What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-12-08 10:15:11 | CVE-2020-36610 (lien direct) | A vulnerability was found in annyshow DuxCMS 2.1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215116. | Vulnerability Guideline | ||
|
2022-12-08 10:15:11 | CVE-2022-4354 (lien direct) | A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /blog/comment of the component Message Board. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-215114 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-08 10:15:11 | CVE-2022-4350 (lien direct) | A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215112. | Vulnerability Guideline | ||
|
2022-12-08 10:15:11 | CVE-2022-4353 (lien direct) | A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this vulnerability is the function IpUtil.getIpAddr. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215113 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-08 10:15:10 | CVE-2020-36609 (lien direct) | A vulnerability was found in annyshow DuxCMS 2.1. It has been classified as problematic. This affects an unknown part of the file admin.php&r=article/AdminContent/edit of the component Article Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215115. | Vulnerability Guideline | ||
|
2022-12-08 08:15:09 | CVE-2022-4349 (lien direct) | A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215109 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-08 08:15:09 | CVE-2022-4348 (lien direct) | A vulnerability was found in y_project RuoYi-Cloud. It has been rated as problematic. Affected by this issue is some unknown functionality of the component JSON Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215108. | Vulnerability Guideline | ||
|
2022-12-08 08:15:08 | CVE-2022-4347 (lien direct) | A vulnerability was found in xiandafu beetl-bbs. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file WebUtils.java. The manipulation of the argument user leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215107. | Vulnerability Guideline | ||
|
2022-12-08 04:15:09 | CVE-2022-23476 (lien direct) | Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected. | Guideline | ||
|
2022-12-08 01:15:09 | CVE-2022-23492 (lien direct) | go-libp2p is the offical libp2p implementation in the Go programming language. Version `0.18.0` and older of go-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host’s operating system. While a connection manager tasked with keeping the number of connections within manageable limits has been part of go-libp2p, this component was designed to handle the regular churn of peers, not a targeted resource exhaustion attack. Users are advised to upgrade their version of go-libp2p to version `0.18.1` or newer. Users unable to upgrade may consult the denial of service (dos) mitigation page for more information on how to incorporate mitigation strategies, monitor your application, and respond to attacks. | Guideline | ||
|
2022-12-07 21:15:10 | CVE-2022-4341 (lien direct) | A vulnerability has been found in csliuwy coder-chain_gdut and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /back/index.php/user/User/?1. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215095. | Vulnerability Guideline | ||
|
2022-12-07 21:15:10 | CVE-2022-23486 (lien direct) | libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting killed by its operating system. When executed continuously, this can lead to a denial of service attack, especially relevant on a larger scale when run against more than one node of a libp2p based network. Users are advised to upgrade to `libp2p` `v0.45.1` or above. Users unable to upgrade should reference the DoS Mitigation page for more information on how to incorporate mitigation strategies, monitor their application, and respond to attacks: https://docs.libp2p.io/reference/dos-mitigation/. | Guideline | ||
|
2022-12-07 21:15:10 | CVE-2022-23487 (lien direct) | js-libp2p is the official javascript Implementation of libp2p networking stack. Versions older than `v0.38.0` of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host’s operating system. While a connection manager tasked with keeping the number of connections within manageable limits has been part of js-libp2p, this component was designed to handle the regular churn of peers, not a targeted resource exhaustion attack. Users are advised to update their js-libp2p dependency to `v0.38.0` or greater. There are no known workarounds for this vulnerability. | Guideline | ||
|
2022-12-07 17:15:10 | CVE-2022-41735 (lien direct) | IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687. | Vulnerability Guideline | ||
|
2022-12-07 07:15:09 | CVE-2022-4322 (lien direct) | A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 446eb7294332efca2bfd791bc37281cedac0d0ff. It is recommended to apply a patch to fix this issue. The identifier VDB-215013 was assigned to this vulnerability. | Guideline | ||
|
2022-12-07 04:15:10 | CVE-2022-43667 (lien direct) | Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | Vulnerability Guideline | ||
|
2022-12-07 04:15:10 | CVE-2022-43508 (lien direct) | Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | Vulnerability Guideline | ||
|
2022-12-07 04:15:10 | CVE-2022-43509 (lien direct) | Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | Vulnerability Guideline | ||
|
