IS Security CERT Global

    • CVE-2022-35949
      Gravedad: NonePublicado: 12/08/2022Last revised: 12/08/2022Descripción: *** Pendiente de traducción *** undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application ... read more
    • CVE-2022-35942
      Gravedad: NonePublicado: 12/08/2022Last revised: 12/08/2022Descripción: *** Pendiente de traducción *** Improper input validation on the `contains` LoopBack filter may allow for arbitrary SQL injection. When the extended filter property `contains` ... read more
    • CVE-2022-20402 (android)
      Product: AndroidVersions: Android kernelAndroid ID: A-218701042References: N/A ... read more
    • CVE-2022-20382 (android)
      In (TBD) of (TBD), there is a possible out of bounds write due to kernel stack overflow. This could lead to local escalation of privilege with System execution privileges needed. ... read more
    • CVE-2022-20374 (android)
      On specific devices, there is a possible bypass of configuration integrity due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. ... read more
    • CVE-2022-20379 (android)
      In lwis_buffer_alloc of lwis_buffer.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. ... read more
    • CVE-2022-20401 (android)
      In SAEMM_RetrievEPLMNList of SAEMM_ContextManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post-authentication with no additional execution ... read more
    • CVE-2022-20378 (android)
      Product: AndroidVersions: Android kernelAndroid ID: A-234657153References: N/A ... read more
    • CVE-2022-20377 (android)
      In TBD of keymaster_ipc.cpp, there is a possible to force gatekeeper, fingerprint, and faceauth to use a known HMAC key. This could lead to local escalation of privilege with no ... read more
    • CVE-2022-20406 (android)
      Product: AndroidVersions: Android kernelAndroid ID: A-184676385References: N/A ... read more
    • CVE-2022-20384 (android)
      Product: AndroidVersions: Android kernelAndroid ID: A-211727306References: N/A ... read more
    • CVE-2022-20380 (android)
      Product: AndroidVersions: Android kernelAndroid ID: A-212625740References: N/A ... read more
    • CVE-2022-20400 (android)
      In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges ... read more
    • CVE-2022-20403 (android)
      Product: AndroidVersions: Android kernelAndroid ID: A-207975764References: N/A ... read more
    • CVE-2022-20383 (android)
      In AllocateInternalBuffers of g3aa_buffer_allocator.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges ... read more
    • CVE-2022-20405 (android)
      Product: AndroidVersions: Android kernelAndroid ID: A-216363416References: N/A ... read more
    • CVE-2022-20372 (android)
      In exynos5_i2c_irq of (TBD), there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges ... read more
    • CVE-2022-20376 (android)
      In trusty_log_seq_start of trusty-log.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction ... read more
    • CVE-2022-20381 (android)
      Product: AndroidVersions: Android kernelAndroid ID: A-188935887References: N/A ... read more
    • CVE-2022-20404 (android)
      Product: AndroidVersions: Android kernelAndroid ID: A-205714161References: N/A ... read more
    • CVE-2022-20407 (android)
      Product: AndroidVersions: Android kernelAndroid ID: A-210916981References: N/A ... read more
    • CVE-2022-35942
      Improper input validation on the `contains` LoopBack filter may allow for arbitrary SQL injection. When the extended filter property `contains` is permitted to be interpreted by the Postgres connector, it ... read more
    • CVE-2022-35949
      undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. ... read more
    • CVE-2022-2802
      Gravedad: NonePublicado: 12/08/2022Last revised: 12/08/2022Descripción: *** Pendiente de traducción *** A vulnerability has been found in SourceCodester Gas Agency Management System and classified as critical. This vulnerability affects unknown code ... read more
    • CVE-2022-2804
      Gravedad: NonePublicado: 12/08/2022Last revised: 12/08/2022Descripción: *** Pendiente de traducción *** A vulnerability was found in SourceCodester Zoo Management System. It has been classified as critical. Affected is an unknown function ... read more
    • CVE-2022-35943
      Gravedad: NonePublicado: 12/08/2022Last revised: 12/08/2022Descripción: *** Pendiente de traducción *** Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 ... read more
    • CVE-2022-35953
      Gravedad: NonePublicado: 12/08/2022Last revised: 12/08/2022Descripción: *** Pendiente de traducción *** BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. ... read more
    • CVE-2022-2800
      Gravedad: NonePublicado: 12/08/2022Last revised: 12/08/2022Descripción: *** Pendiente de traducción *** A vulnerability, which was classified as problematic, has been found in SourceCodester Gym Management System. Affected by this issue is ... read more
    • CVE-2022-37397
      Gravedad: NonePublicado: 12/08/2022Last revised: 12/08/2022Descripción: *** Pendiente de traducción *** An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous ... read more
    • CVE-2022-35956
      Gravedad: NonePublicado: 12/08/2022Last revised: 12/08/2022Descripción: *** Pendiente de traducción *** This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single ... read more
    • CVE-2022-2803
      Gravedad: NonePublicado: 12/08/2022Last revised: 12/08/2022Descripción: *** Pendiente de traducción *** A vulnerability was found in SourceCodester Zoo Management System and classified as critical. This issue affects some unknown processing of ... read more
    • CVE-2022-2801
      Gravedad: NonePublicado: 12/08/2022Last revised: 12/08/2022Descripción: *** Pendiente de traducción *** A vulnerability, which was classified as critical, was found in SourceCodester Automated Beer Parlour Billing System. This affects an unknown ... read more
    • CVE-2022-38183
      Gravedad: NonePublicado: 12/08/2022Last revised: 12/08/2022Descripción: *** Pendiente de traducción *** In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, ... read more
    • CVE-2022-2800
      A vulnerability, which was classified as problematic, has been found in SourceCodester Gym Management System. Affected by this issue is some unknown functionality. The manipulation leads to clickjacking. The attack ... read more
    • CVE-2022-2616
      Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox ... read more
    • CVE-2022-2801
      A vulnerability, which was classified as critical, was found in SourceCodester Automated Beer Parlour Billing System. This affects an unknown part of the component Login. The manipulation of the argument ... read more
    • CVE-2022-2622
      Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file. ... read more
    • CVE-2022-2802
      A vulnerability has been found in SourceCodester Gas Agency Management System and classified as critical. This vulnerability affects unknown code of the file gasmark/login.php. The manipulation of the argument username ... read more
    • CVE-2022-2615
      Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. ... read more
    • CVE-2022-2613
      Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially ... read more
    • CVE-2022-35943
      Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/libraries/security.html) mechanism with CodeIgniter Shield. For this attack to ... read more
    • CVE-2022-38183
      In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in ... read more
    • CVE-2022-2619
      Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML ... read more
    • CVE-2022-2614
      Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. ... read more
    • CVE-2022-2618
      Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . ... read more
    • CVE-2022-2620
      Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially ... read more
    • CVE-2022-2624
      Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption ... read more
    • CVE-2022-35956
      This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Before ... read more
    • CVE-2022-2621
      Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific ... read more
    • CVE-2022-2617
      Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via ... read more
Title Category Tag

Africa – The State of African Utilities Performance Assessment and Benchmarking Report – Water

 SmartCitiesStandardsPracticesWater africa infrastructure water

Project Management Evaluation Good Practice Standards – ECG – EPCM

 EPCMStandardsPractices epcm standards