What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-28 17:15:11 | CVE-2023-20945 (lien direct) | In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-246932269 | Guideline | ||
|
2023-02-28 17:15:11 | CVE-2023-20948 (lien direct) | In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-230630526 | Guideline | ||
|
2023-02-28 17:15:10 | CVE-2023-20939 (lien direct) | In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243362981 | Guideline | ||
|
2023-02-28 17:15:10 | CVE-2023-20943 (lien direct) | In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240267890 | Guideline | ||
|
2023-02-28 17:15:10 | CVE-2023-20944 (lien direct) | In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-244154558 | Guideline | ||
|
2023-02-28 17:15:10 | CVE-2023-20933 (lien direct) | In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-245860753 | Guideline | ||
|
2023-02-28 17:15:10 | CVE-2022-20551 (lien direct) | In createTrack of AudioFlinger.cpp, there is a possible way to record audio without a privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243376549 | Guideline | ||
|
2023-02-28 17:15:10 | CVE-2023-20934 (lien direct) | In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-258672042 | Guideline | ||
|
2023-02-28 17:15:10 | CVE-2023-20938 (lien direct) | In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257685302References: Upstream kernel | Guideline | ||
|
2023-02-28 17:15:10 | CVE-2023-20937 (lien direct) | In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257443051References: Upstream kernel | Guideline | ||
|
2023-02-28 17:15:10 | CVE-2022-20455 (lien direct) | In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242537431 | Guideline | ||
|
2023-02-28 17:15:10 | CVE-2022-20481 (lien direct) | In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241927115 | Guideline | ||
|
2023-02-28 17:15:10 | CVE-2023-20940 (lien direct) | In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256237041 | Guideline | ||
|
2023-02-28 17:15:10 | CVE-2023-20932 (lien direct) | In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-248251018 | Guideline | ||
|
2023-02-28 16:15:09 | CVE-2023-25807 (lien direct) | DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses the dashboard. The vulnerability has been fixed in version 1.18.3. | Vulnerability Guideline | ||
|
2023-02-28 16:15:09 | CVE-2023-25265 (lien direct) | Docmosis Tornado | Guideline | ||
|
2023-02-28 16:15:09 | CVE-2023-25266 (lien direct) | An issue was discovered in Docmosis Tornado prior to version 2.9.5. An authenticated attacker can change the Office directory setting pointing to an arbitrary remote network path. This triggers the execution of the soffice binary under the attackers control leading to arbitrary remote code execution (RCE). | Guideline | ||
|
2023-02-28 15:15:12 | CVE-2023-23983 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Responsive Vertical Icon Menu plugin | Vulnerability Guideline | ||
|
2023-02-28 15:15:12 | CVE-2023-23865 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce plugin | Vulnerability Guideline | ||
|
2023-02-28 15:15:11 | CVE-2022-47612 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin | Vulnerability Guideline | ||
|
2023-02-28 15:15:10 | CVE-2022-47179 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weather plugin | Vulnerability Guideline | ||
|
2023-02-28 14:15:09 | CVE-2023-23992 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin | Vulnerability Guideline | ||
|
2023-02-28 00:15:09 | CVE-2015-10086 (lien direct) | A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is fa0d9bcf81c711a88172ad0d37a842f029ac3782. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221808. | Vulnerability Guideline | ||
|
2023-02-27 22:15:09 | CVE-2023-1055 (lien direct) | A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality. | Vulnerability Threat Guideline | ||
|
2023-02-27 21:15:12 | CVE-2023-26043 (lien direct) | GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3. | Guideline | ||
|
2023-02-27 20:15:14 | CVE-2023-23524 (lien direct) | A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, tvOS 16.3.2, watchOS 9.3.1. Processing a maliciously crafted certificate may lead to a denial-of-service. | Guideline | ||
|
2023-02-27 20:15:14 | CVE-2023-23529 (lien direct) | A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | Guideline | ||
|
