Lista CVE - 2022 / Giugno
Visualizzazione 101 - 200 di 2149 CVE per Giugno 2022 (Pagina 2 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-27778 | 2022-06-01 | A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. |
| CVE-2022-31022 | 2022-06-01 | Missing Role Based Access Control for the REST handlers in bleve/http package |
| CVE-2022-26905 | 2022-06-01 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2022-30127 | 2022-06-01 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2022-30128 | 2022-06-01 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2022-30190 | 2022-06-01 | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability |
| CVE-2022-29169 | 2022-06-01 | ReDoS on endpoint html5client/useragent in BigBlueButton |
| CVE-2022-29232 | 2022-06-01 | Exposure of messages in BigBlueButton public chats |
| CVE-2022-29233 | 2022-06-01 | Improper access control for breakout rooms in BigBlue Button |
| CVE-2022-29234 | 2022-06-01 | Grace period for lock settings in public/private chats in BigBlueButton |
| CVE-2022-29236 | 2022-06-01 | Improper access control for pencil annotations in BigBlueButton |
| CVE-2022-29235 | 2022-06-01 | Limited data exposure for shared external videos in BigBlueButton |
| CVE-2022-1968 | 2022-06-02 | Use After Free in vim/vim |
| CVE-2022-26497 | 2022-06-02 | BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the "Share room... |
| CVE-2022-29718 | 2022-06-02 | Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users... |
| CVE-2019-12351 | 2022-06-02 | An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma. |
| CVE-2021-33615 | 2022-06-02 | RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type. |
| CVE-2019-12349 | 2022-06-02 | An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id parameter. |
| CVE-2019-12350 | 2022-06-02 | An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma. |
| CVE-2022-29788 | 2022-06-02 | libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mobi file. |
| CVE-2022-32006 | 2022-06-02 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/services/view_service.php?id=. |
| CVE-2022-32005 | 2022-06-02 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/services/manage_service.php?id=. |
| CVE-2022-32004 | 2022-06-02 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/manage_product.php?id=. |
| CVE-2022-32003 | 2022-06-02 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/view_court.php?id=. |
| CVE-2022-32002 | 2022-06-02 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/manage_court.php?id=. |
| CVE-2022-32001 | 2022-06-02 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/view_product.php?id=. |
| CVE-2022-32000 | 2022-06-02 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/manage_service_transaction&id=. |
| CVE-2022-31998 | 2022-06-02 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/view_details&id=. |
| CVE-2022-31996 | 2022-06-02 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=sales/manage_sale&id=. |
| CVE-2022-31994 | 2022-06-02 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=sales/view_details&id. |
| CVE-2022-31993 | 2022-06-02 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_service. |
| CVE-2022-31992 | 2022-06-02 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=court_rentals/view_court_rental&id=. |
| CVE-2022-31991 | 2022-06-02 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_court. |
| CVE-2022-31990 | 2022-06-02 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_product. |
| CVE-2022-31989 | 2022-06-02 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=user/manage_user&id=. |
| CVE-2022-31988 | 2022-06-02 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=reports/daily_services_report&date=. |
| CVE-2022-31986 | 2022-06-02 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/daily_court_rental_report&date=. |
| CVE-2022-31985 | 2022-06-02 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/daily_sales_report&date=. |
| CVE-2022-32018 | 2022-06-02 | Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=hiring&search=. |
| CVE-2022-32017 | 2022-06-02 | Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bytitle. |
| CVE-2022-32016 | 2022-06-02 | Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bycompany. |
| CVE-2022-32015 | 2022-06-02 | Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=category&search=. |
| CVE-2022-32014 | 2022-06-02 | Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=byfunction. |
| CVE-2022-32013 | 2022-06-02 | Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/category/index.php?view=edit&id=. |
| CVE-2022-32012 | 2022-06-02 | Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/employee/index.php?view=edit&id=. |
| CVE-2022-32011 | 2022-06-02 | Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/applicants/index.php?view=view&id=. |
| CVE-2022-32010 | 2022-06-02 | Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/user/index.php?view=edit&id=. |
| CVE-2022-32008 | 2022-06-02 | Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/vacancy/index.php?view=edit&id=. |
| CVE-2022-32007 | 2022-06-02 | Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/company/index.php?view=edit&id=. |
| CVE-2022-32028 | 2022-06-02 | Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=. |
| CVE-2022-32027 | 2022-06-02 | Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/index.php?page=manage_car&id=. |
