What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-10-14 07:15:09 | CVE-2022-3495 (lien direct) | A vulnerability has been found in SourceCodester Simple Online Public Access Catalog 1.0 and classified as critical. This vulnerability affects unknown code of the file /opac/Actions.php?a=login of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210784. | Vulnerability Guideline | ★★ | |
|
2022-10-14 07:15:09 | CVE-2022-3496 (lien direct) | A vulnerability was found in SourceCodester Human Resource Management System 1.0 and classified as critical. This issue affects some unknown processing of the file employeeadd.php of the component Admin Panel. The manipulation leads to improper access controls. The attack may be initiated remotely. The identifier VDB-210785 was assigned to this vulnerability. | Vulnerability Guideline | ★★★★★ | |
|
2022-10-14 07:15:09 | CVE-2022-3497 (lien direct) | A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been classified as problematic. Affected is an unknown function of the component Master List. The manipulation of the argument city/state/country/position leads to cross site scripting. It is possible to launch the attack remotely. VDB-210786 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ★★★★ | |
|
2022-10-13 16:15:09 | CVE-2022-3492 (lien direct) | A vulnerability classified as critical was found in SourceCodester Human Resource Management System 1.0. This vulnerability affects unknown code of the component Profile Photo Handler. The manipulation of the argument parameter leads to os command injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-210772. | Vulnerability Guideline | ★★★★★ | |
|
2022-10-13 04:15:10 | CVE-2022-3473 (lien direct) | A vulnerability classified as critical has been found in SourceCodester Human Resource Management System. This affects an unknown part of the file getstatecity.php. The manipulation of the argument ci leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-210717 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-10-13 04:15:10 | CVE-2022-3471 (lien direct) | A vulnerability was found in SourceCodester Human Resource Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file city.php. The manipulation of the argument searccity leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210715. | Vulnerability Guideline | ||
|
2022-10-13 04:15:10 | CVE-2022-3470 (lien direct) | A vulnerability was found in SourceCodester Human Resource Management System. It has been classified as critical. Affected is an unknown function of the file getstatecity.php. The manipulation of the argument sc leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-210714 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-10-13 04:15:10 | CVE-2022-3472 (lien direct) | A vulnerability was found in SourceCodester Human Resource Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file city.php. The manipulation of the argument cityedit leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210716. | Vulnerability Guideline | ★★★★★ | |
|
2022-10-13 03:15:08 | CVE-2022-42901 (lien direct) | Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View. | Guideline | ||
|
2022-10-13 03:15:08 | CVE-2022-42900 (lien direct) | Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read issues when opening crafted FBX files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View. | Guideline | ||
|
2022-10-13 03:15:08 | CVE-2022-42899 (lien direct) | Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View. | Guideline | ||
|
2022-10-13 00:15:09 | CVE-2022-42897 (lien direct) | Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected. | Guideline | ||
|
2022-10-12 23:15:09 | CVE-2022-3171 (lien direct) | A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. | Guideline | ||
|
2022-10-12 23:15:09 | CVE-2022-39297 (lien direct) | MelisCms provides a full CMS for Melis Platform, including templating system, drag'n'drop of plugins, SEO and many administration tools. Attackers can deserialize arbitrary data on affected versions of `melisplatform/melis-cms`, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-cms` >= 5.0.1. This issue was addressed by restricting allowed classes when deserializing user-controlled data. | Guideline | ||
|
2022-10-12 23:15:09 | CVE-2022-39298 (lien direct) | MelisFront is the engine that displays website hosted on Melis Platform. It deals with showing pages, plugins, URL rewritting, search optimization and SEO, etc. Attackers can deserialize arbitrary data on affected versions of `melisplatform/melis-front`, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-front` >= 5.0.1. This issue was addressed by restricting allowed classes when deserializing user-controlled data. | Guideline | ||
|
2022-10-12 20:15:11 | CVE-2022-41348 (lien direct) | An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via the onerror attribute of an IMG element, leading to information disclosure. | Guideline | ||
|
2022-10-12 20:15:10 | CVE-2022-33920 (lien direct) | Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. | Guideline | ||
|
2022-10-12 20:15:10 | CVE-2022-33921 (lien direct) | Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. | Guideline | ||
|
2022-10-12 20:15:10 | CVE-2022-33922 (lien direct) | Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Dell recommends customers to upgrade at the earliest opportunity. | Guideline | ||
|
2022-10-12 18:15:09 | CVE-2022-28887 (lien direct) | Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash. | Vulnerability Guideline | ||
|
