The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2017-20068 | A vulnerability was found in Hindu Matrimonial Script. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/usermanagement.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | -- | Jun 21, 2022 |
| CVE-2017-20067 | A vulnerability was found in Hindu Matrimonial Script. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument username/password with the input \'or\'\'=\' leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | -- | Jun 21, 2022 |
| CVE-2017-20066 | A vulnerability has been found in Adminer Login 1.4.4 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | -- | Jun 21, 2022 |
| CVE-2017-20065 | A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | -- | Jun 21, 2022 |
| CVE-2013-1916 | In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved. | -- | Jun 24, 2022 |
| CVE-2013-1891 | In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed. | -- | Jun 24, 2022 |
| CVE-2022-30632 | This is a PRIVATE issue tracked in b/226945200 and fixed by http://tg/1423262. | -- | Jun 20, 2022 |
| CVE-2022-30630 | This is a PRIVATE issue tracked in b/231318890 and fixed by http://tg/1422952. | -- | Jun 20, 2022 |
| CVE-2022-2122 | Potential heap overwrite in the qt demuxer when handling certain QuickTime/MP4 files in GStreamer versions before 1.20.3. | -- | Jun 20, 2022 |
| CVE-2022-2078 | kernel: Vulnerability of buffer overflow in nft_set_desc_concat_parse() | -- | Jun 16, 2022 |
| CVE-2022-2011 | Use after free in ANGLE. | -- | Jun 14, 2022 |
| CVE-2022-2010 | Out of bounds read in compositing. | -- | Jun 14, 2022 |
| CVE-2022-2008 | Out of bounds memory access in WebGL. | -- | Jun 14, 2022 |
| CVE-2022-2007 | Use after free in WebGPU. | -- | Jun 14, 2022 |
| CVE-2022-1976 | kernel: a use-after-free in __lock_acquire may lead to a crash | -- | Jun 15, 2022 |
| CVE-2022-1925 | DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression | -- | Jun 17, 2022 |
| CVE-2022-1924 | DOS / potential heap overwrite in mkv demuxing using lzo decompression | -- | Jun 17, 2022 |
| CVE-2022-1923 | Potential heap overwrite in the mkv demuxer when handling certain Matroska/WebM files in GStreamer versions before 1.20.3. | -- | Jun 17, 2022 |
| CVE-2022-1922 | Potential heap overwrite in the mkv demuxer when handling certain Matroska/WebM files in GStreamer versions before 1.20.3. | -- | Jun 17, 2022 |
| CVE-2022-1921 | videmux: Fix integer overflow resulting in heap corruption in DIB buffer inversion code | -- | Jun 17, 2022 |
| CVE-2022-1920 | atroskademux: Avoid integer-overflow resulting in heap corruption in WavPack header handling code | -- | Jun 17, 2022 |
| CVE-2022-34006 | An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\\Users as sysadmin, thus enabling unprivileged Windows users to execute commands locally as NT AUTHORITY\\SYSTEM, aka NX-I674 (sub-issue 2). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation. | -- | Jun 19, 2022 |
| CVE-2022-34005 | An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 (sub-issue 1). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation. | -- | Jun 19, 2022 |
| CVE-2022-34000 | libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc. | -- | Jun 19, 2022 |
| CVE-2022-33987 | The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket. | -- | Jun 18, 2022 |
| CVE-2022-33981 | drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function. | -- | Jun 18, 2022 |
| CVE-2022-33915 | Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. This Hotpatch package is not a replacement for updating to a log4j version that mitigates CVE-2021-44228 or CVE-2021-45046; it provides a temporary mitigation to CVE-2021-44228 by hotpatching the local Java virtual machines. To do so, it iterates through all running Java processes, performs several checks, and executes the Java virtual machine with the same permissions and capabilities as the running process to load the hotpatch. A local user could cause the hotpatch script to execute a binary with elevated privileges by running a custom java process that performs exec() of an SUID binary after the hotpatch has observed the process path and before it has observed its effective user ID. | -- | Jun 17, 2022 |
| CVE-2022-33912 | A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped version of the agents, the maintainer scripts located at /var/lib/dpkg/info/ will be owned by the user and the group with ID 1001. If such a user exists on the system, they can change the content of these files (which are then executed by root). This leads to a local privilege escalation on the monitored host. Version 1.6 through 1.6.9p29, version 2.0 through 2.0.0p26, version 2.1 through 2.1.0p3, and version 2.2.0i1 are affected. | -- | Jun 17, 2022 |
| CVE-2022-33756 | CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data. | -- | Jun 17, 2022 |
| CVE-2022-33755 | CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users. | -- | Jun 17, 2022 |
| CVE-2022-33754 | CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code. | -- | Jun 17, 2022 |
| CVE-2022-33753 | CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges. | -- | Jun 17, 2022 |
| CVE-2022-33752 | CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code. | -- | Jun 17, 2022 |
| CVE-2022-33751 | CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data. | -- | Jun 17, 2022 |
| CVE-2022-33750 | CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands. | -- | Jun 17, 2022 |
| CVE-2022-33739 | CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system. | -- | Jun 17, 2022 |
| CVE-2022-33175 | Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/get_param.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrators. The session id can then be reused to act as the administrator, allowing reading of the cleartext password, or reconfiguring the device. | -- | Jun 13, 2022 |
| CVE-2022-33174 | Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an active session authorization check. This can be then used to fetch the values of protected sys.passwd and sys.su.name fields that contain the username and password in cleartext. | -- | Jun 13, 2022 |
| CVE-2022-32547 | In ImageMagick, there is load of misaligned address for type \'double\', which requires 8 byte alignment and for type \'float\', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior. | -- | Jun 16, 2022 |
| CVE-2022-32546 | A vulnerability was found in ImageMagick, causing an outside the range of representable values of type \'unsigned long\' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. | -- | Jun 16, 2022 |
| CVE-2022-32545 | A vulnerability was found in ImageMagick, causing an outside the range of representable values of type \'unsigned char\' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. | -- | Jun 16, 2022 |
| CVE-2022-32444 | An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user\'s browser to be redirected to another site via /loginsave.php. | -- | Jun 17, 2022 |
| CVE-2022-32442 | u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS). When a user accesses the default home page if the parameter passed in is http://127.0.0.1/? Onmouseover=%27tzgl (96502)%27bad=, it can cause html injection. | -- | Jun 17, 2022 |
| CVE-2022-32278 | XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. | -- | Jun 14, 2022 |
| CVE-2022-32276 | ** DISPUTED ** Grafana 8.4.3 allows unauthenticated access via (for example) a /dashboard/snapshot/*?orgId=0 URI. NOTE: the vendor considers this a UI bug, not a vulnerability. | -- | Jun 17, 2022 |
| CVE-2022-31941 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via \\rdms\\admin?page=user\\manage_user&id=. | -- | Jun 18, 2022 |
| CVE-2022-31914 | Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via zms/admin/public_html/save_animal?an_id=24. | -- | Jun 16, 2022 |
| CVE-2022-31913 | Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /odfs/classes/Master.php?f=save_category, name. | -- | Jun 16, 2022 |
| CVE-2022-31912 | Online Tutor Portal Site v1.0 is vulnerable to SQL Injection via /otps/classes/Master.php?f=delete_team. | -- | Jun 16, 2022 |
| CVE-2022-31911 | Online Discussion Forum Site v1.0 is vulnerable to SQL Injection via /odfs/classes/Master.php?f=delete_team. | -- | Jun 16, 2022 |
