Search for vulnerabilities


CVE-ID
Description
CVSS-Score
V2
V3
CVE-2022-32511 jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.

None

None

CVE-2022-32296 The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used.

None

None

CVE-2022-32291 In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file.

None

None

CVE-2022-32275 Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI.

None

None

CVE-2022-32273 As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server.

None

None

CVE-2022-32272 OPSWAT MetaDefender Core (MDCore) before 5.1.2 has incorrect access control, resulting in privilege escalation.

None

None

CVE-2022-32271 In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject scri...

None

None

CVE-2022-32270 In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in t...

None

None

CVE-2022-32269 In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). This leads to arbitrary code execution.

None

None

CVE-2022-32268 StarWind SAN and NAS v0.2 build 1914 allow remote code execution.

None

None

CVE-2022-32265 qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding.

None

None

CVE-2022-32250 net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-f...

None

None

CVE-2022-32202 In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp.

None

None

CVE-2022-32201 In libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp.

None

None

CVE-2022-32200 libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c.

None

None

CVE-2022-32195 Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL.

None

None

CVE-2022-32028 Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=.

None

None

CVE-2022-32027 Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/index.php?page=manage_car&id=.

None

None

CVE-2022-32026 Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_booking.php?id=.

None

None

CVE-2022-32025 Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/view_car.php?id=.

None

None