Lista CVE - 2022 / Giugno
Visualizzazione 2001 - 2100 di 2149 CVE per Giugno 2022 (Pagina 21 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-31266 | 2022-06-29 | In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts. |
| CVE-2022-28803 | 2022-06-29 | In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR). |
| CVE-2022-29269 | 2022-06-29 | In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email... |
| CVE-2022-29270 | 2022-06-29 | In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address. |
| CVE-2022-29271 | 2022-06-29 | In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable... |
| CVE-2022-29272 | 2022-06-29 | In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing. |
| CVE-2017-20108 | 2022-06-29 | Easy Table Plugin options-general.php cross site scripting |
| CVE-2017-20109 | 2022-06-29 | Teleopti WFM Administration GetOneTenant Credentials information disclosure |
| CVE-2017-20110 | 2022-06-29 | Teleopti WFM Administration Credentials information disclosure |
| CVE-2017-20111 | 2022-06-29 | Teleopti WFM Administration privileges management |
| CVE-2017-20112 | 2022-06-29 | IVPN Client privileges management |
| CVE-2021-40642 | 2022-06-29 | Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the... |
| CVE-2022-33107 | 2022-06-29 | ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted payload. |
| CVE-2022-33021 | 2022-06-29 | CVA6 commit 909d85a accesses invalid memory when reading the value of MHPMCOUNTER30. |
| CVE-2022-33023 | 2022-06-29 | CVA6 commit 909d85a gives incorrect permission to use special multiplication units when the format of instructions is wrong. |
| CVE-2022-33035 | 2022-06-29 | XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. |
| CVE-2022-33036 | 2022-06-29 | A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file. |
| CVE-2022-33037 | 2022-06-29 | A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file. |
| CVE-2022-34043 | 2022-06-29 | Incorrect permissions for the folder C:\ProgramData\NoMachine\var\uninstall of Nomachine v7.9.2 allows attackers to perform a DLL hijacking attack and execute arbitrary code. |
| CVE-2020-26877 | 2022-06-29 | ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization... |
| CVE-2022-32969 | 2022-06-29 | MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such... |
| CVE-2022-2252 | 2022-06-29 | Open Redirect in microweber/microweber |
| CVE-2021-39074 | 2022-06-29 | IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to... |
| CVE-2017-20113 | 2022-06-29 | TrueConf Server Stored cross site scripting |
| CVE-2017-20114 | 2022-06-29 | TrueConf Server Reflected cross site scripting |
| CVE-2017-20115 | 2022-06-29 | TrueConf Server Reflected cross site scripting |
| CVE-2017-20116 | 2022-06-29 | TrueConf Server Reflected cross site scripting |
| CVE-2017-20117 | 2022-06-29 | TrueConf Server group DOM cross site scripting |
| CVE-2017-20118 | 2022-06-29 | TrueConf Server DOM cross site scripting |
| CVE-2017-20119 | 2022-06-29 | TrueConf Server change-lang redirect |
| CVE-2017-20120 | 2022-06-29 | TrueConf Server cross-site request forgery |
| CVE-2022-33042 | 2022-06-29 | Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/inquiries/view_details.php. |
| CVE-2022-33057 | 2022-06-29 | Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation. |
| CVE-2022-33058 | 2022-06-29 | Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_message. |
| CVE-2022-33059 | 2022-06-29 | Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_train. |
| CVE-2022-30192 | 2022-06-29 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2022-33638 | 2022-06-29 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2022-33060 | 2022-06-29 | Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule. |
| CVE-2022-33061 | 2022-06-29 | Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_service. |
| CVE-2022-31032 | 2022-06-29 | Resources of private projects can be exposed in Tuleap |
| CVE-2022-31063 | 2022-06-29 | Cross site scripting via the title of a document in Tuleap |
| CVE-2022-31058 | 2022-06-29 | SQL injection via the field name of a tracker in Tuleap |
| CVE-2022-31110 | 2022-06-29 | Denial of Service (DoS) vulnerability in RSSHub |
| CVE-2022-2073 | 2022-06-29 | Code Injection in getgrav/grav |
| CVE-2022-30467 | 2022-06-29 | Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote attackers to jam the key fob request via RF. |
| CVE-2021-40597 | 2022-06-29 | The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password. |
| CVE-2022-34835 | 2022-06-29 | In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md... |
| CVE-2022-2056 | 2022-06-30 | Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is... |
| CVE-2022-2057 | 2022-06-30 | Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is... |
| CVE-2022-2058 | 2022-06-30 | Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is... |
| CVE-2022-2078 | 2022-06-30 | A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly... |
| CVE-2022-2257 | 2022-06-30 | Out-of-bounds Read in vim/vim |
| CVE-2017-20121 | 2022-06-30 | Teradici Management Console Database Management privileges management |
