Security
Headlines
HeadlinesLatestCVEs

Tag

#js

CVE-2022-44297: background sql inject · Issue #3490 · siteserver/cms

SiteServer CMS 7.1.3 has a SQL injection vulnerability the background.

CVE
Open in Source
#sql#vulnerability#web#windows#js#java#auth#ibm#firefox
CVE-2022-40035: Unrestricted Upload of File with Dangerous Type In /uploadFileList · Issue #3 · rawchen/blog-ssm

File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList component.

CVE-2022-3902: 2022/CVE-2022-3902.json · master · GitLab.org / cves · GitLab

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing webhooks.

CVE-2022-40037: Unrestricted Upload of File with Dangerous Type In /upFile · Issue #2 · rawchen/blog-ssm

An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile.

CVE-2022-21810: Snyk Vulnerability Database | Snyk

All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization.

CVE-2022-3478: Sidekiq background job DoS by uploading malicious Nuget packages (#377788) · Issues · GitLab.org / GitLab · GitLab

An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package.

CVE-2022-3482: Release names visible in public projects despite release set as project members only (#377802) · Issues · GitLab.org / GitLab · GitLab

An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only

CVE-2022-3572: 2022/CVE-2022-3572.json · master · GitLab.org / cves · GitLab

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed attackers to perform arbitrary actions on behalf of victims.

CVE-2022-3820: 2022/CVE-2022-3820.json · master · GitLab.org / cves · GitLab

An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location.

CVE-2022-26329: Software Fixes - NetIQ Identity Manager 4.8 Service Pack 5 Release Notes

File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL.