Lista CVE - 2022 / Maggio
Visualizzazione 2101 - 2161 di 2161 CVE per Maggio 2022 (Pagina 22 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-30831 | 2022-05-31 | Wedding Management System v1.0 is vulnerable to SQL Injection via Wedding-Management/wedding_details.php. |
| CVE-2022-30830 | 2022-05-31 | Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\feature_edit.php. |
| CVE-2022-30829 | 2022-05-31 | Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\users_edit.php. |
| CVE-2021-42199 | 2022-05-31 | An issue was discovered in swftools through 20201222. A heap buffer overflow exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execution. |
| CVE-2022-30828 | 2022-05-31 | Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\photos_edit.php. |
| CVE-2022-30827 | 2022-05-31 | Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\package_edit.php. |
| CVE-2022-30826 | 2022-05-31 | Wedding Management System v1.0 is vulnerable to SQL Injection via admin\client_assign.php. |
| CVE-2022-30825 | 2022-05-31 | Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\client_edit.php. |
| CVE-2022-30823 | 2022-05-31 | Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\blog_events_edit.php. |
| CVE-2022-30822 | 2022-05-31 | In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_profile.php" file. |
| CVE-2021-42200 | 2022-05-31 | An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function main() located in swfdump.c. It allows an attacker to cause Denial of Service. |
| CVE-2022-30821 | 2022-05-31 | In Wedding Management System v1.0, the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of "package_edit.php"... |
| CVE-2022-30820 | 2022-05-31 | In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_edit.php" file. |
| CVE-2022-30819 | 2022-05-31 | In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "photos_edit.php" file. |
| CVE-2022-28702 | 2022-05-31 | e-Design - Multiple vulnerabilities |
| CVE-2022-29483 | 2022-05-31 | e-Design - Multiple vulnerabilities |
| CVE-2022-1419 | 2022-05-31 | The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. |
| CVE-2022-1652 | 2022-05-31 | Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an... |
| CVE-2021-40186 | 2022-05-31 | DNN CMS Server-Side Request Forgery (SSRF) |
| CVE-2021-42201 | 2022-05-31 | An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetD64() located in rfxswf.c. It allows an attacker to cause code execution. |
| CVE-2021-42202 | 2022-05-31 | An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_DeleteFilter() located in swffilter.c. It allows an attacker to cause Denial of Service. |
| CVE-2022-1786 | 2022-05-31 | A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on... |
| CVE-2022-1789 | 2022-05-31 | With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a... |
| CVE-2021-42203 | 2022-05-31 | An issue was discovered in swftools through 20201222. A heap-use-after-free exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execution. |
| CVE-2022-1797 | 2022-05-31 | Rockwell Automation Logix Controllers Uncontrolled Resource Consumption |
| CVE-2021-36866 | 2022-05-31 | WordPress Easy Pricing Tables plugin <= 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-31007 | 2022-05-31 | Privilege escalation from administrator in eLabFTW |
| CVE-2022-31011 | 2022-05-31 | TiDB authentication bypass vulnerability |
| CVE-2021-36890 | 2022-05-31 | WordPress Social Share Buttons by Supsystic plugin <= 2.2.2 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-1660 | 2022-05-31 | Keysight N6854A Geolocation server and N6841A RF Sensor software |
| CVE-2022-31005 | 2022-05-31 | Integer Overflow in Vapor's HTTP Range Request |
| CVE-2022-1661 | 2022-05-31 | Keysight N6854A Geolocation server and N6841A RF Sensor software |
| CVE-2022-24702 | 2022-05-31 | An issue was discovered in WinAPRS 2.9.0. A buffer overflow in the VHF KISS TNC component allows a remote attacker to achieve remote code execution via malicious AX.25 packets over... |
| CVE-2022-24700 | 2022-05-31 | An issue was discovered in WinAPRS 2.9.0. A buffer overflow in DIGI address processing for VHF KISS packets allows a remote attacker to cause a denial of service (daemon crash)... |
| CVE-2022-24701 | 2022-05-31 | An issue was discovered in WinAPRS 2.9.0. A buffer overflow in national.txt processing allows a local attacker to cause a denial of service or possibly achieve code execution. NOTE: This... |
| CVE-2022-28605 | 2022-05-31 | Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin privilege access in linkplay antifactory |
| CVE-2021-33504 | 2022-05-31 | Couchbase Server before 7.1.0 has Incorrect Access Control. |
| CVE-2022-29540 | 2022-05-31 | resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input... |
| CVE-2022-30481 | 2022-05-31 | Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Injection in categorywise-menu.php via the catid parameters. |
| CVE-2022-30482 | 2022-05-31 | Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable to Cross Site Scripting (XSS) in \admin\add_cata.php via the ctg_name parameters. |
| CVE-2022-30478 | 2022-05-31 | Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable to SQL Injection in \search_product.php via the keyword parameters. |
| CVE-2022-29624 | 2022-05-31 | An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2021-32546 | 2022-05-31 | Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker (registered user) can overwrite the Git configuration in his repository. This... |
| CVE-2022-29647 | 2022-05-31 | An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do. |
| CVE-2022-29648 | 2022-05-31 | A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request. |
| CVE-2022-29653 | 2022-05-31 | OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json. |
