CVE List - 2022 / June
Showing 501 - 600 of 2149 CVEs for June 2022 (Page 6 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-2037 | 2022-06-09 | Excessive Attack Surface in tooljet/tooljet |
| CVE-2021-40610 | 2022-06-09 | Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background management. |
| CVE-2022-26363 | 2022-06-09 | x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count... |
| CVE-2022-26364 | 2022-06-09 | x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count... |
| CVE-2022-26362 | 2022-06-09 | x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required... |
| CVE-2021-40668 | 2022-06-09 | The Android application HTTP File Server (Version 1.4.1) by 'slowscript' is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write. |
| CVE-2019-25064 | 2022-06-09 | CoreHR Core Portal cross-site request forgery |
| CVE-2019-25065 | 2022-06-09 | OpenNetAdmin os command injection |
| CVE-2019-25066 | 2022-06-09 | ajenti API privileges management |
| CVE-2019-25067 | 2022-06-09 | Podman/Varlink API Privilege Escalation |
| CVE-2019-25068 | 2022-06-09 | Axios Italia Axios RE Connection REDefault.aspx privileges management |
| CVE-2019-25069 | 2022-06-09 | Axios Italia Axios RE Error Message ASP.NET information disclosure |
| CVE-2019-25070 | 2022-06-09 | WolfCMS User Add cross site scripting |
| CVE-2022-31386 | 2022-06-09 | A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the... |
| CVE-2022-31390 | 2022-06-09 | Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php. |
| CVE-2022-31393 | 2022-06-09 | Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php. |
| CVE-2022-31830 | 2022-06-09 | Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the init function at ImageCapture.class.php. |
| CVE-2022-31827 | 2022-06-09 | MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function performFetchRequest at HTTPFetcher.php. |
| CVE-2022-2035 | 2022-06-09 | A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. The issue exists because there are... |
| CVE-2022-23138 | 2022-06-09 | ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack. |
| CVE-2022-1998 | 2022-06-09 | A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use... |
| CVE-2022-30760 | 2022-06-09 | An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by... |
| CVE-2022-24876 | 2022-06-09 | Stored cross site scrpting in GLPI's Kanban |
| CVE-2022-30898 | 2022-06-09 | A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password. |
| CVE-2022-29224 | 2022-06-09 | Segmentation fault leading to crash in Envoy |
| CVE-2022-29225 | 2022-06-09 | Zip bomb vulnerability in Envoy |
| CVE-2022-29228 | 2022-06-09 | Reachable assertion in Envoy |
| CVE-2022-29226 | 2022-06-09 | Trivial authentication bypass in Envoy |
| CVE-2022-29227 | 2022-06-09 | Use after free in Envoy |
| CVE-2022-29250 | 2022-06-09 | SQL injection in GLPI |
| CVE-2022-31033 | 2022-06-09 | Authorization header leak in rubygem Mechanize |
| CVE-2022-31051 | 2022-06-09 | Exposure of Sensitive Information to an Unauthorized Actor in semantic-release |
| CVE-2022-30702 | 2022-06-09 | Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected machine. |
| CVE-2022-30703 | 2022-06-09 | Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive... |
| CVE-2022-21499 | 2022-06-09 | KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger... |
| CVE-2022-31045 | 2022-06-09 | Ill-formed headers may lead to unexpected behavior in Istio |
| CVE-2017-20018 | 2022-06-09 | XAMPP Installer uncontrolled search path |
| CVE-2017-20019 | 2022-06-09 | Solare Solar-Log Config information disclosure |
| CVE-2017-20020 | 2022-06-09 | Solare Solar-Log cross-site request forgery |
| CVE-2017-20021 | 2022-06-09 | Solare Solar-Log File Upload privileges management |
| CVE-2017-20022 | 2022-06-09 | Solare Solar-Log information disclosure |
| CVE-2017-20023 | 2022-06-09 | Solare Solar-Log Network Config privileges management |
| CVE-2017-20024 | 2022-06-09 | Solare Solar-Log denial of service |
| CVE-2017-20025 | 2022-06-09 | Solare Solar-Log Flash Memory privileges management |
| CVE-2017-20026 | 2022-06-09 | HumHub Reflected cross site scriting |
| CVE-2017-20027 | 2022-06-09 | HumHub DOM cross site scriting |
| CVE-2017-20028 | 2022-06-09 | HumHub privileges management |
| CVE-2022-2042 | 2022-06-10 | Use After Free in vim/vim |
| CVE-2017-20029 | 2022-06-10 | PHPList Edit Subscription index.php sql injection |
| CVE-2017-20030 | 2022-06-10 | PHPList Sending Campain sql injection |
| CVE-2017-20031 | 2022-06-10 | PHPList information disclosure |
| CVE-2017-20032 | 2022-06-10 | PHPList Subscription sql injection |
| CVE-2017-20033 | 2022-06-10 | PHPList Reflected cross site scriting |
| CVE-2017-20034 | 2022-06-10 | PHPList List Name Persistent cross site scriting |