| CVE-2022-32026 | 2022-06-02 | Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_booking.php?id=. |
| CVE-2022-32025 | 2022-06-02 | Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/view_car.php?id=. |
| CVE-2022-32024 | 2022-06-02 | Car Rental Management System v1.0 is vulnerable to SQL Injection via car-rental-management-system/booking.php?car_id=. |
| CVE-2022-32022 | 2022-06-02 | Car Rental Management System v1.0 is vulnerable to SQL Injection via /ip/car-rental-management-system/admin/ajax.php?action=login. |
| CVE-2022-32021 | 2022-06-02 | Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_movement.php?id=. |
| CVE-2022-32020 | 2022-06-02 | Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via ip/car-rental-management-system/admin/ajax.php?action=save_settings. |
| CVE-2022-32019 | 2022-06-02 | Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=save_car. |
| CVE-2022-29704 | 2022-06-02 | BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerability. |
| CVE-2022-31018 | 2022-06-02 | Denial of service binding form from JSON in Play Framework |
| CVE-2022-25163 | 2022-06-02 | Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number "24061" or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number... |
| CVE-2022-1982 | 2022-06-02 | A crafted SVG attachment can crash a Mattermost server |
| CVE-2022-1716 | 2022-06-02 | Keep My Notes v1.80.147 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack... |
| CVE-2022-29597 | 2022-06-02 | Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to Local File Inclusion (LFI). Any authenticated user has the ability to reference internal system files within requests made to the... |
| CVE-2022-30429 | 2022-06-02 | Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of... |
| CVE-2022-1979 | 2022-06-02 | SourceCodester Product Show Room Site p=contact cross site scripting |
| CVE-2022-1980 | 2022-06-02 | SourceCodester Product Show Room Site cross site scripting |
| CVE-2021-38221 | 2022-06-02 | bbs-go <= 3.3.0 including Custom Edition is vulnerable to stored XSS. |
| CVE-2022-26944 | 2022-06-02 | Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at... |
| CVE-2021-45981 | 2022-06-02 | NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack. |
| CVE-2021-45982 | 2022-06-02 | NetScout nGeniusONE 6.3.2 allows Arbitrary File Upload by a privileged user. |
| CVE-2021-45983 | 2022-06-02 | NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution. |
| CVE-2022-31023 | 2022-06-02 | Dev error stack trace leaking into prod in Play Framework |
| CVE-2022-31024 | 2022-06-02 | Federated editing allows iframing remote servers by default in richdocuments |
| CVE-2021-42875 | 2022-06-02 | TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin. |
| CVE-2021-42877 | 2022-06-02 | TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. |
| CVE-2021-33473 | 2022-06-02 | An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted... |
| CVE-2022-32250 | 2022-06-02 | net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. |
| CVE-2022-22556 | 2022-06-02 | Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the Denial of Service. |
| CVE-2022-22557 | 2022-06-02 | PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure... |
| CVE-2022-26866 | 2022-06-02 | Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript... |
| CVE-2022-26867 | 2022-06-02 | PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows... |
| CVE-2022-26868 | 2022-06-02 | Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS... |
| CVE-2022-26869 | 2022-06-02 | Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution. |
| CVE-2022-29084 | 2022-06-02 | Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to... |
| CVE-2022-29085 | 2022-06-02 | Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of... |
| CVE-2022-31460 | 2022-06-02 | Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value. |
| CVE-2022-31463 | 2022-06-02 | Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used. |
| CVE-2022-31462 | 2022-06-02 | Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data. |
| CVE-2022-31461 | 2022-06-02 | Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message. |
| CVE-2022-31459 | 2022-06-02 | Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth. |
| CVE-2022-29594 | 2022-06-02 | eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM. |
| CVE-2022-30232 | 2022-06-02 | A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or... |
| CVE-2022-30233 | 2022-06-02 | A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Affected Products:... |
| CVE-2022-30234 | 2022-06-02 | A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5... |
| CVE-2022-30235 | 2022-06-02 | A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and... |
| CVE-2022-30236 | 2022-06-02 | A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) |
| CVE-2022-30237 | 2022-06-02 | A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, EER21000 & EER21001... |
| CVE-2022-30238 | 2022-06-02 | A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session. Affected Products: Wiser Smart, EER21000 & EER21001... |
| CVE-2022-29767 | 2022-06-03 | adbyby v2.7 allows external users to make connections via port 8118. This can cause a program logic error and lead to a Denial of Service (DoS) via high CPU usage... |