Lista CVE - 2022 / Giugno
Visualizzazione 301 - 400 di 2149 CVE per Giugno 2022 (Pagina 4 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-31481 | 2022-06-06 | Remote Code Execution via buffer overflow in firmware update process |
| CVE-2022-31482 | 2022-06-06 | Denial-of-Service via internal structure overflow |
| CVE-2022-31483 | 2022-06-06 | Arbitrary file write via authenticated OSDP file upload |
| CVE-2022-31484 | 2022-06-06 | User Account Deletion Unauthenticated |
| CVE-2022-31485 | 2022-06-06 | Unauthenticated homepage note modification |
| CVE-2022-31486 | 2022-06-06 | Command injection via Advanced Networking route add functionality |
| CVE-2021-39947 | 2022-06-06 | In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and... |
| CVE-2022-1935 | 2022-06-06 | Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already... |
| CVE-2022-1940 | 2022-06-06 | A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an... |
| CVE-2022-1936 | 2022-06-06 | Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already... |
| CVE-2022-1821 | 2022-06-06 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1.... |
| CVE-2022-1944 | 2022-06-06 | When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior... |
| CVE-2022-1783 | 2022-06-06 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1.... |
| CVE-2022-1680 | 2022-06-06 | An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0... |
| CVE-2022-23712 | 2022-06-06 | A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request. |
| CVE-2022-28224 | 2022-06-06 | Calico and Calico Enterprise may be vulnerable to route hijacking with the floating IP feature |
| CVE-2022-21745 | 2022-06-06 | In WIFI Firmware, there is a possible memory corruption due to a use after free. This could lead to remote escalation of privilege, when devices are connecting to the attacker-controllable... |
| CVE-2022-21746 | 2022-06-06 | In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User... |
| CVE-2022-21747 | 2022-06-06 | In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User... |
| CVE-2022-21748 | 2022-06-06 | In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed... |
| CVE-2022-21749 | 2022-06-06 | In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... |
| CVE-2022-21750 | 2022-06-06 | In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-21751 | 2022-06-06 | In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-21752 | 2022-06-06 | In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-21753 | 2022-06-06 | In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-21754 | 2022-06-06 | In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-21755 | 2022-06-06 | In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User... |
| CVE-2022-21756 | 2022-06-06 | In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User... |
| CVE-2022-21757 | 2022-06-06 | In WIFI Firmware, there is a possible system crash due to a missing count check. This could lead to remote denial of service with no additional execution privileges needed. User... |
| CVE-2022-21758 | 2022-06-06 | In ccu, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... |
| CVE-2022-21759 | 2022-06-06 | In power service, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-21760 | 2022-06-06 | In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is... |
| CVE-2022-21761 | 2022-06-06 | In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is... |
| CVE-2022-21762 | 2022-06-06 | In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is... |
| CVE-2022-31493 | 2022-06-06 | LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS. |
| CVE-2022-32275 | 2022-06-06 | Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this... |
| CVE-2022-30586 | 2022-06-06 | Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution. |
| CVE-2022-24840 | 2022-06-06 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in django-s3file |
| CVE-2022-24896 | 2022-06-06 | Tracker report renderer and chart widgets leak information in Tuleap |
| CVE-2022-29254 | 2022-06-06 | Failed payment recorded has completed in silverstripe/silverstripe-omnipay |
| CVE-2022-29617 | 2022-06-06 | Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application. |
| CVE-2020-6220 | 2022-06-06 | BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only... |
| CVE-2022-30587 | 2022-06-06 | Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure. |
| CVE-2022-29255 | 2022-06-06 | Multiple evaluation of contract address in call in vyper |
| CVE-2022-31492 | 2022-06-06 | Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username. |
| CVE-2022-29631 | 2022-06-06 | Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send. These vulnerabilities allow attackers to execute Server-Side Request Forgery (SSRF) via a crafted... |
| CVE-2022-30469 | 2022-06-06 | In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=fileman§ion=get&page=grid` leads to SQL injection. |
| CVE-2022-31498 | 2022-06-06 | LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS. |
| CVE-2022-31026 | 2022-06-06 | Use of Uninitialized Variable in trilogy |
| CVE-2022-31019 | 2022-06-06 | DoS Vulnerability in URLEncodedFormDecoder in Vapor |