| CVE-2022-1893 | 2022-05-31 | Improper Removal of Sensitive Information Before Storage or Transfer in polonel/trudesk |
| CVE-2022-1808 | 2022-05-31 | Execution with Unnecessary Privileges in polonel/trudesk |
| CVE-2022-1947 | 2022-05-31 | Use of Incorrect Operator in polonel/trudesk |
| CVE-2022-31013 | 2022-05-31 | Authentication bypass in Vartalap chat-server |
| CVE-2021-42204 | 2022-05-31 | An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause code execution. |
| CVE-2022-31015 | 2022-05-31 | Uncaught Exception (due to a data race) leads to process termination in Waitress |
| CVE-2021-42872 | 2022-05-31 | TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code. |
| CVE-2022-28945 | 2022-05-31 | An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted ZIP file. |
| CVE-2021-43512 | 2022-05-31 | An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract... |
| CVE-2021-44098 | 2022-05-31 | EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Injection via /expense_action.php. This allows a remote attacker to compromise Application SQL database. |
| CVE-2021-44097 | 2022-05-31 | EGavilan Media Contact-Form-With-Messages-Entry-Management 1.0 is vulnerable to SQL Injection via Addmessage.php. This allows a remote attacker to compromise Application SQL database. |
| CVE-2021-44096 | 2022-05-31 | EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profile_action - update_user. This allows a remote attacker to compromise Application SQL database. |
| CVE-2021-44095 | 2022-05-31 | A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database. |
| CVE-2021-27778 | 2022-05-31 | HCL Traveler is susceptible to a cross-site scripting vulnerability which could allow an attacker to execute a malicious script to access sensitive information. |
| CVE-2022-1943 | 2022-06-01 | A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local... |
| CVE-2022-27774 | 2022-06-01 | An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used... |
| CVE-2022-27775 | 2022-06-01 | An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id... |
| CVE-2022-27776 | 2022-06-01 | A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. |
| CVE-2022-27779 | 2022-06-01 | libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's... |
| CVE-2022-27780 | 2022-06-01 | The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it... |
| CVE-2022-27781 | 2022-06-01 | libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS... |
| CVE-2022-27782 | 2022-06-01 | libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool... |
| CVE-2022-30115 | 2022-06-01 | Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be... |
| CVE-2022-30490 | 2022-06-01 | Badminton Center Management System V1.0 is vulnerable to SQL Injection via parameter 'id' in /bcms/admin/court_rentals/update_status.php. |
| CVE-2021-44080 | 2022-06-01 | A Command Injection vulnerability in httpd web server (setup.cgi) in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connection_type... |
| CVE-2022-32202 | 2022-06-01 | In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp. |
| CVE-2022-32201 | 2022-06-01 | In libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp. |
| CVE-2022-32200 | 2022-06-01 | libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c. |
| CVE-2022-1285 | 2022-06-01 | Server-Side Request Forgery (SSRF) in gogs/gogs |
| CVE-2022-29875 | 2022-06-01 | A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions... |
| CVE-2022-26971 | 2022-06-01 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication. |
| CVE-2022-26972 | 2022-06-01 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to... |
| CVE-2022-26973 | 2022-06-01 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned... |
| CVE-2022-26974 | 2022-06-01 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads... |
| CVE-2022-26975 | 2022-06-01 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication. |
| CVE-2022-26976 | 2022-06-01 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism... |
| CVE-2022-26977 | 2022-06-01 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism... |
| CVE-2022-26978 | 2022-06-01 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to... |
| CVE-2022-29776 | 2022-06-01 | Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp. |
| CVE-2022-29777 | 2022-06-01 | Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h. |
| CVE-2022-31340 | 2022-06-01 | Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/table_edit_ajax.php. |
| CVE-2022-31339 | 2022-06-01 | Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/login.php. |
| CVE-2022-31354 | 2022-06-01 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=get_vehicle_service. |
| CVE-2022-31353 | 2022-06-01 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=. |
| CVE-2022-31352 | 2022-06-01 | Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_service.php?id=. |
| CVE-2022-31351 | 2022-06-01 | Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_price.php?id=. |
| CVE-2022-31350 | 2022-06-01 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=. |
| CVE-2022-31348 | 2022-06-01 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/bookings/update_status.php?id=. |
| CVE-2022-31347 | 2022-06-01 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle. |
| CVE-2022-31346 | 2022-06-01 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service. |
| CVE-2022-31345 | 2022-06-01 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=user/manage_user&id=. |
| CVE-2022-31344 | 2022-06-01 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_booking. |
| CVE-2022-27184 | 2022-06-01 | Horner Automation Cscape Csfont |
| CVE-2022-31343 | 2022-06-01 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/view_details&id=. |