Lista CVE - 2022 / Giugno
Visualizzazione 901 - 1000 di 2149 CVE per Giugno 2022 (Pagina 10 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-32340 | 2022-06-14 | Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/?page=patients/view_patient&id=. |
| CVE-2022-32339 | 2022-06-14 | Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/doctors/view_doctor.php?id=. |
| CVE-2022-32338 | 2022-06-14 | Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/doctors/manage_doctor.php?id=. |
| CVE-2022-32337 | 2022-06-14 | Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/patients/manage_patient.php?id=. |
| CVE-2022-30930 | 2022-06-14 | Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF). |
| CVE-2022-31403 | 2022-06-14 | ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php. |
| CVE-2021-42675 | 2022-06-14 | Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution. |
| CVE-2022-32561 | 2022-06-14 | An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could... |
| CVE-2022-32557 | 2022-06-14 | An issue was discovered in Couchbase Server before 7.0.4. The Index Service does not enforce authentication for TCP/TLS servers. |
| CVE-2022-32559 | 2022-06-14 | An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics. |
| CVE-2022-27668 | 2022-06-14 | Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform... |
| CVE-2022-29612 | 2022-06-14 | SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53,... |
| CVE-2022-30903 | 2022-06-14 | Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management. |
| CVE-2022-32367 | 2022-06-14 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=inquiries/view_inquiry&id=. |
| CVE-2022-32366 | 2022-06-14 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/view_field.php?id=. |
| CVE-2022-32365 | 2022-06-14 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/manage_field.php?id=. |
| CVE-2022-32364 | 2022-06-14 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/manage_product&id=. |
| CVE-2022-21504 | 2022-06-14 | The code in UEK6 U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file descriptor to a socket... |
| CVE-2022-29238 | 2022-06-14 | Forced Browsing in Jupyter Notebook |
| CVE-2022-29614 | 2022-06-14 | SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC... |
| CVE-2022-29615 | 2022-06-14 | SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low... |
| CVE-2022-29618 | 2022-06-14 | Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute... |
| CVE-2022-31589 | 2022-06-14 | Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead... |
| CVE-2022-31590 | 2022-06-14 | SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a... |
| CVE-2022-31594 | 2022-06-14 | A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system. |
| CVE-2022-31595 | 2022-06-14 | SAP Financial Consolidation - version 1010,�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. |
| CVE-2022-32235 | 2022-06-14 | When a user opens manipulated AutoCAD (.dwg, TeighaTranslator.exe) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until... |
| CVE-2022-32236 | 2022-06-14 | When a user opens manipulated Windows Bitmap (.bmp, 2d.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user... |
| CVE-2022-32237 | 2022-06-14 | When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the... |
| CVE-2022-32238 | 2022-06-14 | When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the... |
| CVE-2022-32239 | 2022-06-14 | When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user... |
| CVE-2022-31059 | 2022-06-14 | Discourse Calendar Event names susceptible to Cross-site Scripting |
| CVE-2022-32363 | 2022-06-14 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/view_category.php?id=. |
| CVE-2022-32362 | 2022-06-14 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_category.php?id=. |
| CVE-2022-31060 | 2022-06-14 | Banner topic data is exposed on login-required Discourse sites |
| CVE-2022-32359 | 2022-06-14 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_category. |
| CVE-2022-32358 | 2022-06-14 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_inquiry. |
| CVE-2022-32355 | 2022-06-14 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/view_product&id=. |
| CVE-2022-32354 | 2022-06-14 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=user/manage_user&id=. |
| CVE-2022-32353 | 2022-06-14 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_field_order.php?id=. |
| CVE-2022-31047 | 2022-06-14 | Insertion of Sensitive Information into Log File in typo3/cms-core |
| CVE-2022-29241 | 2022-06-14 | Known or guessable hidden files may be accessed in Jupyter Server |
| CVE-2022-31046 | 2022-06-14 | Information Disclosure via Export Module in TYPO3 CMS |
| CVE-2022-31049 | 2022-06-14 | Cross-Site Scripting in Frontend Login Mailer |
| CVE-2022-31048 | 2022-06-14 | Cross-Site Scripting in Form Framework |
| CVE-2022-31050 | 2022-06-14 | Insufficient Session Expiration in TYPO3 Admin Tool |
| CVE-2022-32230 | 2022-06-14 | SMBv3 FileNormalizedNameInformation NULL Pointer Dereference |
| CVE-2022-31066 | 2022-06-14 | Configuration API in EdgeXFoundry exposes message bus credentials to local unauthenticated users |
| CVE-2022-32240 | 2022-06-14 | When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user... |
| CVE-2022-32241 | 2022-06-14 | When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the... |
| CVE-2022-32242 | 2022-06-14 | When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user... |
| CVE-2022-32243 | 2022-06-14 | When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the... |
| CVE-2022-20124 | 2022-06-15 | In deletePackageX of DeletePackageHelper.java, there is a possible way for a Guest user to reset pre-loaded applications for other users due to a permissions bypass. This could lead to local... |
