What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-03 16:15:19 | CVE-2022-23400 (lien direct) | A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. A specially-crafted PSD file can overflow a stack buffer, which could either lead to denial of service or, depending on the application, to an information leak. An attacker can provide a malicious file to trigger this vulnerability. | Vulnerability Guideline | ||
|
2022-05-03 04:15:09 | CVE-2022-20751 (lien direct) | A vulnerability in the Snort detection engine integration for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause unlimited memory consumption, which could lead to a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient memory management for certain Snort events. An attacker could exploit this vulnerability by sending a series of crafted IP packets that would generate specific Snort events on an affected device. A sustained attack could cause an out of memory condition on the affected device. A successful exploit could allow the attacker to interrupt all traffic flowing through the affected device. In some circumstances, the attacker may be able to cause the device to reload, resulting in a DoS condition. | Vulnerability Threat Guideline | ||
|
2022-05-02 20:15:08 | CVE-2022-29444 (lien direct) | Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin | Vulnerability Guideline | ||
|
2022-05-02 19:15:08 | CVE-2021-3750 (lien direct) | A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0. | Guideline | ★★★ | |
|
2022-05-02 19:15:08 | CVE-2021-3643 (lien direct) | A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information. | Guideline | ||
|
2022-05-02 16:15:09 | CVE-2022-1273 (lien direct) | The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE | Guideline | ★★★★★ | |
|
2022-05-02 16:15:08 | CVE-2022-0428 (lien direct) | The Content Egg WordPress plugin before 5.3.0 does not sanitise and escape the page parameter before outputting back in an attribute in the Autoblogging admin dashboard, leading to a Reflected Cross-Site Scripting | Guideline | ★★★ | |
|
2022-05-02 16:15:08 | CVE-2022-1255 (lien direct) | The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues | Guideline | ★★★★ | |
|
2022-05-02 16:15:08 | CVE-2022-0771 (lien direct) | The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions (available to both unauthenticated and authenticated users), leading to Unauthenticated SQL Injections | Guideline | ★★★ | |
|
2022-05-02 16:15:08 | CVE-2022-1250 (lien direct) | The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue | Guideline | ★★★★ | |
|
2022-05-02 16:15:08 | CVE-2021-25102 (lien direct) | The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redirect as well as Cross-Site Scripting issue. Exploitation of this issue requires the Login Page URL value to be known, which should be hard to guess, reducing the risk | Guideline | ★★★★★ | |
|
2022-05-02 16:15:08 | CVE-2022-1269 (lien direct) | The Fast Flow WordPress plugin before 1.2.11 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting | Guideline | ★★★★ | |
|
2022-05-02 16:15:08 | CVE-2022-0773 (lien direct) | The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users. | Guideline | ★★ | |
|
2022-05-02 13:15:08 | CVE-2022-23064 (lien direct) | In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over. | Guideline | ||
|
2022-05-01 16:15:08 | CVE-2022-25647 (lien direct) | The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. | Guideline | ★★★ | |
|
2022-05-01 16:15:08 | CVE-2022-21189 (lien direct) | The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPath(obj, keyPath, value) function which does not properly check the keys being set (like __proto__ or constructor). This can allow an attacker to add/modify properties of the Object.prototype leading to prototype pollution vulnerability. **Note:** This vulnerability can occur in multiple ways, for example when modifying a collection with untrusted user input. | Vulnerability Guideline | ★★★ | |
|
2022-05-01 16:15:08 | CVE-2022-21149 (lien direct) | The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user's account through the stolen cookie. | Guideline | ||
|
2022-05-01 16:15:08 | CVE-2022-25850 (lien direct) | The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server. | Guideline | ||
|
2022-05-01 12:15:07 | CVE-2022-1544 (lien direct) | Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained confidential data. | Guideline | ||
|
2022-04-30 22:15:08 | CVE-2021-41992 (lien direct) | A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. | Guideline | ★★★★★ | |
|
2022-04-30 22:15:08 | CVE-2021-41994 (lien direct) | A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. | Guideline | ★★★ | |
|
2022-04-30 22:15:08 | CVE-2021-41993 (lien direct) | A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. | Guideline | ★★ | |
|
2022-04-30 22:15:08 | CVE-2021-42001 (lien direct) | PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP. | Vulnerability Guideline | ||
|
2022-04-29 18:15:08 | CVE-2022-1543 (lien direct) | Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server. | Guideline | ★★★★ | |
|
2022-04-29 17:15:22 | CVE-2022-29451 (lien direct) | Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin | Vulnerability Guideline | ||
|
