RMX Security CERT Global
- CVE-2022-1426 (gitlab)An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab ... read more
- CVE-2022-29317 (simple_bus_ticket_booking_system)Simple Bus Ticket Booking System v1.0 was discovered to contain multiple SQL injection vulnerbilities via the username and password parameters at /assets/partials/_handleLogin.php. ... read more
- CVE-2022-29316 (complete_online_job_search_system)Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via /eris/index.php?q=result&searchfor=advancesearch. ... read more
- CVE-2021-3254 (dsl-n14u-b1_firmware)Asus DSL-N14U-B1 1.1.2.3_805 allows remote attackers to cause a Denial of Service (DoS) via a TCP SYN scan using nmap. ... read more
- CVE-2022-22713 (windows_10, windows_server)Windows Hyper-V Denial of Service Vulnerability. ... read more
- CVE-2022-22016 (windows_10, windows_11, windows_server, windows_server_2016, windows_server_2019)Windows PlayToManager Elevation of Privilege Vulnerability. ... read more
- CVE-2022-22019 (windows_10, windows_11, windows_7, windows_8.1, windows_rt_8.1, windows_server, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)Remote Procedure Call Runtime Remote Code Execution Vulnerability. ... read more
- CVE-2022-1124 (gitlab)An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to ... read more
- CVE-2022-30990Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux) before build 29240, Acronis Agent (Linux) before build 28037 ... read more
- CVE-2022-29229CaSS is a Competency and Skills System. CaSS Library, (npm:cassproject) has a missing cryptographic step when storing cryptographic keys that can allow a server administrator access to an account’s cryptographic ... read more
- CVE-2022-30991HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 ... read more
- CVE-2021-38944IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This ... read more
- CVE-2022-29230Hydrogen is a React-based framework for building dynamic, Shopify-powered custom storefronts. There is a potential Cross-Site Scripting (XSS) vulnerability where an arbitrary user is able to execute scripts on pages ... read more
- CVE-2022-1774Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7. ... read more
- CVE-2022-30993Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 ... read more
- CVE-2022-30994Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240 ... read more
- CVE-2022-30033Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status() in httpd module. ... read more
- CVE-2022-30992Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 ... read more
- CVE-2022-1771Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ... read more
- CVE-2022-21978 (exchange_server)Microsoft Exchange Server Elevation of Privilege Vulnerability. ... read more
- CVE-2022-21972 (windows_10, windows_11, windows_7, windows_8.1, windows_rt_8.1, windows_server, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022)Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23270. ... read more
- CVE-2022-23267 (.net, .net_core, powershell, visual_studio_2019, visual_studio_2022).NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145. ... read more
- CVE-2022-22017 (remote_desktop, windows_11, windows_server_2022)Remote Desktop Client Remote Code Execution Vulnerability. ... read more
- CVE-2020-19228 (bludit)An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files. ... read more
- CVE-2022-1545 (gitlab)It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 ... read more
- CVE-2022-22011 (windows_10, windows_7, windows_8.1, windows_server, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-26934, CVE-2022-29112. ... read more
- CVE-2022-23279 (windows_10, windows_11, windows_server_2022)Windows ALPC Elevation of Privilege Vulnerability. ... read more
- CVE-2022-1406 (gitlab)Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0 allows a Developer to read protected Group ... read more
- CVE-2022-1428 (gitlab)An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was incorrectly verifying ... read more
- CVE-2022-24466 (windows_10, windows_11, windows_server_2016, windows_server_2019, windows_server_2022)Windows Hyper-V Security Feature Bypass Vulnerability. ... read more
- CVE-2022-23270 (windows_10, windows_11, windows_7, windows_8.1, windows_server, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21972. ... read more
- CVE-2022-26116 (fortinac)Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and ... read more
- CVE-2022-26923 (windows_10, windows_11, windows_8.1, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022)Active Directory Domain Services Elevation of Privilege Vulnerability. ... read more
- CVE-2022-26913 (windows_10, windows_11, windows_server, windows_server_2019, windows_server_2022)Windows Authentication Security Feature Bypass Vulnerability. ... read more
- CVE-2022-1433 (gitlab)An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing ... read more
- CVE-2022-22015 (remote_desktop, windows_10, windows_11, windows_7, windows_8.1, windows_server, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability. ... read more
- CVE-2022-30600A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. ... read more
- CVE-2022-28921A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server. ... read more
- CVE-2022-30599A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. ... read more
- CVE-2022-30597A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. ... read more
- CVE-2022-25617Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets plugin <= 2.14.3 at WordPress via &orderby vulnerable parameter. ... read more
- CVE-2022-30111Due to the use of an insecure algorithm for rolling codes in MCK Smartlock 1.0, allows attackers to unlock the mechanism via replay attacks. ... read more
- CVE-2022-30598A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. ... read more
- Fort Meade Soldier earns Sergeant Audie Murphy AwardBy Tammie S. Moore Fort Meade Public Affairs Office FORT GEORGE G. MEADE, Md. – A Soldier assigned to Fort George G. Meade earned the Sergeant Audie Mur ... read more
- CISA Issues Emergency Directive and Releases Advisory Related to VMware Vulnerabilities... read more
- AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System ControlOriginal release date: May 18, 2022SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory (CSA) to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) ... read more
- CVE-2021-42704Inkscape version 0.19 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code. ... read more
- CVE-2022-22787The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. This issue could be ... read more
- CVE-2021-42849A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access. ... read more
- CVE-2022-1734A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. ... read more
Title | Category | Tag |
NASCIO Data Sharing Report Advancing Digital Government 2017 – Cybersecurity |
CybersecuritySmartCitiesTechnology | cybersecurity ICS standards |