| CVE-2022-20144 | 2022-06-15 | In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. This could lead to local escalation of privilege... |
| CVE-2022-20186 | 2022-06-15 | In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2022-1958 | 2022-06-15 | FileCloud NTFS access control |
| CVE-2021-40212 | 2022-06-15 | An exploitable out-of-bounds write vulnerability in PotPlayer 1.7.21523 build 210729 may lead to code execution, information disclosure, and denial of service. |
| CVE-2021-41413 | 2022-06-15 | ok-file-formats master 2021-9-12 is affected by a buffer overflow in ok_jpg_convert_data_unit_grayscale and ok_jpg_convert_YCbCr_to_RGB. |
| CVE-2021-39691 | 2022-06-15 | In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when processing user input. This could lead to local escalation of privilege with no additional execution... |
| CVE-2022-20123 | 2022-06-15 | In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2022-20125 | 2022-06-15 | In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape. This could lead to local escalation of privilege if an attacker has physical... |
| CVE-2022-20126 | 2022-06-15 | In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of... |
| CVE-2022-20127 | 2022-06-15 | In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. This could lead to remote code execution with no additional execution privileges needed.... |
| CVE-2022-20129 | 2022-06-15 | In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. This could lead to local denial of... |
| CVE-2022-20130 | 2022-06-15 | In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges... |
| CVE-2022-20131 | 2022-06-15 | In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2022-20132 | 2022-06-15 | In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local... |
| CVE-2022-20133 | 2022-06-15 | In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges... |
| CVE-2022-20134 | 2022-06-15 | In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. This could lead to local escalation... |
| CVE-2022-20135 | 2022-06-15 | In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for... |
| CVE-2022-20137 | 2022-06-15 | In onCreateContextMenu of NetworkProviderSettings.java, there is a possible way for non-owner users to change WiFi settings due to a missing permission check. This could lead to local escalation of privilege... |
| CVE-2022-20138 | 2022-06-15 | In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege... |
| CVE-2022-20140 | 2022-06-15 | In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution... |
| CVE-2022-20141 | 2022-06-15 | In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with... |
| CVE-2022-20142 | 2022-06-15 | In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2022-20143 | 2022-06-15 | In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User... |
| CVE-2022-20145 | 2022-06-15 | In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious... |
| CVE-2022-20147 | 2022-06-15 | In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2022-20210 | 2022-06-15 | The UE and the EMM communicate with each other using NAS messages. When a new NAS message arrives from the EMM, the modem parses it and fills in internal objects... |
| CVE-2021-36901 | 2022-06-15 | WordPress Age Gate plugin <= 2.17.0 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-2086 | 2022-06-15 | SourceCodester Bank Management System login.php sql injection |
| CVE-2022-2087 | 2022-06-15 | SourceCodester Bank Management System cross site scripting |
| CVE-2022-27859 | 2022-06-15 | WordPress Travel Management plugin <= 2.0 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities |
| CVE-2022-29406 | 2022-06-15 | WordPress Team Manager plugin <= 1.6.9 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities |
| CVE-2021-39806 | 2022-06-15 | In closef of label_backends_android.c, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege during startup of servicemanager, if... |
| CVE-2022-20146 | 2022-06-15 | In uploadFile of FileUploadServiceImpl.java, there is a possible incorrect file access due to a confused deputy. This could lead to local information disclosure of private files with no additional execution... |
| CVE-2022-20148 | 2022-06-15 | In TBD of TBD, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with System execution privileges needed.... |
| CVE-2022-20149 | 2022-06-15 | Product: AndroidVersions: Android kernelAndroid ID: A-211685939References: N/A |
| CVE-2022-20151 | 2022-06-15 | Product: AndroidVersions: Android kernelAndroid ID: A-210712565References: N/A |
| CVE-2022-20152 | 2022-06-15 | In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2022-20153 | 2022-06-15 | In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User... |
| CVE-2022-20154 | 2022-06-15 | In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-20155 | 2022-06-15 | In ipu_core_jqs_msg_transport_kernel_write_sync of ipu-core-jqs-msg-transport.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2022-20156 | 2022-06-15 | In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2022-20159 | 2022-06-15 | In asn1_ec_pkey_parse of acropora/crypto/asn1_common.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2022-20160 | 2022-06-15 | Product: AndroidVersions: Android kernelAndroid ID: A-210083655References: N/A |
| CVE-2022-20162 | 2022-06-15 | In asn1_p256_int of crypto/asn1.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2022-20164 | 2022-06-15 | Product: AndroidVersions: Android kernelAndroid ID: A-204891956References: N/A |
| CVE-2022-20165 | 2022-06-15 | In asn1_parse of asn1.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2022-20166 | 2022-06-15 | In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with... |