Lista CVE - 2022 / Giugno
Visualizzazione 1001 - 1100 di 2149 CVE per Giugno 2022 (Pagina 11 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-20167 | 2022-06-15 | Product: AndroidVersions: Android kernelAndroid ID: A-204956204References: N/A |
| CVE-2022-20168 | 2022-06-15 | Product: AndroidVersions: Android kernelAndroid ID: A-210594998References: N/A |
| CVE-2022-20169 | 2022-06-15 | Product: AndroidVersions: Android kernelAndroid ID: A-211162353References: N/A |
| CVE-2022-20170 | 2022-06-15 | Product: AndroidVersions: Android kernelAndroid ID: A-209421931References: N/A |
| CVE-2022-20171 | 2022-06-15 | Product: AndroidVersions: Android kernelAndroid ID: A-215565667References: N/A |
| CVE-2022-20172 | 2022-06-15 | In onbind of ShannonRcsService.java, there is a possible access to protect data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2022-20173 | 2022-06-15 | Product: AndroidVersions: Android kernelAndroid ID: A-207116951References: N/A |
| CVE-2022-20174 | 2022-06-15 | In exynos_secEnv_init of mach-gs101.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2022-20175 | 2022-06-15 | Product: AndroidVersions: Android kernelAndroid ID: A-209252491References: N/A |
| CVE-2022-20176 | 2022-06-15 | In auth_store of sjtag-driver.c, there is a possible read of uninitialized memory due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2022-20177 | 2022-06-15 | Product: AndroidVersions: Android kernelAndroid ID: A-209906686References: N/A |
| CVE-2022-20178 | 2022-06-15 | In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution... |
| CVE-2022-20179 | 2022-06-15 | Product: AndroidVersions: Android kernelAndroid ID: A-211683760References: N/A |
| CVE-2022-20181 | 2022-06-15 | Product: AndroidVersions: Android kernelAndroid ID: A-210936609References: N/A |
| CVE-2022-20182 | 2022-06-15 | In handle_ramdump of pixel_loader.c, there is a possible way to create a ramdump of non-secure memory due to a missing permission check. This could lead to local information disclosure with... |
| CVE-2022-20183 | 2022-06-15 | In hypx_create_blob_dmabuf of faceauth_hypx.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2022-20184 | 2022-06-15 | Product: AndroidVersions: Android kernelAndroid ID: A-209153114References: N/A |
| CVE-2022-20185 | 2022-06-15 | In TBD of TBD, there is a possible use after free bug. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed... |
| CVE-2022-20188 | 2022-06-15 | Product: AndroidVersions: Android kernelAndroid ID: A-207254598References: N/A |
| CVE-2022-20190 | 2022-06-15 | Product: AndroidVersions: Android kernelAndroid ID: A-208744915References: N/A |
| CVE-2022-20191 | 2022-06-15 | Product: AndroidVersions: Android kernelAndroid ID: A-209324757References: N/A |
| CVE-2022-20192 | 2022-06-15 | In grantEmbeddedWindowFocus of WindowManagerService.java, there is a possible way to change an input channel for embedded hierarchy due to a permissions bypass. This could lead to local escalation of privilege... |
| CVE-2022-20193 | 2022-06-15 | In getUniqueUsagesWithLabels of PermissionUsageHelper.java, there is a possible incorrect permission attribution due to a logic error in the code. This could lead to local escalation of privilege by conflating apps... |
| CVE-2022-20194 | 2022-06-15 | In onCreate of ChooseLockGeneric.java, there is a possible permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for... |
| CVE-2022-20195 | 2022-06-15 | In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization. This could lead to local denial of service with User execution privileges... |
| CVE-2022-20196 | 2022-06-15 | In gallery3d and photos, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2022-20197 | 2022-06-15 | In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass. This could lead to local escalation of privilege with no... |
| CVE-2022-20198 | 2022-06-15 | In llcp_dlc_proc_connect_pdu of llcp_dlc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure from the NFC stack with... |