| CVE-2017-20035 | 2022-06-10 | PHPList Subscribe Persistent cross site scriting |
| CVE-2017-20036 | 2022-06-10 | PHPList Bounce Rule Persistent cross site scriting |
| CVE-2021-42811 | 2022-06-10 | Vulnerability in SafeNet KeySecure |
| CVE-2022-32563 | 2022-06-10 | An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway... |
| CVE-2022-27502 | 2022-06-10 | RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM. |
| CVE-2022-31788 | 2022-06-10 | IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID= pathname. |
| CVE-2021-44582 | 2022-06-10 | A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1.0, which allows a remote malicious user to gain elevated privileges to the Admin role via any URL. |
| CVE-2021-44117 | 2022-06-10 | A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4. |
| CVE-2022-32978 | 2022-06-10 | There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan. |
| CVE-2022-22426 | 2022-06-10 | IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could exploit... |
| CVE-2022-22479 | 2022-06-10 | IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the... |
| CVE-2022-30610 | 2022-06-10 | IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite... |
| CVE-2022-30611 | 2022-06-10 | IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using some fields... |
| CVE-2022-31769 | 2022-06-10 | IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow a remote attacker to view product configuration information stored in PostgreSQL, which could be used in further attacks against the... |
| CVE-2022-29948 | 2022-06-10 | Due to an insecure design, the Lepin EP-KP001 flash drive through KP001_V19 is vulnerable to an authentication bypass attack that enables an attacker to gain access to the stored encrypted... |
| CVE-2022-31402 | 2022-06-10 | ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php. |
| CVE-2018-17240 | 2022-06-10 | There is a memory dump vulnerability on Netwave IP camera devices at //proc/kcore that allows an unauthenticated attacker to exfiltrate sensitive information from the network configuration (e.g., username and password). |
| CVE-2022-31282 | 2022-06-10 | Bento4 MP4Dump v1.2 was discovered to contain a segmentation violation via an unknown address at /Source/C++/Core/Ap4DataBuffer.cpp:175. |
| CVE-2022-31285 | 2022-06-10 | An issue was discovered in Bento4 1.2. The allocator is out of memory in /Source/C++/Core/Ap4Array.h. |
| CVE-2022-31287 | 2022-06-10 | An issue was discovered in Bento4 v1.2. There is an allocation size request error in /Ap4RtpAtom.cpp. |
| CVE-2022-32981 | 2022-06-10 | An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing... |
| CVE-2022-25863 | 2022-06-10 | Deserialization of Untrusted Data |
| CVE-2022-24429 | 2022-06-10 | Arbitrary Code Injection |
| CVE-2022-29092 | 2022-06-10 | Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the... |
| CVE-2022-29093 | 2022-06-10 | Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit... |
| CVE-2022-29094 | 2022-06-10 | Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit... |
| CVE-2022-29095 | 2022-06-10 | Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit... |
| CVE-2022-24376 | 2022-06-10 | Command Injection |
| CVE-2022-24278 | 2022-06-10 | Directory Traversal |
| CVE-2022-25845 | 2022-06-10 | Deserialization of Untrusted Data |
| CVE-2022-21211 | 2022-06-10 | Denial of Service (DoS) |
| CVE-2022-25851 | 2022-06-10 | Denial of Service (DoS) |
| CVE-2021-41754 | 2022-06-10 | dynamicMarkt <= 3.10 is affected by SQL injection in the parent parameter of index.php. |
| CVE-2021-41755 | 2022-06-10 | dynamicMarkt <= 3.10 is affected by SQL injection in the kat1 parameter of index.php. |
| CVE-2021-41756 | 2022-06-10 | dynamicMarkt <= 3.10 is affected by SQL injection in the kat parameter of index.php. |
| CVE-2017-20037 | 2022-06-11 | SICUNET Access Controller privileges management |
| CVE-2017-20038 | 2022-06-11 | SICUNET Access Controller card_scan_decoder.php privileges management |
| CVE-2017-20039 | 2022-06-11 | SICUNET Access Controller hard-coded password |
| CVE-2017-20040 | 2022-06-11 | SICUNET Access Controller Password Storage cleartext storage |
| CVE-2021-41738 | 2022-06-11 | ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands. |
| CVE-2021-41502 | 2022-06-11 | An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image,... |
| CVE-2022-30780 | 2022-06-11 | Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of... |
| CVE-2021-44266 | 2022-06-11 | GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter. |
| CVE-2018-25034 | 2022-06-12 | Thomson TCW710 wlanPrimaryNetwork Persistent cross site scripting |
| CVE-2018-25035 | 2022-06-12 | Thomson TCW710 RGFirewallEL Persistent cross site scriting |
| CVE-2018-25036 | 2022-06-12 | Thomson TCW710 RgTime Persistent cross site scriting |