| CVE-2017-20122 | 2022-06-30 | Bitrix Site Manager Contact Form cross site scripting |
| CVE-2017-20123 | 2022-06-30 | Viscosity DLL untrusted search path |
| CVE-2017-20124 | 2022-06-30 | Online Hotel Booking System Pro Plugin roomtype-details.php sql injection |
| CVE-2017-20125 | 2022-06-30 | Online Hotel Booking System Pro roomtype-details.php sql injection |
| CVE-2022-26135 | 2022-06-30 | A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read... |
| CVE-2021-40643 | 2022-06-30 | EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it... |
| CVE-2021-40663 | 2022-06-30 | deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'). |
| CVE-2022-33043 | 2022-06-30 | A cross-site scripting (XSS) vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file. |
| CVE-2013-4170 | 2022-06-30 | In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into... |
| CVE-2022-1852 | 2022-06-30 | A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while... |
| CVE-2021-41506 | 2022-06-30 | Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327, V4.02.R11.Nat.Onvif.20161205, V4.02.R11.Nat.20170301, V4.02.R12.Nat.OnvifS.20170727 is affected by a backdoor in the macGuarder and dvrHelper binaries of DVR/NVR/IP camera... |
| CVE-2021-37770 | 2022-06-30 | Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload... |
| CVE-2021-37778 | 2022-06-30 | There is a buffer overflow in gps-sdr-sim v1.0 when parsing long command line parameters, which can lead to DoS or code execution. |
| CVE-2022-1955 | 2022-06-30 | Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate... |
| CVE-2021-37791 | 2022-06-30 | MyAdmin v1.0 is affected by an incorrect access control vulnerability in viewing personal center in /api/user/userData?userCode=admin. |
| CVE-2022-22474 | 2022-06-30 | IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets. This can result in a denial of service for IBM Spectrum... |
| CVE-2022-22478 | 2022-06-30 | IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886. |
| CVE-2022-22487 | 2022-06-30 | An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the... |
| CVE-2022-22496 | 2022-06-30 | While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be... |
| CVE-2022-31112 | 2022-06-30 | Protected fields exposed via LiveQuery in parse-server |
| CVE-2021-38941 | 2022-06-30 | IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these... |
| CVE-2021-38954 | 2022-06-30 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could disclose sensitive version information that could aid in future attacks against the system. IBM X-Force ID:... |
| CVE-2022-22472 | 2022-06-30 | IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM Spectrum... |
| CVE-2022-22494 | 2022-06-30 | IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request.... |
| CVE-2013-4144 | 2022-06-30 | There is an object injection vulnerability in swfupload plugin for wordpress. |
| CVE-2022-34777 | 2022-06-30 | Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with... |
| CVE-2022-34778 | 2022-06-30 | Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions and exception messages provided in test results if certain job-level options are set, resulting in a cross-site scripting... |
| CVE-2022-34779 | 2022-06-30 | A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| CVE-2022-34780 | 2022-06-30 | A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through... |
| CVE-2022-34781 | 2022-06-30 | Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through... |
| CVE-2022-34782 | 2022-06-30 | An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. |
| CVE-2022-34783 | 2022-06-30 | Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
| CVE-2022-34784 | 2022-06-30 | Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission. |
| CVE-2022-34785 | 2022-06-30 | Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them. |
| CVE-2022-34786 | 2022-06-30 | Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers... |
| CVE-2022-34787 | 2022-06-30 | Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to... |
| CVE-2022-34788 | 2022-06-30 | Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. |
| CVE-2022-34789 | 2022-06-30 | A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds. |
| CVE-2022-34790 | 2022-06-30 | Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure... |
| CVE-2022-34791 | 2022-06-30 | Jenkins Validating Email Parameter Plugin 1.10 and earlier does not escape the name and description of its parameter type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers... |
| CVE-2022-34792 | 2022-06-30 | A cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML. |
| CVE-2022-34793 | 2022-06-30 | Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2022-34794 | 2022-06-30 | Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. |
| CVE-2022-34795 | 2022-06-30 | Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure... |
| CVE-2022-34796 | 2022-06-30 | A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| CVE-2022-34797 | 2022-06-30 | A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials. |
| CVE-2022-34798 | 2022-06-30 | Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using... |