Lista CVE - 2022 / Giugno
Visualizzazione 401 - 500 di 2149 CVE per Giugno 2022 (Pagina 5 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-30731 | 2022-06-07 | Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application. |
| CVE-2022-30732 | 2022-06-07 | Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult. |
| CVE-2022-30733 | 2022-06-07 | Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. |
| CVE-2022-30734 | 2022-06-07 | Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. |
| CVE-2022-30735 | 2022-06-07 | Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the access_token without permission. |
| CVE-2022-30736 | 2022-06-07 | Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission. |
| CVE-2022-30737 | 2022-06-07 | Implicit Intent hijacking vulnerability in Samsung Account prior to version 13.2.00.6 allows attackers to get email ID. |
| CVE-2022-30738 | 2022-06-07 | Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script. |
| CVE-2022-30739 | 2022-06-07 | Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get an user email or phone number with a normal level permission. |
| CVE-2022-30740 | 2022-06-07 | Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers. |
| CVE-2022-30741 | 2022-06-07 | Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log. |
| CVE-2022-30742 | 2022-06-07 | Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permissio to get sim card information through device log. |
| CVE-2022-30743 | 2022-06-07 | Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission. |
| CVE-2022-30744 | 2022-06-07 | DLL hijacking vulnerability in KiesWrapper in Samsung Kies prior to version 2.6.4.22043_1 allows attacker to execute arbitrary code. |
| CVE-2022-30745 | 2022-06-07 | Improper access control vulnerability in Quick Share prior to version 13.1.2.4 allows attacker to access internal files in Quick Share. |
| CVE-2022-30746 | 2022-06-07 | Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API. |
| CVE-2022-30747 | 2022-06-07 | PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent. |
| CVE-2022-30748 | 2022-06-07 | Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity. |
| CVE-2022-30749 | 2022-06-07 | Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity. |
| CVE-2021-35532 | 2022-06-07 | Firmware upload verification bypass in TXpert Hub CoreTec 4 |
| CVE-2021-35531 | 2022-06-07 | Remote Code Execution in TXpert Hub CoreTec 4 |
| CVE-2022-29620 | 2022-06-07 | FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via a memory dump.- NOTE: the vendor does not consider this a vulnerability |
| CVE-2022-30466 | 2022-06-07 | joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture-replay. |
| CVE-2021-35530 | 2022-06-07 | User authentication bypass in TXpert Hub CoreTec 4 |
| CVE-2021-40592 | 2022-06-08 | GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite... |
| CVE-2022-28382 | 2022-06-08 | An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode (Electronic Codebook, aka ECB), an attacker may be able to... |
| CVE-2022-28383 | 2022-06-08 | An issue was discovered in certain Verbatim drives through 2022-03-31. Due to insufficient firmware validation, an attacker can store malicious firmware code for the USB-to-SATA bridge controller on the USB... |
| CVE-2022-28384 | 2022-06-08 | An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they allow an offline brute-force attack for determining the correct passcode, and thus gaining unauthorized... |
| CVE-2022-28386 | 2022-06-08 | An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout (e.g., requiring a reformat of the drive after 20 failed unlock attempts) does not work... |
| CVE-2022-25151 | 2022-06-08 | ITarian - Session cookie not protected by HttpOnly flag |
| CVE-2022-25152 | 2022-06-08 | ITarian - Any user with a valid session token can create and execute agent procedures and bypass mandatory approvals |
| CVE-2022-25153 | 2022-06-08 | ITarian - Local privilege escalation in Endpoint Manager agent on Windows |
| CVE-2022-2014 | 2022-06-08 | Code Injection in jgraph/drawio |
| CVE-2022-2015 | 2022-06-08 | Cross-site Scripting (XSS) - Stored in jgraph/drawio |
| CVE-2022-2029 | 2022-06-08 | Cross-site Scripting (XSS) - DOM in kromitgmbh/titra |
| CVE-2022-2028 | 2022-06-08 | Cross-site Scripting (XSS) - Generic in kromitgmbh/titra |
| CVE-2022-2027 | 2022-06-08 | Improper Neutralization of Formula Elements in a CSV File in kromitgmbh/titra |
| CVE-2022-2026 | 2022-06-08 | Cross-site Scripting (XSS) - Stored in kromitgmbh/titra |
| CVE-2022-26377 | 2022-06-08 | mod_proxy_ajp: Possible request smuggling |
| CVE-2022-28330 | 2022-06-08 | read beyond bounds in mod_isapi |
| CVE-2022-28614 | 2022-06-08 | read beyond bounds via ap_rwrite() |
| CVE-2022-28615 | 2022-06-08 | Read beyond bounds in ap_strcmp_match() |
| CVE-2022-29404 | 2022-06-08 | Denial of service in mod_lua r:parsebody |
| CVE-2022-30522 | 2022-06-08 | mod_sed denial of service |
| CVE-2022-30556 | 2022-06-08 | Information Disclosure in mod_lua with websockets |
| CVE-2022-31813 | 2022-06-08 | mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism |
| CVE-2022-31497 | 2022-06-08 | LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS. |
| CVE-2022-30790 | 2022-06-08 | Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552. |
| CVE-2022-30552 | 2022-06-08 | Das U-Boot 2022.01 has a Buffer Overflow. |
| CVE-2022-30909 | 2022-06-08 | H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm. |
| CVE-2022-30910 | 2022-06-08 | H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the GO parameter at /goform/aspForm. |
| CVE-2022-30912 | 2022-06-08 | H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateWanParams parameter at /goform/aspForm. |
| CVE-2022-30913 | 2022-06-08 | H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the ipqos_set_bandwidth parameter at /goform/aspForm. |
