Lista CVE - 2022 / Giugno
Visualizzazione 2101 - 2149 di 2149 CVE per Giugno 2022 (Pagina 22 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-34799 | 2022-06-30 | Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to... |
| CVE-2022-34800 | 2022-06-30 | Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the... |
| CVE-2022-34801 | 2022-06-30 | Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. |
| CVE-2022-34802 | 2022-06-30 | Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by... |
| CVE-2022-34803 | 2022-06-30 | Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by... |
| CVE-2022-34804 | 2022-06-30 | Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenkins configuration form and job configuration forms, potentially resulting in their exposure. |
| CVE-2022-34805 | 2022-06-30 | Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to... |
| CVE-2022-34806 | 2022-06-30 | Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access... |
| CVE-2022-34807 | 2022-06-30 | Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to... |
| CVE-2022-34808 | 2022-06-30 | Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to... |
| CVE-2022-34809 | 2022-06-30 | Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the... |
| CVE-2022-34810 | 2022-06-30 | A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| CVE-2022-34811 | 2022-06-30 | A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. |
| CVE-2022-34812 | 2022-06-30 | A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions. |
| CVE-2022-34813 | 2022-06-30 | A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions. |
| CVE-2022-34814 | 2022-06-30 | Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration... |
| CVE-2022-34815 | 2022-06-30 | A cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs. |
| CVE-2022-34816 | 2022-06-30 | Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins... |
| CVE-2022-34817 | 2022-06-30 | A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs. |
| CVE-2022-34818 | 2022-06-30 | Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs. |
| CVE-2013-4561 | 2022-06-30 | In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity. |
| CVE-2022-2197 | 2022-06-30 | Exemys RME1 |
| CVE-2022-28127 | 2022-06-30 | A data removal vulnerability exists in the web_server /action/remove/ API functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a... |
| CVE-2022-32585 | 2022-06-30 | A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence... |
| CVE-2022-33312 | 2022-06-30 | Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a... |
| CVE-2022-33313 | 2022-06-30 | Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a... |
| CVE-2022-33314 | 2022-06-30 | Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a... |
| CVE-2022-33325 | 2022-06-30 | Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a... |
| CVE-2022-33326 | 2022-06-30 | Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a... |
| CVE-2022-33327 | 2022-06-30 | Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a... |
| CVE-2022-33328 | 2022-06-30 | Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a... |
| CVE-2022-33329 | 2022-06-30 | Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a... |
| CVE-2021-41995 | 2022-06-30 | PingID Mac Login prior to 1.1 vulnerable to pre-computed dictionary attacks |
| CVE-2022-23717 | 2022-06-30 | PingID Windows Login prior to 2.8 denial of service condition |
| CVE-2022-23718 | 2022-06-30 | PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution |
| CVE-2022-23719 | 2022-06-30 | PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests |
| CVE-2022-23720 | 2022-06-30 | PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file |
| CVE-2022-23725 | 2022-06-30 | PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances |
| CVE-2014-0068 | 2022-06-30 | It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission. |
| CVE-2014-0156 | 2022-06-30 | Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use... |
| CVE-2022-33082 | 2022-06-30 | An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2022-31115 | 2022-06-30 | Unsafe YAML deserialization in opensearch-ruby |
| CVE-2022-33085 | 2022-06-30 | ESPCMS P8 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the fetch_filename function at \espcms_public\espcms_templates\ESPCMS_Templates. |
| CVE-2022-33087 | 2022-06-30 | A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. |
| CVE-2022-32988 | 2022-06-30 | Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every ".asp" page containing a list of stored strings. The following... |
| CVE-2021-32428 | 2022-06-30 | SQL Injection vulnerability in viaviwebtech Android EBook App (Books App, PDF, ePub, Online Book Reading, Download Books) 10 via the author_id parameter to api.php. |
| CVE-2022-27904 | 2022-06-30 | Automox Agent for macOS before version 39 was vulnerable to a time-of-check/time-of-use (TOCTOU) race-condition attack during the agent install process. |
| CVE-2022-32295 | 2022-06-30 | On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component. |
| CVE-2022-2264 | 2022-07-01 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-32081 | 2022-07-01 | MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. |
| CVE-2022-32082 | 2022-07-01 | MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. |
| CVE-2022-32084 | 2022-07-01 | MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. |
| CVE-2022-32089 | 2022-07-01 | MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. |
| CVE-2022-32091 | 2022-07-01 | MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. |
| CVE-2022-32325 | 2022-07-01 | JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. |
| CVE-2022-2274 | 2022-07-01 | RSA implementation bug in AVX512IFMA instructions |
| CVE-2022-2280 | 2022-07-01 | Cross-site Scripting (XSS) - Stored in microweber/microweber |
| CVE-2022-2279 | 2022-07-01 | NULL Pointer Dereference in bfabiszewski/libmobi |
| CVE-2022-34894 | 2022-07-01 | In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services |
| CVE-2022-33099 | 2022-07-01 | An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. |
| CVE-2022-33103 | 2022-07-01 | Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir(). |
| CVE-2014-3648 | 2022-07-01 | The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with... |
| CVE-2014-3650 | 2022-07-01 | Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted... |
| CVE-2022-2253 | 2022-07-01 | Distributed Data Systems WebHMI OS Command Injection |
| CVE-2022-2254 | 2022-07-01 | Distributed Data Systems WebHMI Cross-site Scripting |
| CVE-2022-2250 | 2022-07-01 | An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users... |
| CVE-2022-2244 | 2022-07-01 | An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role... |
| CVE-2022-2281 | 2022-07-01 | An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if... |
| CVE-2022-2185 | 2022-07-01 | A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user... |
| CVE-2022-2235 | 2022-07-01 | Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform... |
| CVE-2022-2243 | 2022-07-01 | An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues... |
| CVE-2022-2227 | 2022-07-01 | Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer... |
| CVE-2022-2230 | 2022-07-01 | A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1,... |
| CVE-2022-1983 | 2022-07-01 | Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a... |
| CVE-2022-1981 | 2022-07-01 | An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a... |
| CVE-2022-1999 | 2022-07-01 | An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the... |
| CVE-2022-2228 | 2022-07-01 | Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens... |
| CVE-2022-31113 | 2022-07-01 | Cross-Site Scripting in Canarytoken history |
| CVE-2022-2229 | 2022-07-01 | An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the... |
| CVE-2022-2270 | 2022-07-01 | An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab... |
| CVE-2022-1963 | 2022-07-01 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1.... |
| CVE-2022-1954 | 2022-07-01 | A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker... |
| CVE-2022-0167 | 2022-07-01 | An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab... |
| CVE-2022-31604 | 2022-07-01 | NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data... |
| CVE-2022-31605 | 2022-07-01 | NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() instead of yaml.safe_load(). The deserialization of Untrusted Data, may allow an... |
| CVE-2021-37524 | 2022-07-01 | Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php. |
| CVE-2022-32053 | 2022-07-01 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041621c. |
| CVE-2022-32052 | 2022-07-01 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004137a4. |
| CVE-2022-32050 | 2022-07-01 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041af40. |
| CVE-2022-32051 | 2022-07-01 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4. |
| CVE-2022-32049 | 2022-07-01 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_00418540. |
| CVE-2022-32048 | 2022-07-01 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_0041cc88. |
| CVE-2022-32046 | 2022-07-01 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_0041880c. |
| CVE-2022-32047 | 2022-07-01 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4. |
| CVE-2022-32045 | 2022-07-01 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00413be4. |
| CVE-2022-32044 | 2022-07-01 | TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN_00413f80. |
| CVE-2022-32043 | 2022-07-01 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo. |
| CVE-2022-32041 | 2022-07-01 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData. |
| CVE-2022-32040 | 2022-07-01 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm. |
| CVE-2022-32039 | 2022-07-01 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient. |