2022-12-06 20:15:10 | CVE-2022-23475 (lien direct) | daloRADIUS is an open source RADIUS web management application. daloRadius 1.3 and prior are vulnerable to a combination cross site scripting (XSS) and cross site request forgery (CSRF) vulnerability which leads to account takeover in the mng-del.php file because of an unescaped variable reflected in the DOM on line 116. This issue has been addressed in commit `ec3b4a419e`. Users are advised to manually apply the commit in order to mitigate this issue. Users may also mitigate this issue with in two parts 1) The CSRF vulnerability can be mitigated by making the daloRadius session cookie to samesite=Lax or by the implimentation of a CSRF token in all forms. 2) The XSS vulnerability may be mitigated by escaping it or by introducing a Content-Security policy. | Vulnerability Guideline | ||
|
2022-12-06 10:15:10 | CVE-2022-4300 (lien direct) | A vulnerability was found in FastCMS. It has been rated as critical. This issue affects some unknown processing of the file /template/edit of the component Template Handler. The manipulation leads to injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214901 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-06 10:15:09 | CVE-2022-4296 (lien direct) | A vulnerability classified as problematic has been found in TP-Link TL-WR740N. Affected is an unknown function of the component ARP Handler. The manipulation leads to resource consumption. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214812. | Vulnerability Guideline | ||
|
2022-12-06 07:15:26 | CVE-2022-42782 (lien direct) | In wlan driver, there is a possible missing permission check, This could lead to local information disclosure. | Guideline | ||
|
2022-12-06 07:15:25 | CVE-2022-42778 (lien direct) | In windows manager service, there is a missing permission check. This could lead to set up windows manager service with no additional execution privileges needed. | Guideline | ||
|
2022-12-06 07:15:25 | CVE-2022-42779 (lien direct) | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | Guideline | ||
|
2022-12-06 07:15:25 | CVE-2022-42780 (lien direct) | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | Guideline | ||
|
2022-12-06 07:15:25 | CVE-2022-42781 (lien direct) | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | Guideline | ||
|
2022-12-06 07:15:24 | CVE-2022-42775 (lien direct) | In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. | Guideline | ||
|
2022-12-06 07:15:24 | CVE-2022-42776 (lien direct) | In UscAIEngine service, there is a missing permission check. This could lead to set up UscAIEngine service with no additional execution privileges needed. | Guideline | ||
|
2022-12-06 07:15:24 | CVE-2022-42772 (lien direct) | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | Guideline | ||
|
2022-12-06 07:15:24 | CVE-2022-42774 (lien direct) | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | Guideline | ||
|
2022-12-06 07:15:24 | CVE-2022-42777 (lien direct) | In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | Guideline | ||
|
2022-12-06 07:15:24 | CVE-2022-42773 (lien direct) | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | Guideline | ||
|
2022-12-06 07:15:23 | CVE-2022-42770 (lien direct) | In wlan driver, there is a race condition, This could lead to local denial of service in wlan services. | Guideline | ||
|
2022-12-06 07:15:23 | CVE-2022-42767 (lien direct) | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | Guideline | ||
|
2022-12-06 07:15:23 | CVE-2022-42769 (lien direct) | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | Guideline | ||
|
2022-12-06 07:15:23 | CVE-2022-42766 (lien direct) | In wlan driver, there is a possible missing permission check, This could lead to local information disclosure. | Guideline | ||
|
2022-12-06 07:15:23 | CVE-2022-42771 (lien direct) | In wlan driver, there is a race condition, This could lead to local denial of service in wlan services. | Guideline | ||
|
2022-12-06 07:15:23 | CVE-2022-42768 (lien direct) | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | Guideline | ||
|
2022-12-06 07:15:22 | CVE-2022-42763 (lien direct) | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | Guideline | ||
|
2022-12-06 07:15:22 | CVE-2022-42764 (lien direct) | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | Guideline | ||
|
2022-12-06 07:15:22 | CVE-2022-42761 (lien direct) | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | Guideline | ||
|
2022-12-06 07:15:22 | CVE-2022-42765 (lien direct) | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | Guideline | ||
|
2022-12-06 07:15:22 | CVE-2022-42762 (lien direct) | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | Guideline | ||
|
2022-12-06 07:15:21 | CVE-2022-42759 (lien direct) | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | Guideline | ||
|
2022-12-06 07:15:21 | CVE-2022-42760 (lien direct) | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | Guideline | ||
|
2022-12-06 07:15:21 | CVE-2022-42756 (lien direct) | In sensor driver, there is a possible buffer overflow due to a missing bounds check. This could lead to local denial of service in kernel. | Guideline | ||
|
2022-12-06 07:15:21 | CVE-2022-42758 (lien direct) | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | Guideline | ||
|
2022-12-06 07:15:21 | CVE-2022-42757 (lien direct) | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | Guideline | ||
|
2022-12-06 07:15:20 | CVE-2022-42754 (lien direct) | In npu driver, there is a memory corruption due to a use after free. This could lead to local denial of service in kernel. | Guideline | ||
|
2022-12-06 07:15:20 | CVE-2022-42755 (lien direct) | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | Guideline |
To see everything:
Our RSS (filtrered)