| CVE-2022-30914 | 2022-06-08 | H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateMacClone parameter at /goform/aspForm. |
| CVE-2022-30915 | 2022-06-08 | H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateSnat parameter at /goform/aspForm. |
| CVE-2022-30916 | 2022-06-08 | H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnetDebug parameter at /goform/aspForm. |
| CVE-2022-30917 | 2022-06-08 | H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddWlanMacList parameter at /goform/aspForm. |
| CVE-2022-30919 | 2022-06-08 | H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID_5G parameter at /goform/aspForm. |
| CVE-2022-30918 | 2022-06-08 | H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnet parameter at /goform/aspForm. |
| CVE-2022-30920 | 2022-06-08 | H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID parameter at /goform/aspForm. |
| CVE-2022-30921 | 2022-06-08 | H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetMobileAPInfoById parameter at /goform/aspForm. |
| CVE-2022-30922 | 2022-06-08 | H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditWlanMacList parameter at /goform/aspForm. |
| CVE-2022-30923 | 2022-06-08 | H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTimingtimeWifiAndLed parameter at /goform/aspForm. |
| CVE-2022-30924 | 2022-06-08 | H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetAPWifiorLedInfoById parameter at /goform/aspForm. |
| CVE-2022-30925 | 2022-06-08 | H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddMacList parameter at /goform/aspForm. |
| CVE-2022-30926 | 2022-06-08 | H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditMacList parameter at /goform/aspForm. |
| CVE-2022-1992 | 2022-06-08 | Path Traversal in gogs/gogs |
| CVE-2022-1993 | 2022-06-08 | Path Traversal in gogs/gogs |
| CVE-2022-24296 | 2022-06-08 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J... |
| CVE-2020-14125 | 2022-06-08 | A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by out-of-bound read/write and can be exploited by attackers to make denial of service. |
| CVE-2021-36710 | 2022-06-08 | ToaruOS 1.99.2 is affected by incorrect access control via the kernel. Improper MMU management and having a low GDT address allows it to be mapped in userland. A call gate... |
| CVE-2022-32273 | 2022-06-08 | As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server. |
| CVE-2022-28387 | 2022-06-08 | An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they can be unlocked by an attacker who can then gain unauthorized access to the... |
| CVE-2022-28385 | 2022-06-08 | An issue was discovered in certain Verbatim drives through 2022-03-31. Due to missing integrity checks, an attacker can manipulate the content of the emulated CD-ROM drive (containing the Windows and... |
| CVE-2022-30899 | 2022-06-08 | A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/part_categories. |
| CVE-2022-31325 | 2022-06-08 | There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php. |
| CVE-2022-30875 | 2022-06-08 | Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page. |
| CVE-2022-30877 | 2022-06-08 | The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2. |
| CVE-2022-31038 | 2022-06-08 | XSS vulnerability in repository issue list in Gogs |
| CVE-2021-40589 | 2022-06-08 | ZAngband zangband-data 2.7.5 is affected by an integer underflow vulnerability in src/tk/plat.c through the variable fileheader.bfOffBits. |
| CVE-2022-30882 | 2022-06-08 | pyanxdns package in PyPI version 0.2 is vulnerable to code execution backdoor. The impact is: execute arbitrary code (remote). When installing the pyanxdns package of version 0.2, the request package... |
| CVE-2022-31313 | 2022-06-08 | api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package. |
| CVE-2022-29013 | 2022-06-08 | A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request. |
| CVE-2022-29014 | 2022-06-08 | A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files. |
| CVE-2022-31496 | 2022-06-08 | LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access. |
| CVE-2021-40961 | 2022-06-09 | CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the... |
| CVE-2022-31214 | 2022-06-09 | A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target,... |
| CVE-2022-32272 | 2022-06-09 | OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation. |
| CVE-2022-31042 | 2022-06-09 | Failure to strip the Cookie header on change in host or HTTP downgrade in Guzzle |
| CVE-2022-31043 | 2022-06-09 | Fix failure to strip Authorization header on HTTP downgrade in Guzzle |
| CVE-2022-32195 | 2022-06-09 | Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL. |
| CVE-2022-25807 | 2022-06-09 | An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials,... |
| CVE-2022-25806 | 2022-06-09 | An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to... |
| CVE-2022-25805 | 2022-06-09 | An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission of cleartext LDAP bind credentials by the cmd_mgt_load_mgt_tree command allows an attacker (who can intercept or... |
| CVE-2022-25804 | 2022-06-09 | An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Insecure permissions for the serverconfig registry key (under JavaSoft\Prefs\de\igel\rm\config in HKEY_LOCAL_MACHINE\SOFTWARE) allow an unprivileged local attacker to read... |
| CVE-2022-31649 | 2022-06-09 | ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer. |
| CVE-2022-30075 | 2022-06-09 | In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation. |
| CVE-2022-1986 | 2022-06-09 | OS Command Injection in gogs/gogs |
| CVE-2022-2036 | 2022-06-09 | Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis |
| CVE-2016-15002 | 2022-06-09 | MONyog Ultimate Cookie privileges management |