IS Security CERT Global
- CVE-2022-35949Gravedad: NonePublicado: 12/08/2022Last revised: 12/08/2022Descripción: *** Pendiente de traducción *** undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application ... read more
- CVE-2022-35942Gravedad: NonePublicado: 12/08/2022Last revised: 12/08/2022Descripción: *** Pendiente de traducción *** Improper input validation on the `contains` LoopBack filter may allow for arbitrary SQL injection. When the extended filter property `contains` ... read more
- CVE-2022-20402 (android)Product: AndroidVersions: Android kernelAndroid ID: A-218701042References: N/A ... read more
- CVE-2022-20382 (android)In (TBD) of (TBD), there is a possible out of bounds write due to kernel stack overflow. This could lead to local escalation of privilege with System execution privileges needed. ... read more
- CVE-2022-20374 (android)On specific devices, there is a possible bypass of configuration integrity due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. ... read more
- CVE-2022-20379 (android)In lwis_buffer_alloc of lwis_buffer.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. ... read more
- CVE-2022-20401 (android)In SAEMM_RetrievEPLMNList of SAEMM_ContextManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post-authentication with no additional execution ... read more
- CVE-2022-20378 (android)Product: AndroidVersions: Android kernelAndroid ID: A-234657153References: N/A ... read more
- CVE-2022-20377 (android)In TBD of keymaster_ipc.cpp, there is a possible to force gatekeeper, fingerprint, and faceauth to use a known HMAC key. This could lead to local escalation of privilege with no ... read more
- CVE-2022-20406 (android)Product: AndroidVersions: Android kernelAndroid ID: A-184676385References: N/A ... read more
- CVE-2022-20384 (android)Product: AndroidVersions: Android kernelAndroid ID: A-211727306References: N/A ... read more
- CVE-2022-20380 (android)Product: AndroidVersions: Android kernelAndroid ID: A-212625740References: N/A ... read more
- CVE-2022-20400 (android)In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges ... read more
- CVE-2022-20403 (android)Product: AndroidVersions: Android kernelAndroid ID: A-207975764References: N/A ... read more
- CVE-2022-20383 (android)In AllocateInternalBuffers of g3aa_buffer_allocator.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges ... read more
- CVE-2022-20405 (android)Product: AndroidVersions: Android kernelAndroid ID: A-216363416References: N/A ... read more
- CVE-2022-20372 (android)In exynos5_i2c_irq of (TBD), there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges ... read more
- CVE-2022-20376 (android)In trusty_log_seq_start of trusty-log.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction ... read more
- CVE-2022-20381 (android)Product: AndroidVersions: Android kernelAndroid ID: A-188935887References: N/A ... read more
- CVE-2022-20404 (android)Product: AndroidVersions: Android kernelAndroid ID: A-205714161References: N/A ... read more
- CVE-2022-20407 (android)Product: AndroidVersions: Android kernelAndroid ID: A-210916981References: N/A ... read more
- CVE-2022-35942Improper input validation on the `contains` LoopBack filter may allow for arbitrary SQL injection. When the extended filter property `contains` is permitted to be interpreted by the Postgres connector, it ... read more
- CVE-2022-35949undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. ... read more
- CVE-2022-2802Gravedad: NonePublicado: 12/08/2022Last revised: 12/08/2022Descripción: *** Pendiente de traducción *** A vulnerability has been found in SourceCodester Gas Agency Management System and classified as critical. This vulnerability affects unknown code ... read more
- CVE-2022-2804Gravedad: NonePublicado: 12/08/2022Last revised: 12/08/2022Descripción: *** Pendiente de traducción *** A vulnerability was found in SourceCodester Zoo Management System. It has been classified as critical. Affected is an unknown function ... read more
- CVE-2022-35943Gravedad: NonePublicado: 12/08/2022Last revised: 12/08/2022Descripción: *** Pendiente de traducción *** Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 ... read more
- CVE-2022-35953Gravedad: NonePublicado: 12/08/2022Last revised: 12/08/2022Descripción: *** Pendiente de traducción *** BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. ... read more
- CVE-2022-2800Gravedad: NonePublicado: 12/08/2022Last revised: 12/08/2022Descripción: *** Pendiente de traducción *** A vulnerability, which was classified as problematic, has been found in SourceCodester Gym Management System. Affected by this issue is ... read more
- CVE-2022-37397Gravedad: NonePublicado: 12/08/2022Last revised: 12/08/2022Descripción: *** Pendiente de traducción *** An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous ... read more
- CVE-2022-35956Gravedad: NonePublicado: 12/08/2022Last revised: 12/08/2022Descripción: *** Pendiente de traducción *** This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single ... read more
- CVE-2022-2803Gravedad: NonePublicado: 12/08/2022Last revised: 12/08/2022Descripción: *** Pendiente de traducción *** A vulnerability was found in SourceCodester Zoo Management System and classified as critical. This issue affects some unknown processing of ... read more
- CVE-2022-2801Gravedad: NonePublicado: 12/08/2022Last revised: 12/08/2022Descripción: *** Pendiente de traducción *** A vulnerability, which was classified as critical, was found in SourceCodester Automated Beer Parlour Billing System. This affects an unknown ... read more
- CVE-2022-38183Gravedad: NonePublicado: 12/08/2022Last revised: 12/08/2022Descripción: *** Pendiente de traducción *** In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, ... read more
- CVE-2022-2800A vulnerability, which was classified as problematic, has been found in SourceCodester Gym Management System. Affected by this issue is some unknown functionality. The manipulation leads to clickjacking. The attack ... read more
- CVE-2022-2616Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox ... read more
- CVE-2022-2801A vulnerability, which was classified as critical, was found in SourceCodester Automated Beer Parlour Billing System. This affects an unknown part of the component Login. The manipulation of the argument ... read more
- CVE-2022-2622Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file. ... read more
- CVE-2022-2802A vulnerability has been found in SourceCodester Gas Agency Management System and classified as critical. This vulnerability affects unknown code of the file gasmark/login.php. The manipulation of the argument username ... read more
- CVE-2022-2615Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. ... read more
- CVE-2022-2613Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially ... read more
- CVE-2022-35943Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/libraries/security.html) mechanism with CodeIgniter Shield. For this attack to ... read more
- CVE-2022-38183In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in ... read more
- CVE-2022-2619Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML ... read more
- CVE-2022-2614Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. ... read more
- CVE-2022-2618Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . ... read more
- CVE-2022-2620Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially ... read more
- CVE-2022-2624Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption ... read more
- CVE-2022-35956This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Before ... read more
- CVE-2022-2621Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific ... read more
- CVE-2022-2617Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via ... read more
Title | Category | Tag |
Africa – The State of African Utilities Performance Assessment and Benchmarking Report – Water |
SmartCitiesStandardsPracticesWater | africa infrastructure water |
Project Management Evaluation Good Practice Standards – ECG – EPCM |
EPCMStandardsPractices | epcm standards |