| CVE-2022-31027 | 2022-06-06 | Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator in oauthenticator |
| CVE-2022-32511 | 2022-06-06 | jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable. |
| CVE-2022-24969 | 2022-06-06 | bypass of CVE-2021-25640 |
| CVE-2022-30927 | 2022-06-06 | A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database... |
| CVE-2022-28479 | 2022-06-06 | SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the "Role management" menu and then trigger the... |
| CVE-2022-28478 | 2022-06-06 | SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The "Remove file" functionality inside the "Log files management" menu does not sanitize user input allowing attackers with admin privileges to... |
| CVE-2022-28051 | 2022-06-06 | The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code. |
| CVE-2022-27438 | 2022-06-06 | Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection... |
| CVE-2022-31494 | 2022-06-06 | LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS. |
| CVE-2022-29296 | 2022-06-06 | A reflected cross-site scripting (XSS) vulnerability in the login portal of Avantune Genialcloud ProJ - 10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2022-31470 | 2022-06-07 | An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user... |
| CVE-2022-2000 | 2022-06-07 | Out-of-bounds Write in vim/vim |
| CVE-2022-31031 | 2022-06-07 | Potential stack buffer overflow when parsing message as a STUN client |
| CVE-2022-0823 | 2022-06-07 | An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack. |
| CVE-2022-2016 | 2022-06-07 | Cross-site Scripting (XSS) - Reflected in neorazorx/facturascripts |
| CVE-2022-2017 | 2022-06-07 | SourceCodester Prison Management System Visit view_visit.php sql injection |
| CVE-2022-2018 | 2022-06-07 | SourceCodester Prison Management System Inmate sql injection |
| CVE-2022-2019 | 2022-06-07 | SourceCodester Prison Management System New User Creation improper authorization |
| CVE-2022-2020 | 2022-06-07 | SourceCodester Prison Management System System Name cross site scripting |
| CVE-2022-29564 | 2022-06-07 | Jamf Private Access before 2022-05-16 has Incorrect Access Control, in which an unauthorized user can reach a system in the internal infrastructure, aka WND-44801. |
| CVE-2022-25361 | 2022-06-07 | WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to delete arbitrary files from a limited set of directories on the system. This vulnerability impacts Fireware OS before 12.7.2_U2,... |
| CVE-2021-37589 | 2022-06-07 | Virtua Cobranca before 12R allows SQL Injection on the login page. |
| CVE-2022-31495 | 2022-06-07 | LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS. |
| CVE-2022-1708 | 2022-06-07 | A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in... |
| CVE-2022-2022 | 2022-06-07 | Cross-site Scripting (XSS) - Stored in nocodb/nocodb |
| CVE-2021-27786 | 2022-06-07 | HCL OneTest Server is vulnerable to Cross Origin Resource Sharing: Arbitrary Origin Trusted |
| CVE-2022-28794 | 2022-06-07 | Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information. |
| CVE-2022-30709 | 2022-06-07 | Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. |
| CVE-2022-30710 | 2022-06-07 | Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. |
| CVE-2022-30711 | 2022-06-07 | Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. |
| CVE-2022-30712 | 2022-06-07 | Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. |
| CVE-2022-30713 | 2022-06-07 | Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. |
| CVE-2022-30714 | 2022-06-07 | Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. |
| CVE-2022-30715 | 2022-06-07 | Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window. |
| CVE-2022-30716 | 2022-06-07 | Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device. |
| CVE-2022-30717 | 2022-06-07 | Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink. |
| CVE-2019-9971 | 2022-06-07 | PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because... |
| CVE-2019-9972 | 2022-06-07 | PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandling. |
| CVE-2022-30719 | 2022-06-07 | Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. |
| CVE-2022-30720 | 2022-06-07 | Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. |
| CVE-2022-30721 | 2022-06-07 | Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. |
| CVE-2022-30729 | 2022-06-07 | Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner. |
| CVE-2022-30722 | 2022-06-07 | Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account. |
| CVE-2022-30723 | 2022-06-07 | Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. |
| CVE-2022-30724 | 2022-06-07 | Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. |
| CVE-2022-30725 | 2022-06-07 | Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. |
| CVE-2022-30726 | 2022-06-07 | Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence. |
| CVE-2022-30727 | 2022-06-07 | Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space. |
| CVE-2022-30728 | 2022-06-07 | Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. |
| CVE-2022-30730 | 2022-06-07 | Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication. |