2023-02-27 20:15:14 | CVE-2023-23519 (lien direct) | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, iOS 16.3 and iPadOS 16.3, watchOS 9.3. Processing an image may lead to a denial-of-service. | Guideline | ||
|
2023-02-27 20:15:14 | CVE-2023-23517 (lien direct) | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, tvOS 16.3, Safari 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.3. Processing maliciously crafted web content may lead to arbitrary code execution. | Guideline | ||
|
2023-02-27 20:15:14 | CVE-2023-23518 (lien direct) | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, tvOS 16.3, Safari 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.3. Processing maliciously crafted web content may lead to arbitrary code execution. | Guideline | ||
|
2023-02-27 20:15:14 | CVE-2023-23513 (lien direct) | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, macOS Big Sur 11.7.3. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution. | Guideline | ||
|
2023-02-27 20:15:14 | CVE-2023-23512 (lien direct) | The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, iOS 16.3 and iPadOS 16.3, watchOS 9.3. Visiting a website may lead to an app denial-of-service. | Guideline | ||
|
2023-02-27 20:15:13 | CVE-2023-23496 (lien direct) | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, Safari 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. | Guideline | ||
|
2023-02-27 20:15:12 | CVE-2022-46705 (lien direct) | A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing. | Guideline | ||
|
2023-02-27 20:15:12 | CVE-2022-42826 (lien direct) | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13, iOS 16.1 and iPadOS 16, Safari 16.1. Processing maliciously crafted web content may lead to arbitrary code execution. | Guideline | ||
|
2023-02-27 20:15:12 | CVE-2022-32891 (lien direct) | The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing. | Guideline | ||
|
2023-02-27 20:15:11 | CVE-2022-32830 (lien direct) | An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.6, iOS 15.6 and iPadOS 15.6. Processing a maliciously crafted image may lead to disclosure of user information. | Guideline | ||
|
2023-02-27 18:15:19 | CVE-2022-48260 (lien direct) | There is a buffer overflow vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could lead to device service exceptions. | Vulnerability Guideline | ||
|
2023-02-27 18:15:19 | CVE-2022-48255 (lien direct) | There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution. | Vulnerability Guideline | ||
|
2023-02-27 18:15:19 | CVE-2022-48230 (lien direct) | There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could lead to DoS. | Vulnerability Guideline | ||
|
2023-02-27 16:15:12 | CVE-2023-0334 (lien direct) | The ShortPixel Adaptive Images WordPress plugin before 3.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against any high privilege users such as admin | Guideline | ||
|
2023-02-27 16:15:12 | CVE-2023-0552 (lien direct) | The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability | Vulnerability Guideline | ||
|
2023-02-27 16:15:12 | CVE-2023-0487 (lien direct) | The My Sticky Elements WordPress plugin before 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection exploitable by high privilege users such as admin | Guideline | ||
|
2023-02-27 16:15:11 | CVE-2023-0279 (lien direct) | The Media Library Assistant WordPress plugin before 3.06 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | Guideline | ||
|
2023-02-27 16:15:11 | CVE-2023-0278 (lien direct) | The GeoDirectory WordPress plugin before 2.2.24 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | Guideline | ||
|
2023-02-27 16:15:11 | CVE-2023-0043 (lien direct) | The Custom Add User WordPress plugin through 2.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | Guideline | ||
|
2023-02-27 16:15:11 | CVE-2022-4550 (lien direct) | The User Activity WordPress plugin through 1.0.1 checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing | Guideline | ||
|
2023-02-27 15:15:11 | CVE-2022-45137 (lien direct) | The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability. | Guideline | ||
|
2023-02-27 15:15:11 | CVE-2022-45138 (lien direct) | The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device. | Vulnerability Guideline | ||
|
2023-02-27 15:15:11 | CVE-2022-45139 (lien direct) | A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality. | Guideline |
To see everything:
