βΌ CVE-2022-41061 βΌ
π Read
via "National Vulnerability Database".
Microsoft Word Remote Code Execution Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44553 βΌ
π Read
via "National Vulnerability Database".
The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44558 βΌ
π Read
via "National Vulnerability Database".
The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31686 βΌ
π Read
via "National Vulnerability Database".
VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41103 βΌ
π Read
via "National Vulnerability Database".
Microsoft Word Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-41060.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41097 βΌ
π Read
via "National Vulnerability Database".
Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-41125 βΌ
π Read
via "National Vulnerability Database".
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44562 βΌ
π Read
via "National Vulnerability Database".
The system framework layer has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43310 βΌ
π Read
via "National Vulnerability Database".
An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3280 βΌ
π Read
via "National Vulnerability Database".
An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3818 βΌ
π Read
via "National Vulnerability Database".
An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the GitLab instance.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3483 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. A malicious maintainer could exfiltrate a Datadog integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39307 βΌ
π Read
via "National Vulnerability Database".
Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the `/api/user/password/sent-reset-email` URL. When the username or email does not exist, a JSON response contains a Γ’β¬Εuser not foundΓ’β¬οΏ½ message. This leaks information to unauthenticated users and introduces a security risk. This issue has been patched in 9.2.4 and backported to 8.5.15. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39368 βΌ
π Read
via "National Vulnerability Database".
Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the threshold to be reached without being released again. This results in permanently dropping records. The issue was reported for certificate based handshakes, but may also affect PSK based handshakes. It generally affects client and server as well. This issue is patched in version 3.7.0 and 2.7.4. There are no known workarounds. main: commit 726bac57659410da463dcf404b3e79a7312ac0b9 2.7.x: commit 5648a0c27c2c2667c98419254557a14bac2b1f3fπ Read
via "National Vulnerability Database".
βΌ CVE-2022-3819 βΌ
π Read
via "National Vulnerability Database".
An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3486 βΌ
π Read
via "National Vulnerability Database".
An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3413 βΌ
π Read
via "National Vulnerability Database".
Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. These should have been restricted to Project Maintainers, Group Owners, and above.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3706 βΌ
π Read
via "National Vulnerability Database".
Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take ownership of the retried jobs in the upstream pipeline even if the user doesn't have access to that project.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3265 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3726 βΌ
π Read
via "National Vulnerability Database".
Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2761 βΌ
π Read
via "National Vulnerability Database".
An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown (GFM) references in a Jira issue to disclose the names of resources they don't have access to.π Read
via "National Vulnerability Database".