All Vulnerabilities

CVE-ID	Description	CVSS-Score
		V2	V3
CVE-2022-32511	jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.	None	None
CVE-2022-32296	The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used.	None	None
CVE-2022-32291	In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file.	None	None
CVE-2022-32275	Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI.	None	None
CVE-2022-32273	As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server.	None	None
CVE-2022-32272	OPSWAT MetaDefender Core (MDCore) before 5.1.2 has incorrect access control, resulting in privilege escalation.	None	None
CVE-2022-32271	In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject scri...	None	None
CVE-2022-32270	In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in t...	None	None
CVE-2022-32269	In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). This leads to arbitrary code execution.	None	None
CVE-2022-32268	StarWind SAN and NAS v0.2 build 1914 allow remote code execution.	None	None
CVE-2022-32265	qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding.	None	None
CVE-2022-32250	net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-f...	None	None
CVE-2022-32202	In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp.	None	None
CVE-2022-32201	In libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp.	None	None
CVE-2022-32200	libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c.	None	None
CVE-2022-32195	Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL.	None	None
CVE-2022-32028	Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=.	None	None
CVE-2022-32027	Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/index.php?page=manage_car&id=.	None	None
CVE-2022-32026	Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_booking.php?id=.	None	None
CVE-2022-32025	Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/view_car.php?id=.	None	None

HPI-VDB — Database for IT-Attack Analysis