RMX Security CERT Global
- CVE-2022-25617Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets plugin ... read more
- CVE-2022-29445Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin ... read more
- CVE-2022-30596Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to ... read more
- CVE-2022-30599Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. ... read more
- CVE-2022-30597Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** A flaw was found in moodle where the description user field was not hidden when being set as a hidden ... read more
- CVE-2022-30598Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** A flaw was found in moodle where global search results could include author information on some activities where a user ... read more
- CVE-2022-28921Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting ... read more
- CVE-2022-30111Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** Due to the use of an insecure algorithm for rolling codes in MCK Smartlock 1.0, allows attackers to unlock the ... read more
- CVE-2022-28924Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to ... read more
- CVE-2022-30600Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout ... read more
- CVE-2022-22019 (windows_10, windows_11, windows_7, windows_8.1, windows_rt_8.1, windows_server, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)Remote Procedure Call Runtime Remote Code Execution Vulnerability. ... read more
- CVE-2022-1124 (gitlab)An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to ... read more
- CVE-2022-1426 (gitlab)An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab ... read more
- CVE-2022-29317 (simple_bus_ticket_booking_system)Simple Bus Ticket Booking System v1.0 was discovered to contain multiple SQL injection vulnerbilities via the username and password parameters at /assets/partials/_handleLogin.php. ... read more
- CVE-2022-29316 (complete_online_job_search_system)Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via /eris/index.php?q=result&searchfor=advancesearch. ... read more
- CVE-2021-3254 (dsl-n14u-b1_firmware)Asus DSL-N14U-B1 1.1.2.3_805 allows remote attackers to cause a Denial of Service (DoS) via a TCP SYN scan using nmap. ... read more
- CVE-2022-22713 (windows_10, windows_server)Windows Hyper-V Denial of Service Vulnerability. ... read more
- CVE-2022-22016 (windows_10, windows_11, windows_server, windows_server_2016, windows_server_2019)Windows PlayToManager Elevation of Privilege Vulnerability. ... read more
- CVE-2022-30994Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240 ... read more
- CVE-2022-30033Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status() in httpd module. ... read more
- CVE-2022-30992Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 ... read more
- CVE-2022-1771Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ... read more
- CVE-2022-30990Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux) before build 29240, Acronis Agent (Linux) before build 28037 ... read more
- CVE-2022-29229CaSS is a Competency and Skills System. CaSS Library, (npm:cassproject) has a missing cryptographic step when storing cryptographic keys that can allow a server administrator access to an account’s cryptographic ... read more
- CVE-2022-30991HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 ... read more
- CVE-2021-38944IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This ... read more
- CVE-2022-29230Hydrogen is a React-based framework for building dynamic, Shopify-powered custom storefronts. There is a potential Cross-Site Scripting (XSS) vulnerability where an arbitrary user is able to execute scripts on pages ... read more
- CVE-2022-1774Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7. ... read more
- CVE-2022-30993Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 ... read more
- CVE-2022-23270 (windows_10, windows_11, windows_7, windows_8.1, windows_server, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21972. ... read more
- CVE-2022-26116 (fortinac)Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and ... read more
- CVE-2022-26923 (windows_10, windows_11, windows_8.1, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022)Active Directory Domain Services Elevation of Privilege Vulnerability. ... read more
- CVE-2022-26913 (windows_10, windows_11, windows_server, windows_server_2019, windows_server_2022)Windows Authentication Security Feature Bypass Vulnerability. ... read more
- CVE-2022-1433 (gitlab)An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing ... read more
- CVE-2022-22015 (remote_desktop, windows_10, windows_11, windows_7, windows_8.1, windows_server, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability. ... read more
- CVE-2022-21978 (exchange_server)Microsoft Exchange Server Elevation of Privilege Vulnerability. ... read more
- CVE-2022-21972 (windows_10, windows_11, windows_7, windows_8.1, windows_rt_8.1, windows_server, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022)Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23270. ... read more
- CVE-2022-23267 (.net, .net_core, powershell, visual_studio_2019, visual_studio_2022).NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145. ... read more
- CVE-2022-22017 (remote_desktop, windows_11, windows_server_2022)Remote Desktop Client Remote Code Execution Vulnerability. ... read more
- CVE-2020-19228 (bludit)An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files. ... read more
- CVE-2022-1545 (gitlab)It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 ... read more
- CVE-2022-22011 (windows_10, windows_7, windows_8.1, windows_server, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-26934, CVE-2022-29112. ... read more
- CVE-2022-23279 (windows_10, windows_11, windows_server_2022)Windows ALPC Elevation of Privilege Vulnerability. ... read more
- CVE-2022-1406 (gitlab)Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0 allows a Developer to read protected Group ... read more
- CVE-2022-1428 (gitlab)An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was incorrectly verifying ... read more
- CVE-2022-24466 (windows_10, windows_11, windows_server_2016, windows_server_2019, windows_server_2022)Windows Hyper-V Security Feature Bypass Vulnerability. ... read more
- CVE-2022-30599A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. ... read more
- CVE-2022-30597A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. ... read more
- CVE-2022-25617Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets plugin <= 2.14.3 at WordPress via &orderby vulnerable parameter. ... read more
- CVE-2022-30111Due to the use of an insecure algorithm for rolling codes in MCK Smartlock 1.0, allows attackers to unlock the mechanism via replay attacks. ... read more
Title | Category | Tag |
A Review of the Use of Output-Based Aid Approaches – Project Financing |
EPCMPPPProjectFinance | data sharing governments infrastructure |
Project Management Evaluation Good Practice Standards – ECG – EPCM |
EPCMStandardsPractices | epcm standards |