What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-11-08 21:15:14 | CVE-2022-32612 (lien direct) | In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203500; Issue ID: ALPS07203500. | Guideline | ||
|
2022-11-08 21:15:14 | CVE-2022-32614 (lien direct) | In audio, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310571; Issue ID: ALPS07310571. | Guideline | ||
|
2022-11-08 21:15:14 | CVE-2022-32613 (lien direct) | In vcu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07206340; Issue ID: ALPS07206340. | Guideline | ||
|
2022-11-08 21:15:13 | CVE-2022-32610 (lien direct) | In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203476; Issue ID: ALPS07203476. | Guideline | ||
|
2022-11-08 21:15:13 | CVE-2022-32611 (lien direct) | In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340373; Issue ID: ALPS07340373. | Guideline | ||
|
2022-11-08 21:15:13 | CVE-2022-32609 (lien direct) | In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203410; Issue ID: ALPS07203410. | Guideline | ||
|
2022-11-08 21:15:12 | CVE-2022-32603 (lien direct) | In gpu drm, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310704; Issue ID: ALPS07310704. | Guideline | ||
|
2022-11-08 21:15:12 | CVE-2022-32607 (lien direct) | In aee, there is a possible use after free due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07202891; Issue ID: ALPS07202891. | Guideline | ||
|
2022-11-08 21:15:12 | CVE-2022-32608 (lien direct) | In jpeg, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388753; Issue ID: ALPS07388753. | Guideline | ||
|
2022-11-08 21:15:12 | CVE-2022-32605 (lien direct) | In isp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07213898; Issue ID: ALPS07213898. | Guideline | ||
|
2022-11-08 21:15:11 | CVE-2022-26446 (lien direct) | In Modem 4G RRC, there is a possible system crash due to improper input validation. This could lead to remote denial of service, when concatenating improper SIB12 (CMAS message), with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00867883; Issue ID: ALPS07274118. | Guideline | ||
|
2022-11-08 21:15:11 | CVE-2022-32601 (lien direct) | In telephony, there is a possible permission bypass due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319132; Issue ID: ALPS07319132. | Guideline | ||
|
2022-11-08 21:15:11 | CVE-2022-32602 (lien direct) | In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388790; Issue ID: ALPS07388790. | Guideline | ||
|
2022-11-08 21:15:09 | CVE-2022-21778 (lien direct) | In vpu, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06382421; Issue ID: ALPS06382421. | Guideline | ||
|
2022-11-08 20:15:11 | CVE-2022-39377 (lien direct) | sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1. | Guideline | ||
|
2022-11-08 19:15:18 | CVE-2022-44741 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin | Vulnerability Guideline | ||
|
2022-11-08 19:15:17 | CVE-2022-43491 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin | Vulnerability Guideline | ||
|
2022-11-08 19:15:17 | CVE-2022-43481 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons for WooCommerce Coupons plugin | Vulnerability Guideline | ||
|
2022-11-08 19:15:15 | CVE-2022-40632 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin | Vulnerability Guideline | ||
|
2022-11-08 19:15:15 | CVE-2022-41136 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin | Vulnerability Guideline | ||
|
2022-11-08 19:15:14 | CVE-2022-40223 (lien direct) | Nonce token leakage and missing authorization in SearchWP premium plugin | Guideline | ★★ | |
|
2022-11-08 19:15:13 | CVE-2022-40128 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin | Vulnerability Guideline | ||
|
2022-11-08 19:15:12 | CVE-2022-32587 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page Widget plugin | Vulnerability Guideline | ★★★ | |
|
2022-11-08 19:15:11 | CVE-2022-27914 (lien direct) | An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media. | Guideline | ||
|
2022-11-07 16:15:10 | CVE-2022-3878 (lien direct) | A vulnerability classified as critical has been found in Maxon ERP. This affects an unknown part of the file /index.php/purchase_order/browse_data. The manipulation of the argument tb_search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213039. | Vulnerability Guideline | ||
|
2022-11-07 12:15:09 | CVE-2022-2188 (lien direct) | Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lead to a denial-of-service attack on the DXL Broker. | Vulnerability Guideline | ||
|
2022-11-07 10:15:11 | CVE-2022-3463 (lien direct) | The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection | Guideline | ||
|
2022-11-07 10:15:11 | CVE-2022-3481 (lien direct) | The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection | Guideline | ||
|
2022-11-07 04:15:09 | CVE-2022-44795 (lien direct) | An issue was discovered in Object First 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, an attacker can get access to system logs. An attacker would need credentials to exploit this vulnerability. This is fixed in 1.0.13.1611. | Guideline | ||
|
2022-11-05 09:15:09 | CVE-2022-3868 (lien direct) | A vulnerability classified as critical has been found in SourceCodester Sanitization Management System. Affected is an unknown function of the file /php-sms/classes/Master.php?f=save_quote. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213012. | Vulnerability Guideline | ||
|
2022-11-04 23:15:10 | CVE-2022-43569 (lien direct) | In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model. | Guideline | ★★★ | |
