What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-29 18:15:09 | CVE-2022-2599 (lien direct) | The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scripting | Guideline | ||
|
2022-08-29 18:15:09 | CVE-2022-2261 (lien direct) | The WPIDE WordPress plugin before 3.0 does not sanitize and validate the filename parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue. | Guideline | ||
|
2022-08-29 16:15:08 | CVE-2022-27558 (lien direct) | HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking. | Guideline | ||
|
2022-08-29 15:15:10 | CVE-2022-1016 (lien direct) | A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. | Guideline | ||
|
2022-08-29 15:15:10 | CVE-2022-35962 (lien direct) | Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in version 27.190. | Guideline | ||
|
2022-08-29 15:15:10 | CVE-2022-1115 (lien direct) | A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service. | Vulnerability Guideline | ||
|
2022-08-29 15:15:09 | CVE-2022-0669 (lien direct) | A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service. | Guideline | ||
|
2022-08-29 15:15:09 | CVE-2022-0284 (lien direct) | A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure. | Vulnerability Guideline | ||
|
2022-08-29 15:15:09 | CVE-2022-0480 (lien direct) | A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks. | Guideline | ||
|
2022-08-27 09:15:08 | CVE-2022-3014 (lien direct) | A vulnerability classified as problematic was found in SourceCodester Simple Task Managing System. This vulnerability affects unknown code. The manipulation of the argument student_add leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-207424. | Vulnerability Guideline | ||
|
2022-08-27 09:15:08 | CVE-2022-3012 (lien direct) | A vulnerability was found in oretnom23 Fast Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file ffos/admin/reports/index.php. The manipulation of the argument date leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-207422 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-08-27 09:15:08 | CVE-2022-3015 (lien direct) | A vulnerability, which was classified as problematic, has been found in oretnom23 Fast Food Ordering System. This issue affects some unknown processing of the file admin/?page=reports. The manipulation of the argument date leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-207425 was assigned to this vulnerability. | Guideline | ||
|
2022-08-27 09:15:08 | CVE-2022-3013 (lien direct) | A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. This affects an unknown part of the file /loginVaLidation.php. The manipulation of the argument login leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-207423. | Vulnerability Guideline | ||
|
2022-08-26 21:15:08 | CVE-2022-2915 (lien direct) | A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions. | Vulnerability Guideline | ||
|
2022-08-26 18:15:09 | CVE-2022-35714 (lien direct) | IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231116. | Vulnerability Guideline | ★★★★★ | |
|
2022-08-26 18:15:08 | CVE-2022-0207 (lien direct) | A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text. | Guideline | ||
|
2022-08-26 18:15:08 | CVE-2022-0225 (lien direct) | A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack. | Guideline | ||
|
2022-08-26 18:15:08 | CVE-2022-0175 (lien direct) | A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure. | Guideline | ||
|
2022-08-26 16:15:09 | CVE-2021-3669 (lien direct) | A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. | Guideline | ||
|
2022-08-25 23:15:08 | CVE-2022-28747 (lien direct) | Key reuse in GoSecure Titan Inbox Detection & Response (IDR) through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload. | Guideline | ||
|
2022-08-25 20:15:09 | CVE-2021-3929 (lien direct) | A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host. | Guideline | ||
|
2022-08-25 20:15:08 | CVE-2021-20224 (lien direct) | An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash. | Guideline | ||
|
2022-08-25 18:15:09 | CVE-2022-0135 (lien direct) | An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution. | Guideline | ||
|
2022-08-25 18:15:09 | CVE-2022-23715 (lien direct) | A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user and PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore | Guideline | ||
|
2022-08-25 15:15:10 | CVE-2022-37244 (lien direct) | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection. | Guideline | ||
|
2022-08-25 15:15:08 | CVE-2022-22728 (lien direct) | A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. | Guideline | ★★★★★ | |
|
2022-08-25 06:15:07 | CVE-2022-2957 (lien direct) | A vulnerability classified as critical was found in SourceCodester Simple and Nice Shopping Cart Script. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation of the argument mem_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207001 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-08-24 20:15:09 | CVE-2022-32893 (lien direct) | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | Guideline | ★★ | |
|
2022-08-24 16:15:10 | CVE-2021-4217 (lien direct) | A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. | Vulnerability Guideline | ||
|
2022-08-24 16:15:10 | CVE-2021-4214 (lien direct) | A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service. | Guideline | ★★★★★ | |
|
2022-08-24 16:15:09 | CVE-2021-4189 (lien direct) | A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. | Vulnerability Guideline | ||
|
2022-08-24 16:15:09 | CVE-2021-4041 (lien direct) | A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansible_runner.interface.run_command, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual environment. | Guideline | ||
|
2022-08-24 16:15:09 | CVE-2021-4209 (lien direct) | A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. | Guideline | ||
|
2022-08-24 16:15:09 | CVE-2021-3998 (lien direct) | A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. | Guideline | ★★★ | |
|
2022-08-24 16:15:09 | CVE-2021-3999 (lien direct) | A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. | Guideline | ★★★★ | |
|
2022-08-24 16:15:09 | CVE-2021-4037 (lien direct) | A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS. | Vulnerability Guideline | ||
|
2022-08-24 14:15:08 | CVE-2021-0887 (lien direct) | In PVRSRVBridgeHeapCfgHeapConfigName, there is a possible leak of kernel heap content due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-236848817 | Guideline | ★★★★★ | |
|
2022-08-24 12:15:08 | CVE-2022-27812 (lien direct) | Flooding SNS firewall 3.7.0 to 3.7.26 with udp or icmp randomizing the source through an internal to internal or external to internal interfaces will lead the firewall to overwork. It will consume 100% CPU, 100 RAM and won't be available and can crash. | Guideline | ★★★ | |
|
2022-08-23 20:15:08 | CVE-2021-3997 (lien direct) | A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. | Guideline | ||
|
2022-08-23 17:15:15 | CVE-2022-37428 (lien direct) | PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties. | Guideline | ||
|
2022-08-23 16:15:11 | CVE-2022-36341 (lien direct) | Authenticated (subscriber+) plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability in Akash soni's AS – Create Pinterest Pinboard Pages plugin | Vulnerability Guideline | ||
|
2022-08-23 16:15:11 | CVE-2022-36379 (lien direct) | Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney ?Kassa ??? WooCommerce plugin | Guideline | ||
|
2022-08-23 16:15:10 | CVE-2022-28883 (lien direct) | A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker. | Vulnerability Guideline | ||
|
2022-08-23 16:15:10 | CVE-2022-28882 (lien direct) | A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker. | Vulnerability Guideline | ||
|
2022-08-23 16:15:10 | CVE-2022-35242 (lien direct) | Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin | Vulnerability Guideline | ||
|
2022-08-23 16:15:09 | CVE-2021-23177 (lien direct) | An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges. | Guideline | ||
|
2022-08-23 16:15:09 | CVE-2021-3690 (lien direct) | A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability. | Vulnerability Threat Guideline | ||
|
2022-08-23 16:15:09 | CVE-2021-31566 (lien direct) | An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system. | Guideline | ||
|
2022-08-23 12:15:08 | CVE-2021-42627 (lien direct) | The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page. | Guideline | ||
|
2022-08-23 11:15:08 | CVE-2022-2956 (lien direct) | A vulnerability classified as problematic has been found in ConsoleTVs Noxen. Affected is an unknown function of the file /Noxen-master/users.php. The manipulation of the argument create_user_username with the input ">alert(/xss/) leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-207000. | Vulnerability Guideline |
To see everything:
Our RSS (filtrered)