| CVE-2022-20200 | 2022-06-15 | In updateApState of SoftApManager.java, there is a possible leak of hotspot state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2022-20201 | 2022-06-15 | In getAppSize of InstalldNativeService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2022-20202 | 2022-06-15 | In ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2022-20204 | 2022-06-15 | In registerRemoteBugreportReceivers of DevicePolicyManagerService.java, there is a possible reporting of falsified bug reports due to a missing permission check. This could lead to local escalation of privilege with no additional... |
| CVE-2022-20205 | 2022-06-15 | In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with... |
| CVE-2022-20206 | 2022-06-15 | In setPackageOrComponentEnabled of NotificationManagerService.java, there is a missing permission check. This could lead to local information disclosure about enabled notification listeners with User execution privileges needed. User interaction is not... |
| CVE-2022-20207 | 2022-06-15 | In static definitions of GattServiceConfig.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2022-20208 | 2022-06-15 | In parseRecursively of cppbor_parse.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2022-20209 | 2022-06-15 | In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2022-20233 | 2022-06-15 | In param_find_digests_internal and related functions of the Titan-M source, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of... |
| CVE-2021-33036 | 2022-06-15 | Apache Hadoop Privilege escalation vulnerability |
| CVE-2022-33140 | 2022-06-15 | Improper Neutralization of Command Elements in Shell User Group Provider |
| CVE-2022-29437 | 2022-06-15 | WordPress Image Slider by NextCode plugin <= 1.1.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |
| CVE-2021-41672 | 2022-06-15 | PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. A user that belongs to the administrator group can inject a malicious SQL query in order to affect... |
| CVE-2022-29438 | 2022-06-15 | WordPress Image Slider by NextCode plugin <= 1.1.2 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-29453 | 2022-06-15 | WordPress API KEY for Google Maps plugin <= 1.2.1 - CSRF vulnerability leading to Google Maps API key update |
| CVE-2022-29439 | 2022-06-15 | WordPress Image Slider by NextCode plugin <= 1.1.2 - Slider Deletion via Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-29440 | 2022-06-15 | WordPress Promotion Slider plugin <= 3.3.4 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities |
| CVE-2022-29441 | 2022-06-15 | WordPress Private Messages For WordPress plugin <= 2.1.10 - Sending Messages via Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-40910 | 2022-06-15 | There is a reflective cross-site scripting (XSS) vulnerability in the PHPCMS V9.6.3 management side. |
| CVE-2022-29442 | 2022-06-15 | Private Messages For WordPress <= 2.1.10 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2019-4575 | 2022-06-15 | IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker... |
| CVE-2022-22444 | 2022-06-15 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID:... |
| CVE-2022-1342 | 2022-06-15 | A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when... |
| CVE-2022-32101 | 2022-06-15 | kkcms v1.3.7 was discovered to contain a SQL injection vulnerability via the cid parameter at /template/wapian/vlist.php. |
| CVE-2022-32299 | 2022-06-15 | YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the id parameter at /App/Lib/Action/Admin/SiteAction.class.php. |
| CVE-2022-32300 | 2022-06-15 | YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the MailSendID parameter at /App/Lib/Action/Admin/MailAction.class.php. |
| CVE-2022-32301 | 2022-06-15 | YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php. |
| CVE-2022-32302 | 2022-06-15 | Theme Park Ticketing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edit_ticket.php. |
| CVE-2022-32991 | 2022-06-15 | Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the eid parameter at welcome.php. |
| CVE-2022-32992 | 2022-06-15 | Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the tname parameter at /admin/operations/tax.php. |
| CVE-2021-40940 | 2022-06-15 | Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability. |
| CVE-2022-32151 | 2022-06-15 | Splunk Enterprise disabled TLS validation using the CA certificate stores in Python 3 libraries by default |
