Lista CVE - 2022 / Giugno
Visualizzazione 201 - 300 di 2149 CVE per Giugno 2022 (Pagina 3 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-32265 | 2022-06-03 | qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding. |
| CVE-2022-32268 | 2022-06-03 | StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A flaw was found in REST API in StarWind Stack. REST command, which allows changing the hostname, doesn’t check... |
| CVE-2022-32269 | 2022-06-03 | In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). This leads to arbitrary code execution. |
| CVE-2022-32271 | 2022-06-03 | In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains... |
| CVE-2022-32270 | 2022-06-03 | In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables... |
| CVE-2022-1987 | 2022-06-03 | Buffer Over-read in bfabiszewski/libmobi |
| CVE-2022-1988 | 2022-06-03 | Cross-site Scripting (XSS) - Generic in neorazorx/facturascripts |
| CVE-2021-42884 | 2022-06-03 | TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack. |
| CVE-2021-42885 | 2022-06-03 | TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack. |
| CVE-2021-42886 | 2022-06-03 | TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file. |
| CVE-2021-42887 | 2022-06-03 | In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. |
| CVE-2021-42888 | 2022-06-03 | TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack. |
| CVE-2021-42889 | 2022-06-03 | In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization. |
| CVE-2022-1991 | 2022-06-03 | Fast Food Ordering System Master List Master.php cross site scripting |
| CVE-2022-31025 | 2022-06-03 | Invite bypasses user approval in Discourse |
| CVE-2022-31028 | 2022-06-03 | Possible DDOS by establishing keep-alive connections with anonymous HTTP clients in MinIO |
| CVE-2020-36523 | 2022-06-03 | PlantUML Database Information Macro cross site scripting |
| CVE-2020-36524 | 2022-06-03 | Refined Toolkit UI-Image/UI-Button cross site scripting |
| CVE-2020-36525 | 2022-06-03 | Linking New Windows Macro cross site scripting |
| CVE-2020-36526 | 2022-06-03 | Countdown Timer Macro cross site scripting |
| CVE-2020-36527 | 2022-06-03 | Server Status HTTP Status/SMTP Status cross site scripting |
| CVE-2020-36528 | 2022-06-03 | Platinum Mobile MobileHandler.ashx access control |
| CVE-2021-42890 | 2022-06-03 | TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack. |
| CVE-2021-42891 | 2022-06-03 | In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization. |
| CVE-2022-26493 | 2022-06-03 | miniOrange SAML Authentication Bypass |
| CVE-2021-42892 | 2022-06-03 | In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware. |
| CVE-2021-42893 | 2022-06-03 | In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg. |
| CVE-2020-36529 | 2022-06-03 | SevOne Network Management System Traceroute traceroute.php command injection |
| CVE-2020-36530 | 2022-06-03 | SevOne Network Management System Alert Summary sql injection |
| CVE-2020-36531 | 2022-06-03 | SevOne Network Management System Device Manager Page injection |
| CVE-2020-36532 | 2022-06-03 | Klapp App Authorization Credentials information disclosure |
| CVE-2020-36533 | 2022-06-03 | Klapp App JSON Web Token improper authentication |
| CVE-2020-36534 | 2022-06-03 | easyii CMS out cross-site request forgery |
| CVE-2020-36535 | 2022-06-03 | MINMAX newsDia.php sql injection |
| CVE-2020-36536 | 2022-06-03 | Brandbugle main.php sql injection |
| CVE-2020-36537 | 2022-06-03 | Everywhere CMS sql injection |
| CVE-2020-36538 | 2022-06-03 | Eatan CMS sql injection |
| CVE-2020-36539 | 2022-06-03 | Lógico y Creativo sql injection |
| CVE-2020-36540 | 2022-06-03 | Neetai Tech product.php sql injection |
| CVE-2020-36541 | 2022-06-03 | Demokratian genera_select.php sql injection |
| CVE-2020-36542 | 2022-06-03 | Demokratian install3.php privileges management |
| CVE-2021-43271 | 2022-06-03 | Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a (when configured to use local, RADIUS, or TACACS authentication) logs usernames and passwords if either... |
| CVE-2022-24065 | 2022-06-03 | Command Injection |
| CVE-2022-29770 | 2022-06-03 | XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo. |
| CVE-2022-21122 | 2022-06-03 | Arbitrary Code Execution |
| CVE-2022-29773 | 2022-06-03 | An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set. |
| CVE-2022-29778 | 2022-06-03 | D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php |
| CVE-2022-29784 | 2022-06-03 | PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java. |
| CVE-2022-1703 | 2022-06-03 | Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability... |
| CVE-2022-26134 | 2022-06-03 | In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data... |
| CVE-2019-25062 | 2022-06-04 | Sricam IP CCTV Camera Device Viewer stack-based overflow |
| CVE-2019-25063 | 2022-06-04 | Sricam IP CCTV Camera Device Viewer memory corruption |
| CVE-2020-36543 | 2022-06-04 | SialWeb CMS about.php sql injection |
| CVE-2020-36544 | 2022-06-04 | SialWeb CMS Search cross site scriting |
| CVE-2017-20017 | 2022-06-05 | The Next Generation of Genealogy Sitebuilding timeline2.php sql injection |
| CVE-2022-32291 | 2022-06-05 | In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file. |
| CVE-2022-32296 | 2022-06-05 | The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm")... |
| CVE-2022-1996 | 2022-06-06 | Authorization Bypass Through User-Controlled Key in emicklei/go-restful |
| CVE-2022-31030 | 2022-06-06 | containerd CRI plugin: Host memory exhaustion through ExecSync |
| CVE-2022-0779 | 2022-06-06 | User Meta < 2.4.4 - Subscriber+ Local File Enumeration via Path Traversal |
| CVE-2022-0788 | 2022-06-06 | WP Fundraising Donation and Crowdfunding Platform < 1.5.0 - Unauthenticated SQLi |
| CVE-2022-1005 | 2022-06-06 | WP Statistics < 13.2.2 - Reflected Cross-Site Scripting |
| CVE-2022-1241 | 2022-06-06 | Ask Me < 6.8.2 - Reflected Cross-Site Scripting |
| CVE-2022-1394 | 2022-06-06 | Photo Gallery < 1.6.4 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1421 | 2022-06-06 | Discy < 5.2 - Settings Update via CSRF |
| CVE-2022-1422 | 2022-06-06 | Discy < 5.2 - Restore Default Settings via CSRF |
| CVE-2022-1424 | 2022-06-06 | Ask Me < 6.8.2 - Multiple CSRF in AJAX Actions |
| CVE-2022-1469 | 2022-06-06 | FiboSearch < 1.18.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1506 | 2022-06-06 | WP Born Babies <= 1.0 - Contributor+ Stored Cross-Site Scripting |
| CVE-2022-1541 | 2022-06-06 | Video Slider - Slider Carousel < 1.4.8 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1569 | 2022-06-06 | WordPress Forms by Pie Forms < 1.4.9.4 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1570 | 2022-06-06 | Files Download Delay < 1.0.7 - Subscriber+ Settings Reset |
| CVE-2022-1577 | 2022-06-06 | Database Backup for WordPress < 2.5.2 - Arbitrary Schedule Settings Update via CSRF |
| CVE-2022-1597 | 2022-06-06 | WPQA < 5.4 - Reflected Cross-Site Scripting |
| CVE-2022-1598 | 2022-06-06 | WPQA < 5.5 - Unauthenticated Private Message Disclosure |
| CVE-2022-1647 | 2022-06-06 | FormCraft Basic < 1.2.6 - Admin+ Stored Cross Site Scripting |
| CVE-2022-1673 | 2022-06-06 | WooCommerce Green Wallet Gateway < 1.0.2 - Reflected Cross Site Scripting in checkout page |
| CVE-2022-1683 | 2022-06-06 | amtyThumb <= 4.2.0 - Subscriber+ SQLi |
| CVE-2022-1684 | 2022-06-06 | Cube Slider <= 1.2 - Admin+ SQLi |
| CVE-2022-1685 | 2022-06-06 | Five Minute Webshop <= 1.3.2 - Admin+ SQLi via orderby |
| CVE-2022-1686 | 2022-06-06 | Five Minute Webshop <= 1.3.2 - Admin+ SQLi via id |
| CVE-2022-1687 | 2022-06-06 | Logo Slider <= 1.4.8 - Admin+ SQLi |
| CVE-2022-1688 | 2022-06-06 | Note Press <= 0.1.10 - Admin+ SQLi via id |
| CVE-2022-1689 | 2022-06-06 | Note Press <= 0.1.10 - Admin+ SQLi via Update |
| CVE-2022-1690 | 2022-06-06 | Note Press <= 0.1.10 - Admin+ SQLi via Bulk Actions |
| CVE-2022-1691 | 2022-06-06 | Realty Workstation < 1.0.15 - Agent SQLi |
| CVE-2022-1692 | 2022-06-06 | CP Image Store with Slideshow < 1.0.68 - Unauthenticated SQLi |
| CVE-2022-1695 | 2022-06-06 | WP Simple Adsense Insertion < 2.1 - Inject ads and javascript via CSRF |
| CVE-2022-1709 | 2022-06-06 | Throws SPAM Away < 3.3.1 - Comment Deletion via CSRF |
| CVE-2022-1712 | 2022-06-06 | LiveSync for WordPress <= 1.0 - Arbitrary Settings Update via CSRF |
| CVE-2022-1997 | 2022-06-06 | Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis |
| CVE-2021-42245 | 2022-06-06 | FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections. |
| CVE-2022-30860 | 2022-06-06 | FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel. |
| CVE-2022-30861 | 2022-06-06 | FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature. |
| CVE-2022-30863 | 2022-06-06 | FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel. |
| CVE-2021-41932 | 2022-06-06 | A blind SQL injection vulnerability in search form in TeamMate+ Audit version 28.0.19.0 allows any authenticated user to create malicious SQL injections, which can result in complete database compromise, gaining... |
| CVE-2022-31768 | 2022-06-06 | IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete... |
| CVE-2022-22396 | 2022-06-06 | Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or... |
| CVE-2022-31479 | 2022-06-06 | Remote Code Execution via command injection of the hostname |
| CVE-2022-31480 | 2022-06-06 | Unauthenticated Firmware Upload and Arbitrary Reboot |