RMX Security CERT Global

• CVE-2022-25617
  Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets plugin ... read more
• CVE-2022-29445
  Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin ... read more
• CVE-2022-30596
  Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to ... read more
• CVE-2022-30599
  Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. ... read more
• CVE-2022-30597
  Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** A flaw was found in moodle where the description user field was not hidden when being set as a hidden ... read more
• CVE-2022-30598
  Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** A flaw was found in moodle where global search results could include author information on some activities where a user ... read more
• CVE-2022-28921
  Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting ... read more
• CVE-2022-30111
  Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** Due to the use of an insecure algorithm for rolling codes in MCK Smartlock 1.0, allows attackers to unlock the ... read more
• CVE-2022-28924
  Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to ... read more
• CVE-2022-30600
  Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout ... read more
• CVE-2022-22019 (windows_10, windows_11, windows_7, windows_8.1, windows_rt_8.1, windows_server, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)
  Remote Procedure Call Runtime Remote Code Execution Vulnerability. ... read more
• CVE-2022-1124 (gitlab)
  An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to ... read more
• CVE-2022-1426 (gitlab)
  An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab ... read more
• CVE-2022-29317 (simple_bus_ticket_booking_system)
  Simple Bus Ticket Booking System v1.0 was discovered to contain multiple SQL injection vulnerbilities via the username and password parameters at /assets/partials/_handleLogin.php. ... read more
• CVE-2022-29316 (complete_online_job_search_system)
  Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via /eris/index.php?q=result&searchfor=advancesearch. ... read more
• CVE-2021-3254 (dsl-n14u-b1_firmware)
  Asus DSL-N14U-B1 1.1.2.3_805 allows remote attackers to cause a Denial of Service (DoS) via a TCP SYN scan using nmap. ... read more
• CVE-2022-22713 (windows_10, windows_server)
  Windows Hyper-V Denial of Service Vulnerability. ... read more
• CVE-2022-22016 (windows_10, windows_11, windows_server, windows_server_2016, windows_server_2019)
  Windows PlayToManager Elevation of Privilege Vulnerability. ... read more
• CVE-2022-30994
  Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240 ... read more
• CVE-2022-30033
  Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status() in httpd module. ... read more
• CVE-2022-30992
  Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 ... read more
• CVE-2022-1771
  Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ... read more
• CVE-2022-30990
  Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux) before build 29240, Acronis Agent (Linux) before build 28037 ... read more
• CVE-2022-29229
  CaSS is a Competency and Skills System. CaSS Library, (npm:cassproject) has a missing cryptographic step when storing cryptographic keys that can allow a server administrator access to an account’s cryptographic ... read more
• CVE-2022-30991
  HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 ... read more
• CVE-2021-38944
  IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This ... read more
• CVE-2022-29230
  Hydrogen is a React-based framework for building dynamic, Shopify-powered custom storefronts. There is a potential Cross-Site Scripting (XSS) vulnerability where an arbitrary user is able to execute scripts on pages ... read more
• CVE-2022-1774
  Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7. ... read more
• CVE-2022-30993
  Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 ... read more
• CVE-2022-23270 (windows_10, windows_11, windows_7, windows_8.1, windows_server, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)
  Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21972. ... read more
• CVE-2022-26116 (fortinac)
  Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and ... read more
• CVE-2022-26923 (windows_10, windows_11, windows_8.1, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022)
  Active Directory Domain Services Elevation of Privilege Vulnerability. ... read more
• CVE-2022-26913 (windows_10, windows_11, windows_server, windows_server_2019, windows_server_2022)
  Windows Authentication Security Feature Bypass Vulnerability. ... read more
• CVE-2022-1433 (gitlab)
  An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing ... read more
• CVE-2022-22015 (remote_desktop, windows_10, windows_11, windows_7, windows_8.1, windows_server, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)
  Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability. ... read more
• CVE-2022-21978 (exchange_server)
  Microsoft Exchange Server Elevation of Privilege Vulnerability. ... read more
• CVE-2022-21972 (windows_10, windows_11, windows_7, windows_8.1, windows_rt_8.1, windows_server, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022)
  Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23270. ... read more
• CVE-2022-23267 (.net, .net_core, powershell, visual_studio_2019, visual_studio_2022)
  .NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145. ... read more
• CVE-2022-22017 (remote_desktop, windows_11, windows_server_2022)
  Remote Desktop Client Remote Code Execution Vulnerability. ... read more
• CVE-2020-19228 (bludit)
  An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files. ... read more
• CVE-2022-1545 (gitlab)
  It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 ... read more
• CVE-2022-22011 (windows_10, windows_7, windows_8.1, windows_server, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)
  Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-26934, CVE-2022-29112. ... read more
• CVE-2022-23279 (windows_10, windows_11, windows_server_2022)
  Windows ALPC Elevation of Privilege Vulnerability. ... read more
• CVE-2022-1406 (gitlab)
  Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0 allows a Developer to read protected Group ... read more
• CVE-2022-1428 (gitlab)
  An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was incorrectly verifying ... read more
• CVE-2022-24466 (windows_10, windows_11, windows_server_2016, windows_server_2019, windows_server_2022)
  Windows Hyper-V Security Feature Bypass Vulnerability. ... read more
• CVE-2022-30599
  A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. ... read more
• CVE-2022-30597
  A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. ... read more
• CVE-2022-25617
  Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets plugin <= 2.14.3 at WordPress via &orderby vulnerable parameter. ... read more
• CVE-2022-30111
  Due to the use of an insecure algorithm for rolling codes in MCK Smartlock 1.0, allows attackers to unlock the mechanism via replay attacks. ... read more