2022-04-29 17:15:20 | CVE-2021-4207 (lien direct) | A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. | Guideline | ||
|
2022-04-29 17:15:19 | CVE-2021-3982 (lien direct) | Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine. | Guideline | ★★ | |
|
2022-04-29 16:15:08 | CVE-2022-1353 (lien direct) | A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. | Vulnerability Guideline | ||
|
2022-04-29 16:15:08 | CVE-2022-1249 (lien direct) | A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign. | Guideline | ★★★★★ | |
|
2022-04-29 16:15:08 | CVE-2022-1227 (lien direct) | A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. | Vulnerability Guideline | ||
|
2022-04-29 16:15:08 | CVE-2022-1114 (lien direct) | A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service. | Vulnerability Guideline | ||
|
2022-04-29 14:15:11 | CVE-2022-24900 (lien direct) | Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The `os.path.join` call is unsafe for use with untrusted input. When the `os.path.join` call encounters an absolute path, it ignores all the parameters it has encountered till that point and starts working with the new absolute path. Since the "malicious" parameter represents an absolute path, the result of `os.path.join` ignores the static directory completely. Hence, untrusted input is passed via the `os.path.join` call to `flask.send_file` can lead to path traversal attacks. A patch with a fix is available on the `master` branch of the GitHub repository. This can also be fixed by preventing flow of untrusted data to the vulnerable `send_file` function. In case the application logic necessiates this behaviour, one can either use the `flask.safe_join` to join untrusted paths or replace `flask.send_file` calls with `flask.send_from_directory` calls. | Guideline | ||
|
2022-04-29 13:15:08 | CVE-2022-1536 (lien direct) | A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Homealert("home") leads to a cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit details have disclosed to the public and may be used. | Vulnerability Guideline | ||
|
2022-04-29 09:15:08 | CVE-2022-1531 (lien direct) | SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint_2022-04-20 . This vulnerability is critical as it can lead to remote code execution and thus complete server takeover. | Vulnerability Guideline | ||
|
2022-04-28 17:15:39 | CVE-2022-29413 (lien direct) | Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit ????? plugin | Guideline Cloud | APT 37 | |
|
2022-04-28 16:15:08 | CVE-2022-22322 (lien direct) | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218370. | Vulnerability Guideline | ||
|
2022-04-28 16:15:08 | CVE-2022-22443 (lien direct) | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224440. | Vulnerability Guideline | ||
|
2022-04-28 16:15:08 | CVE-2022-22427 (lien direct) | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223720. | Vulnerability Guideline | ||
|
2022-04-28 16:15:08 | CVE-2022-27860 (lien direct) | Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge's Footer Text plugin | Guideline | ★★★ | |
|
2022-04-28 16:15:07 | CVE-2021-38952 (lien direct) | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211408. | Vulnerability Guideline | ||
|
2022-04-28 15:15:09 | CVE-2022-22781 (lien direct) | The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor updating an unsuspecting user’s currently installed version to a less secure version. | Guideline | ||
|
2022-04-28 13:15:08 | CVE-2021-41921 (lien direct) | novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution. | Guideline | ★★★ | |
|
2022-04-27 18:15:08 | CVE-2022-28195 (lien direct) | NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. | Vulnerability Guideline | ||
|
2022-04-27 18:15:08 | CVE-2022-28197 (lien direct) | NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult- to-exploit vulnerability may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. | Vulnerability Guideline | ||
|
2022-04-27 18:15:08 | CVE-2022-28196 (lien direct) | NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and limited denial of service. | Vulnerability Guideline | ||
|
2022-04-27 18:15:07 | CVE-2022-28193 (lien direct) | NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality. | Vulnerability Guideline | ||
|
2022-04-27 18:15:07 | CVE-2022-28194 (lien direct) | NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where, if TFTP is enabled, a local attacker can cause a memory buffer overflow, which may lead to code execution, loss of Integrity, limited denial of service, and some impact to confidentiality. | Vulnerability Guideline | ||
|
2022-04-27 16:15:11 | CVE-2022-22345 (lien direct) | IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220041. | Vulnerability Guideline | ||
|
2022-04-27 16:15:10 | CVE-2021-34587 (lien direct) | In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable. | Guideline | ||
|
2022-04-27 15:15:09 | CVE-2022-24888 (lien direct) | Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders that have these characters in the middle of their names, so this might be an opportunity for injection. This issue is fixed in versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1. There are currently no known workarounds. | Guideline |
To see everything:
