 | 2022-06-24 | In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This... |
| CVE-2022-2120 | 2022-06-24 | OFFIS DCMTK Path Traversal |
| CVE-2022-2121 | 2022-06-24 | OFFIS DCMTK NULL Pointer Dereference |
| CVE-2022-2119 | 2022-06-24 | OFFIS DCMTK Path Traversal |
| CVE-2022-1746 | 2022-06-24 | 2.2.8 INCORRECT PRIVILEGE ASSIGNMENT CWE-266 |
| CVE-2022-1739 | 2022-06-24 | 2.2.1 IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347 |
| CVE-2022-1747 | 2022-06-24 | The authentication mechanism used by voters to activate a voting session on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker could leverage this... |
| CVE-2022-1744 | 2022-06-24 | 2.2.6 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250 |
| CVE-2022-1741 | 2022-06-24 | 2.2.3 HIDDEN FUNCTIONALITY CWE-912 |
| CVE-2022-1743 | 2022-06-24 | 2.2.5 PATH TRAVERSAL: '../FILEDIR' CWE-24 |
| CVE-2022-1742 | 2022-06-24 | 2.2.4 IMPROPER PROTECTION OF ALTERNATE PATH CWE-424 |
| CVE-2022-1740 | 2022-06-24 | 2.2.2 MUTABLE ATTESTATION OR MEASUREMENT REPORTING DATA CWE-1283 |
| CVE-2022-1745 | 2022-06-24 | 2.2.7 AUTHENTICATION BYPASS BY SPOOFING CWE-290 |
| CVE-2022-2103 | 2022-06-24 | Secheron SEPCOS Control and Protection Relay |
| CVE-2022-1666 | 2022-06-24 | Secheron SEPCOS Control and Protection Relay |
| CVE-2022-1667 | 2022-06-24 | Secheron SEPCOS Control and Protection Relay |
| CVE-2022-2104 | 2022-06-24 | Secheron SEPCOS Control and Protection Relay |
| CVE-2022-2105 | 2022-06-24 | Secheron SEPCOS Control and Protection Relay |
| CVE-2022-1668 | 2022-06-24 | Secheron SEPCOS Control and Protection Relay |
| CVE-2022-2102 | 2022-06-24 | Secheron SEPCOS Control and Protection Relay |
| CVE-2020-21046 | 2022-06-24 | A local privilege escalation vulnerability was identified within the "luminati_net_updater_win_eagleget_com" service in EagleGet Downloader version 2.1.5.20 Stable. This issue allows authenticated non-administrative user to escalate their privilege and conduct code... |
| CVE-2022-27238 | 2022-06-24 | BigBlueButton version 2.4.7 (or earlier) is vulnerable to stored Cross-Site Scripting (XSS) in the private chat functionality. A threat actor could inject JavaScript payload in his/her username. The payload gets... |
| CVE-2022-29330 | 2022-06-24 | Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors. |
| CVE-2022-20829 | 2022-06-24 | Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Client-side Arbitrary Code Execution Vulnerability |
| CVE-2022-20828 | 2022-06-24 | Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability |
| CVE-2021-29768 | 2022-06-24 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not... |
| CVE-2021-38945 | 2022-06-24 | IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238. |
| CVE-2021-39047 | 2022-06-24 | IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI... |
| CVE-2022-22502 | 2022-06-24 | IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2022-31767 | 2022-06-24 | IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 227980. |
| CVE-2022-33953 | 2022-06-24 | IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. IBM X-Force ID:... |
| CVE-2021-40893 | 2022-06-24 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-data v0.1.1 when validating crafted invalid emails. |
| CVE-2021-42056 | 2022-06-24 | Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files,... |
| CVE-2021-20355 | 2022-06-24 | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote... |
| CVE-2021-20421 | 2022-06-24 | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system,... |
| CVE-2021-20543 | 2022-06-24 | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in... |
| CVE-2021-20544 | 2022-06-24 | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system,... |
| CVE-2021-20551 | 2022-06-24 | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID:... |
| CVE-2021-29865 | 2022-06-24 | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a... |
| CVE-2021-38871 | 2022-06-24 | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering... |
| CVE-2021-38879 | 2022-06-24 | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote... |
| CVE-2021-39408 | 2022-06-24 | Cross Site Scripting (XSS) vulnerability exists in Online Student Rate System 1.0 via the page parameter on the index.php file |
| CVE-2021-39409 | 2022-06-24 | A vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an administrator without needing to be authenticated. |
| CVE-2022-30028 | 2022-06-24 | Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token. |
| CVE-2022-29578 | 2022-06-24 | Meridian Cooperative Utility Software versions 22.02 and 22.03 allows remote attackers to obtain sensitive information such as name, address, and daily energy usage. |
| CVE-2022-22389 | 2022-06-24 | IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted... |
| CVE-2022-22390 | 2022-06-24 | IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used.... |
| CVE-2022-33910 | 2022-06-24 | An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment,... |
| CVE-2022-29096 | 2022-06-24 | Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious... |
| CVE-2022-29097 | 2022-06-24 | Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored... |
| CVE-2022-21231 | 2022-06-24 | Prototype Pollution |
| CVE-2022-32996 | 2022-06-24 | The django-navbar-client package of v0.9.50 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital... |
| CVE-2022-32997 | 2022-06-24 | The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and... |
| CVE-2022-32998 | 2022-06-24 | The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and... |
| CVE-2022-32999 | 2022-06-24 | The cloudlabeling package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency... |
| CVE-2022-33000 | 2022-06-24 | The ML-Scanner package in PyPI v0.1.0 to v0.1.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and... |
| CVE-2022-33001 | 2022-06-24 | The AAmiles package in PyPI v0.1.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency... |
| CVE-2022-33002 | 2022-06-24 | The KGExplore package in PyPI v0.1.1 to v0.1.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and... |
| CVE-2022-33003 | 2022-06-24 | The watools package in PyPI v0.0.1 to v0.0.8 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and... |
| CVE-2022-33004 | 2022-06-24 | The Beginner package in PyPI v0.0.2 to v0.0.4 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and... |
| CVE-2022-34053 | 2022-06-24 | The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency... |
| CVE-2022-34054 | 2022-06-24 | The Perdido package in PyPI v0.0.1 to v0.0.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and... |
| CVE-2022-34055 | 2022-06-24 | The drxhello package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency... |
| CVE-2022-34056 | 2022-06-24 | The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency... |
| CVE-2022-34057 | 2022-06-24 | The Scoptrial package in PyPI version v0.0.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital... |
| CVE-2022-34059 | 2022-06-24 | The Sixfab-Tool in PyPI v0.0.2 to v0.0.3 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital... |
| CVE-2022-34060 | 2022-06-24 | The Togglee package in PyPI version v0.0.8 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well... |
| CVE-2022-34061 | 2022-06-24 | The Catly-Translate package in PyPI v0.0.3 to v0.0.5 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as... |
| CVE-2022-34064 | 2022-06-24 | The Zibal package in PyPI v1.0.0 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as... |
| CVE-2022-34065 | 2022-06-24 | The Rondolu-YT-Concate package in PyPI v0.1.0 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as... |
| CVE-2022-34066 | 2022-06-24 | The Texercise package in PyPI v0.0.1 to v0.0.12 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as... |
| CVE-2022-30885 | 2022-06-24 | The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2. |
| CVE-2022-33121 | 2022-06-24 | A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link. |
| CVE-2022-33122 | 2022-06-24 | A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login... |
| CVE-2021-40894 | 2022-06-24 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in underscore-99xp v1.7.2 when the deepValueSearch function is called. |
| CVE-2022-33128 | 2022-06-25 | RG-EG series gateway EG350 EG_RGOS 11.1(6) was discovered to contain a SQL injection vulnerability via the function get_alarmAction at /alarm_pi/alarmService.php. |
| CVE-2019-25071 | 2022-06-25 | Apple iOS Siri Self privileges management |