MGHC - ProjectFinanceBuilding Innovative Public-Private-Partnerships for Effective and Equitable WSS Services

RMX Security CERT Global

CVE-2022-25617
Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets plugin ... read more
CVE-2022-29445
Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin ... read more
CVE-2022-30596
Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to ... read more
CVE-2022-30599
Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. ... read more
CVE-2022-30597
Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** A flaw was found in moodle where the description user field was not hidden when being set as a hidden ... read more
CVE-2022-30598
Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** A flaw was found in moodle where global search results could include author information on some activities where a user ... read more
CVE-2022-28921
Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting ... read more
CVE-2022-30111
Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** Due to the use of an insecure algorithm for rolling codes in MCK Smartlock 1.0, allows attackers to unlock the ... read more
CVE-2022-28924
Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to ... read more
CVE-2022-30600
Gravedad: NonePublicado: 18/05/2022Last revised: 18/05/2022Descripción: *** Pendiente de traducción *** A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout ... read more
CVE-2022-22019 (windows_10, windows_11, windows_7, windows_8.1, windows_rt_8.1, windows_server, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)
Remote Procedure Call Runtime Remote Code Execution Vulnerability. ... read more
CVE-2022-1124 (gitlab)
An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to ... read more
CVE-2022-1426 (gitlab)
An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab ... read more
CVE-2022-29317 (simple_bus_ticket_booking_system)
Simple Bus Ticket Booking System v1.0 was discovered to contain multiple SQL injection vulnerbilities via the username and password parameters at /assets/partials/_handleLogin.php. ... read more
CVE-2022-29316 (complete_online_job_search_system)
Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via /eris/index.php?q=result&searchfor=advancesearch. ... read more
CVE-2021-3254 (dsl-n14u-b1_firmware)
Asus DSL-N14U-B1 1.1.2.3_805 allows remote attackers to cause a Denial of Service (DoS) via a TCP SYN scan using nmap. ... read more
CVE-2022-22713 (windows_10, windows_server)
Windows Hyper-V Denial of Service Vulnerability. ... read more
CVE-2022-22016 (windows_10, windows_11, windows_server, windows_server_2016, windows_server_2019)
Windows PlayToManager Elevation of Privilege Vulnerability. ... read more
CVE-2022-30994
Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240 ... read more
CVE-2022-30033
Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status() in httpd module. ... read more
CVE-2022-30992
Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 ... read more
CVE-2022-1771
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ... read more
CVE-2022-30990
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux) before build 29240, Acronis Agent (Linux) before build 28037 ... read more
CVE-2022-29229
CaSS is a Competency and Skills System. CaSS Library, (npm:cassproject) has a missing cryptographic step when storing cryptographic keys that can allow a server administrator access to an accountâ€™s cryptographic ... read more
CVE-2022-30991
HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 ... read more
CVE-2021-38944
IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This ... read more
CVE-2022-29230
Hydrogen is a React-based framework for building dynamic, Shopify-powered custom storefronts. There is a potential Cross-Site Scripting (XSS) vulnerability where an arbitrary user is able to execute scripts on pages ... read more
CVE-2022-1774
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7. ... read more
CVE-2022-30993
Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 ... read more
CVE-2022-23270 (windows_10, windows_11, windows_7, windows_8.1, windows_server, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)
Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21972. ... read more
CVE-2022-26116 (fortinac)
Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and ... read more
CVE-2022-26923 (windows_10, windows_11, windows_8.1, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022)
Active Directory Domain Services Elevation of Privilege Vulnerability. ... read more
CVE-2022-26913 (windows_10, windows_11, windows_server, windows_server_2019, windows_server_2022)
Windows Authentication Security Feature Bypass Vulnerability. ... read more
CVE-2022-1433 (gitlab)
An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing ... read more
CVE-2022-22015 (remote_desktop, windows_10, windows_11, windows_7, windows_8.1, windows_server, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability. ... read more
CVE-2022-21978 (exchange_server)
Microsoft Exchange Server Elevation of Privilege Vulnerability. ... read more
CVE-2022-21972 (windows_10, windows_11, windows_7, windows_8.1, windows_rt_8.1, windows_server, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022)
Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23270. ... read more
CVE-2022-23267 (.net, .net_core, powershell, visual_studio_2019, visual_studio_2022)
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145. ... read more
CVE-2022-22017 (remote_desktop, windows_11, windows_server_2022)
Remote Desktop Client Remote Code Execution Vulnerability. ... read more
CVE-2020-19228 (bludit)
An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files. ... read more
CVE-2022-1545 (gitlab)
It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 ... read more
CVE-2022-22011 (windows_10, windows_7, windows_8.1, windows_server, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)
Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-26934, CVE-2022-29112. ... read more
CVE-2022-23279 (windows_10, windows_11, windows_server_2022)
Windows ALPC Elevation of Privilege Vulnerability. ... read more
CVE-2022-1406 (gitlab)
Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0 allows a Developer to read protected Group ... read more
CVE-2022-1428 (gitlab)
An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was incorrectly verifying ... read more
CVE-2022-24466 (windows_10, windows_11, windows_server_2016, windows_server_2019, windows_server_2022)
Windows Hyper-V Security Feature Bypass Vulnerability. ... read more
CVE-2022-30599
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. ... read more
CVE-2022-30597
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. ... read more
CVE-2022-25617
Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets plugin <= 2.14.3 at WordPress via &orderby vulnerable parameter. ... read more
CVE-2022-30111
Due to the use of an insecure algorithm for rolling codes in MCK Smartlock 1.0, allows attackers to unlock the mechanism via replay attacks. ... read more

Title	Category	Tag
Building Innovative Public-Private-Partnerships for Effective and Equitable WSS Services – Project Financing	InfrastructurePPPProjectFinance	epcm governments infrastructure
Accelerating Action CDP Global Water Report 2015 – Project Financing	InfrastructureProjectFinanceWater	governments infrastructure water
A Review of the Use of Output-Based Aid Approaches – Project Financing	EPCMPPPProjectFinance	data sharing governments infrastructure

Search Library

RMX Security CERT Global

Building Innovative Public-Private-Partnerships for Effective and Equitable WSS Services – Project Financing

Accelerating Action CDP Global Water Report 2015 – Project Financing

A Review of the Use of Output-Based Aid Approaches – Project Financing

Login

Login to research machine exchange Platform Services

Hello

Security Briefing Search

PDF Library Search

ProjectFinance Search

Reset Password

Reset Password

You have no permission to access this content