| CVE-2022-32152 | 2022-06-15 | Splunk Enterprise lacked TLS cert validation for Splunk-to-Splunk communication by default |
| CVE-2022-32153 | 2022-06-15 | Splunk Enterprise lacked TLS host name validation |
| CVE-2022-32154 | 2022-06-15 | Risky commands warnings in Splunk Enterprise Dashboards |
| CVE-2022-32155 | 2022-06-15 | Universal Forwarder management services allows remote login by default |
| CVE-2022-32157 | 2022-06-15 | Splunk Enterprise deployment servers allow unauthenticated forwarder bundle downloads |
| CVE-2022-32158 | 2022-06-15 | Splunk Enterprise deployment servers allow client publishing of forwarder bundles |
| CVE-2021-39820 | 2022-06-15 | Adobe InDesign Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution |
| CVE-2021-40727 | 2022-06-15 | Adobe InDesign crashes when parsing the TIF file |
| CVE-2021-42732 | 2022-06-15 | Adobe InDesign crashes when parsing the GIF file |
| CVE-2017-20049 | 2022-06-15 | A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management.... |
| CVE-2022-20664 | 2022-06-15 | Cisco Email Security Appliance and Cisco Secure Email and Web Manager Information Disclosure Vulnerability |
| CVE-2022-20733 | 2022-06-15 | Cisco Identity Services Engine Authentication Bypass Vulnerability |
| CVE-2022-20736 | 2022-06-15 | Cisco AppDynamics Controller Authorization Bypass Vulnerability |
| CVE-2022-20798 | 2022-06-15 | Cisco Email Security Appliance and Cisco Secure Email and Web Manager External Authentication Bypass Vulnerability |
| CVE-2022-20817 | 2022-06-15 | Cisco IP Phone Duplicate Key Vulnerability |
| CVE-2022-20819 | 2022-06-15 | Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability |
| CVE-2022-20825 | 2022-06-15 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability |
| CVE-2022-32550 | 2022-06-15 | An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a... |
| CVE-2022-24004 | 2022-06-15 | A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger title (aka new_title) field... |
| CVE-2022-24127 | 2022-06-15 | A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject arbitrary code into the project title... |
| CVE-2022-32433 | 2022-06-15 | itsourcecode Advanced School Management System v1.0 is vulnerable to Arbitrary code execution via ip/school/view/all_teacher.php. |
| CVE-2016-6555 | 2022-06-15 | OpenNMS Stored XSS via SNMP Trap Alerts |
| CVE-2016-6556 | 2022-06-15 | OpenNMS Stored XSS via SNMP Agent Data |
| CVE-2021-40776 | 2022-06-15 | Adobe Lightroom Classic DLL Hijacking Local Privilege Escalation Vulnerability |
| CVE-2022-32381 | 2022-06-15 | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_admin_profile.php?my_index=. |
| CVE-2021-43754 | 2022-06-15 | Adobe Prelude Corruption could lead to Arbitrary code execution |
| CVE-2022-32380 | 2022-06-15 | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_student_subject.php?index=. |
| CVE-2022-32379 | 2022-06-15 | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_parents_profile.php?my_index=. |
| CVE-2021-43756 | 2022-06-15 | Adobe Media Encoder Memory Corruption Vulnerability could lead to Remote Code Execution |
| CVE-2022-32378 | 2022-06-15 | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher_profile.php?my_index=. |
| CVE-2022-32377 | 2022-06-15 | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_exam_timetable.php?id=. |
| CVE-2022-32376 | 2022-06-15 | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_events.php?event_id=. |
| CVE-2022-32375 | 2022-06-15 | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_timetable.php?id=. |
| CVE-2022-26057 | 2022-06-15 | Mint WorkBench Link Following Local Privilege Escalation Vulnerability |
| CVE-2022-31216 | 2022-06-15 | Drive Composer Link Following Local Privilege Escalation Vulnerability |
| CVE-2022-31217 | 2022-06-15 | Drive Composer Link Following Local Privilege Escalation Vulnerability |
| CVE-2022-31218 | 2022-06-15 | Drive Composer Link Following Local Privilege Escalation Vulnerability |
| CVE-2022-31219 | 2022-06-15 | Drive Composer Link Following Local Privilege Escalation Vulnerability |
| CVE-2022-29450 | 2022-06-15 | WordPress Admin Management Xtended plugin <= 2.4.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities |