RMX Security CERT Global

• CVE-2023-0562
  A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of ... read more
• CVE-2021-4315
  A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode ... read more
• CVE-2023-0563
  A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The ... read more
• CVE-2023-0560
  A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. This issue affects some unknown processing of the file admin/practice_pdf.php. The ... read more
• CVE-2023-0561
  A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file /user/s.php. The manipulation of ... read more
• CVE-2023-23629
  Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the ... read more
• CVE-2023-23628
  Metabase is an open source data analytics platform. Affected versions are subject to Exposure of Sensitive Information to an Unauthorized Actor. Sandboxed users shouldn't be able to view data about ... read more
• CVE-2022-43980
  Gravedad: NonePublicado: 27/01/2023Last revised: 27/01/2023Descripción: *** Pendiente de traducción *** There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could ... read more
• CVE-2022-4201
  Gravedad: NonePublicado: 27/01/2023Last revised: 27/01/2023Descripción: *** Pendiente de traducción *** A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior ... read more
• CVE-2023-0558
  Gravedad: NonePublicado: 27/01/2023Last revised: 27/01/2023Descripción: *** Pendiente de traducción *** The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to ... read more
• CVE-2022-46968
  Gravedad: NonePublicado: 27/01/2023Last revised: 27/01/2023Descripción: *** Pendiente de traducción *** A stored cross-site scripting (XSS) vulnerability in /index.php?page=help of Revenue Collection System v1.0 allows attackers to execute arbitrary web scripts ... read more
• CVE-2022-43978
  Gravedad: NonePublicado: 27/01/2023Last revised: 27/01/2023Descripción: *** Pendiente de traducción *** There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session ... read more
• CVE-2022-4205
  Gravedad: NonePublicado: 27/01/2023Last revised: 27/01/2023Descripción: *** Pendiente de traducción *** In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash. ... read more
• CVE-2023-0557
  Gravedad: NonePublicado: 27/01/2023Last revised: 27/01/2023Descripción: *** Pendiente de traducción *** The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.5. This could ... read more
• CVE-2022-43979
  Gravedad: NonePublicado: 27/01/2023Last revised: 27/01/2023Descripción: *** Pendiente de traducción *** There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called ... read more
• CVE-2023-0556
  Gravedad: NonePublicado: 27/01/2023Last revised: 27/01/2023Descripción: *** Pendiente de traducción *** The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in ... read more
• CVE-2022-4255
  Gravedad: NonePublicado: 27/01/2023Last revised: 27/01/2023Descripción: *** Pendiente de traducción *** An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to ... read more
• CVE-2022-39380
  Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an ... read more
• CVE-2021-41144
  OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 ... read more
• CVE-2023-0549
  A vulnerability, which was classified as problematic, has been found in YAFNET 3.1.9/3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The ... read more
• CVE-2022-48118
  Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter. ... read more
• CVE-2022-48116
  AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php. ... read more
• CVE-2022-32952
  ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: ... read more
• CVE-2022-32472
  ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: ... read more
• CVE-2021-41231
  OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute ... read more
• CVE-2021-41143
  OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and ... read more
• CVE-2022-46240
  ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none. ... read more
• CVE-2022-4139
  An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local ... read more
• CVE-2022-46238
  ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none. ... read more
• CVE-2022-48010
  LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted ... read more
• CVE-2022-46236
  ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none. ... read more
• CVE-2022-48008
  An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file. ... read more
• CVE-2022-48007
  A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent. ... read more
• CVE-2023-22241
  Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the ... read more
• CVE-2023-22240
  Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the ... read more
• CVE-2022-48012
  Opencats v0.9.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /opencats/index.php?m=settings&a=ajax_tags_upd. ... read more
• CVE-2022-46244
  ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none. ... read more
• CVE-2022-4285
  An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is ... read more
• CVE-2022-48011
  Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function. ... read more
• CVE-2022-48013
  Opencats v0.9.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /opencats/index.php?m=calendar. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted ... read more
• CVE-2022-4335
  A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect ... read more
• CVE-2022-46241
  ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none. ... read more
• CVE-2022-46237
  ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none. ... read more
• CVE-2022-46242
  ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none. ... read more
• CVE-2022-46243
  ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none. ... read more
• CVE-2023-22242
  Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the ... read more
• CERT-SE:s veckobrev v.4
  Ett veckobrev med blandad läsning - nyheter, rapporter, rekommendationer och fördjupningar. Vi vill också slå ett slag för den årliga och internationella dataskyddsdagen den 28 januari. Den påminner oss om ... read more
• Protecting Data: Can we Engineer Data Sharing?
  The European Union Agency for Cybersecurity (ENISA) celebrates the Data Protection Day and explores how technologies can support personal data sharing in practice. ... read more
• CVE-2022-2712
  In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an ... read more
• Desbordamiento de pila en CNCSoft
  Fecha de publicación: 27/01/2023 Importancia: Alta Recursos afectados: CNCSoft: toda las versiones anteriores a 1.01.34; CNCSoft ScreenEditor: todas las versiones anteriores a 1.01.5 (incluida). Descripción: Simon Humbert, ... read more