2022-10-12 15:15:09 | CVE-2022-3467 (lien direct) | A vulnerability classified as critical was found in Jiusi OA. Affected by this vulnerability is an unknown functionality of the file /jsoa/hntdCustomDesktopActionContent. The manipulation of the argument inforid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-210709 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-10-12 14:15:09 | CVE-2022-33106 (lien direct) | WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over. | Guideline | ||
|
2022-10-12 10:15:10 | CVE-2022-3465 (lien direct) | A vulnerability classified as critical was found in Mediabridge Medialink. This vulnerability affects unknown code of the file /index.asp. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210700. | Vulnerability Guideline | ||
|
2022-10-12 10:15:09 | CVE-2022-3464 (lien direct) | A vulnerability classified as problematic has been found in puppyCMS up to 5.1. This affects an unknown part of the file /admin/settings.php. The manipulation of the argument site_name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-210699. | Vulnerability Guideline | ||
|
2022-10-12 07:15:08 | CVE-2022-3458 (lien direct) | A vulnerability has been found in SourceCodester Human Resource Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /employeeview.php of the component Image File Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-210559. | Vulnerability Guideline | ||
|
2022-10-11 21:15:26 | CVE-2022-41209 (lien direct) | SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks. | Guideline | ||
|
2022-10-11 21:15:26 | CVE-2022-41210 (lien direct) | SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings. | Guideline | ||
|
2022-10-11 21:15:14 | CVE-2022-39802 (lien direct) | SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure. | Guideline | ||
|
2022-10-11 21:15:13 | CVE-2022-39013 (lien direct) | Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system data and make the system unavailable leading to high impact on confidentiality and low impact on integrity and availability of the application. | Guideline | ||
|
2022-10-11 21:15:13 | CVE-2022-35296 (lien direct) | Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality. | Guideline | ||
|
2022-10-11 21:15:13 | CVE-2022-35297 (lien direct) | The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability. | Vulnerability Guideline | ||
|
2022-10-11 21:15:12 | CVE-2022-35226 (lien direct) | SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application's immediate response, it will lead to a Cross-Site Scripting vulnerability. The attacker would have to log in to the management console to perform such as an attack, only few of the pages are vulnerable in the DS management console. | Guideline | ||
|
2022-10-11 20:15:15 | CVE-2022-38086 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate plugin | Vulnerability Guideline | ||
|
2022-10-11 20:15:13 | CVE-2022-20429 (lien direct) | In CarSettings of app packages, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220741473 | Guideline | ||
|
2022-10-11 20:15:12 | CVE-2022-20418 (lien direct) | In pickStartSeq of AAVCAssembler.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-231986464 | Guideline | ||
|
2022-10-11 20:15:12 | CVE-2022-20425 (lien direct) | In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent degradation of performance due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235823407 | Guideline | ||
|
2022-10-11 20:15:12 | CVE-2022-20419 (lien direct) | In setOptions of ActivityRecord.java, there is a possible load any arbitrary Java code into launcher process due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-237290578 | Guideline | ★★★★ | |
|
2022-10-11 20:15:12 | CVE-2022-20421 (lien direct) | In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel | Guideline | ||
|
2022-10-11 20:15:12 | CVE-2022-20422 (lien direct) | In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel | Guideline | ||
|
2022-10-11 20:15:12 | CVE-2022-20420 (lien direct) | In getBackgroundRestrictionExemptionReason of AppRestrictionController.java, there is a possible way to bypass device policy restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238377411 | Guideline | ★★ | |
|
2022-10-11 20:15:12 | CVE-2022-20423 (lien direct) | In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239842288References: Upstream kernel | Guideline | ||
|
2022-10-11 20:15:11 | CVE-2022-20415 (lien direct) | In handleFullScreenIntent of StatusBarNotificationActivityStarter.java, there is a possible bypass of the restriction of starting activity from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-231322873 | Guideline | ||
|
2022-10-11 20:15:11 | CVE-2022-20410 (lien direct) | In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-205570663 | Guideline | ||
|
2022-10-11 20:15:11 | CVE-2022-20409 (lien direct) | In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238177383References: Upstream kernel | Guideline | ★★★★ | |
|
2022-10-11 20:15:11 | CVE-2022-20416 (lien direct) | In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-237717857 | Guideline | ||
|
2022-10-11 20:15:11 | CVE-2022-20413 (lien direct) | In start of Threads.cpp, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235850634 | Guideline | ||
|
2022-10-11 20:15:11 | CVE-2022-20417 (lien direct) | In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-237288416 | Guideline | ||
|
2022-10-11 20:15:11 | CVE-2022-20412 (lien direct) | In fdt_next_tag of fdt.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-230794395 | Guideline | ||
|
2022-10-11 20:15:10 | CVE-2022-20351 (lien direct) | In queryInternal of CallLogProvider.java, there is a possible access to voicemail information due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224771921 | Guideline | ★★★ | |
|
2022-10-11 20:15:10 | CVE-2022-20394 (lien direct) | In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-204906124 | Guideline | ★★★★★ |
To see everything:
Our RSS (filtrered)
