CWE:
 

Tytuł
Data
Autor
Med.
Landesk Management Suite 9.5 RFI / CSRF
21.04.2015
Alex Haynes


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-04-14
Medium
CVE-2022-24824

Vendor: Discourse
Software: Discourse
 

 
Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no known workarounds for this issue.

 
2022-04-11
Medium
CVE-2022-1161

Updating...
 

 
An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.

 
2022-03-15
Medium
CVE-2022-25485

Vendor: Cuppacms
Software: Cuppacms
 

 
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.

 
Medium
CVE-2022-25486

Vendor: Cuppacms
Software: Cuppacms
 

 
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.

 
2022-02-24
Medium
CVE-2022-24232

Vendor: Hospital\'s patient records management system project
Software: Hospital\'s ...
 

 
A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

 
2022-02-10
Medium
CVE-2022-23630

Vendor: Gradle
Software: Gradle
 

 
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled on one or more configurations and those configurations have common dependencies with other configurations that have dependency verification enabled. If the configuration that has dependency verification disabled is resolved first, Gradle does not verify the common dependencies for the configuration that has dependency verification enabled. Gradle 7.4 fixes that issue by validating artifacts at least once if they are present in a resolved configuration that has dependency verification active. For users who cannot update either do not use `ResolutionStrategy.disableDependencyVerification()` and do not use plugins that use that method to disable dependency verification for a single configuration or make sure resolution of configuration that disable that feature do not happen in builds that resolve configuration where the feature is enabled.

 
2022-02-03
Medium
CVE-2021-41841

Vendor: Insyde
Software: Insydeh2o
 

 
An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere.

 
2021-12-07
Medium
CVE-2021-42133

Vendor: Ivanti
Software: Avalanche
 

 
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write.

 
2021-11-30
Medium
CVE-2021-41256

Vendor: Nextcloud
Software: NEWS
 

 
nextcloud news-android is an Android client for the Nextcloud news/feed reader app. In affected versions the Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally giving read and write access to non-exported Content Providers in Nextcloud News for Android. Users should upgrade to version 0.9.9.63 or higher as soon as possible.

 
2021-11-24
Low
CVE-2021-20843

Updating...
 

 
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top