|
2022-11-04 12:15:19 | CVE-2022-41667 (lien direct) | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | Vulnerability Guideline | ||
|
2022-11-04 05:15:09 | CVE-2022-41666 (lien direct) | A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | Vulnerability Guideline | ||
|
2022-11-03 23:15:15 | CVE-2022-43561 (lien direct) | In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power� Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). The vulnerability affects instances with Splunk Web enabled. | Vulnerability Guideline | ||
|
2022-11-03 20:15:28 | CVE-2022-35642 (lien direct) | "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592." | Vulnerability Guideline | ||
|
2022-11-03 20:15:28 | CVE-2022-30615 (lien direct) | "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592. | Vulnerability Guideline | ||
|
2022-11-02 20:15:11 | CVE-2022-3844 (lien direct) | A vulnerability, which was classified as problematic, was found in Webmin. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. The name of the patch is d3d33af3c0c3fd3a889c84e287a038b7a457d811. It is recommended to apply a patch to fix this issue. VDB-212862 is the identifier assigned to this vulnerability. | Guideline | ||
|
2022-11-02 20:15:11 | CVE-2022-3845 (lien direct) | A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.0 is able to address this issue. The name of the patch is 22c797c3583001211fe7d31bccd3f1d4aeeb3bbc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-212863. | Vulnerability Guideline | ||
|
2022-11-02 20:15:09 | CVE-2022-2904 (lien direct) | A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 It was possible to exploit a vulnerability in the external status checks feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. | Vulnerability Guideline | ||
|
2022-11-02 19:15:09 | CVE-2020-36608 (lien direct) | A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. Affected by this issue is some unknown functionality of the file admin_organizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is dfd0afacb26c3682a847bea7b49ea440b63f3baa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212816. | Vulnerability Guideline | ||
|
2022-11-02 17:15:18 | CVE-2022-3575 (lien direct) | Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device. | Guideline | ||
|
2022-11-02 13:15:18 | CVE-2022-3827 (lien direct) | A vulnerability was found in centreon. It has been declared as critical. This vulnerability affects unknown code of the file formContactGroup.php of the component Contact Groups Form. The manipulation of the argument cg_id leads to sql injection. The attack can be initiated remotely. The name of the patch is 293b10628f7d9f83c6c82c78cf637cbe9b907369. It is recommended to apply a patch to fix this issue. VDB-212794 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-11-02 13:15:18 | CVE-2022-3826 (lien direct) | A vulnerability was found in Huaxia ERP. It has been classified as problematic. This affects an unknown part of the file /depotHead/list of the component Retail Management. The manipulation of the argument search leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212793 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-11-02 13:15:17 | CVE-2022-3825 (lien direct) | A vulnerability was found in Huaxia ERP 2.3 and classified as critical. Affected by this issue is some unknown functionality of the component User Management. The manipulation of the argument login leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212792. | Vulnerability Guideline | ||
|
2022-11-02 13:15:16 | CVE-2022-3809 (lien direct) | A vulnerability was found in Axiomatic Bento4 and classified as problematic. Affected by this issue is the function ParseCommandLine of the file Mp4Tag/Mp4Tag.cpp of the component mp4tag. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212666 is the identifier assigned to this vulnerability. | Vulnerability Guideline | APT 17 | |
|
2022-11-02 13:15:16 | CVE-2022-3810 (lien direct) | A vulnerability was found in Axiomatic Bento4. It has been classified as problematic. This affects the function AP4_File::AP4_File of the file Mp42Hevc.cpp of the component mp42hevc. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212667. | Vulnerability Guideline | APT 17 | |
|
2022-11-02 13:15:10 | CVE-2021-37789 (lien direct) | stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service. | Guideline | ||
|
2022-11-01 22:15:12 | CVE-2022-3815 (lien direct) | A vulnerability, which was classified as problematic, has been found in Axiomatic Bento4. This issue affects some unknown processing of the component mp4decrypt. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212681 was assigned to this vulnerability. | Guideline | APT 17 | |
|
2022-11-01 22:15:12 | CVE-2022-3817 (lien direct) | A vulnerability has been found in Axiomatic Bento4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component mp4mux. The manipulation leads to memory leak. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212683. | Vulnerability Guideline | APT 17 | |
|
2022-11-01 22:15:12 | CVE-2022-3816 (lien direct) | A vulnerability, which was classified as problematic, was found in Axiomatic Bento4. Affected is an unknown function of the component mp4decrypt. The manipulation leads to memory leak. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212682 is the identifier assigned to this vulnerability. | Guideline | APT 17 |
To see everything:
Our RSS (filtrered)
