What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-12-13 16:15:19 | CVE-2022-31696 (lien direct) | VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox. | Vulnerability Guideline | ||
|
2022-12-13 16:15:17 | CVE-2022-20501 (lien direct) | In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933359 | Guideline | ||
|
2022-12-13 16:15:17 | CVE-2022-20502 (lien direct) | In GetResolvedMethod of entrypoint_utils-inl.h, there is a possible use after free due to a stale cache. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222166527 | Guideline | ||
|
2022-12-13 16:15:17 | CVE-2022-20498 (lien direct) | In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246465319 | Guideline | ||
|
2022-12-13 16:15:17 | CVE-2022-20611 (lien direct) | In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242996180 | Guideline | ||
|
2022-12-13 16:15:17 | CVE-2022-20500 (lien direct) | In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246540168 | Guideline | ||
|
2022-12-13 16:15:16 | CVE-2022-20480 (lien direct) | In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241764350 | Guideline | ||
|
2022-12-13 16:15:16 | CVE-2022-20475 (lien direct) | In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting="true" due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-240663194 | Guideline | ||
|
2022-12-13 16:15:16 | CVE-2022-20474 (lien direct) | In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240138294 | Guideline | ||
|
2022-12-13 16:15:16 | CVE-2022-20487 (lien direct) | In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703202 | Guideline | ||
|
2022-12-13 16:15:16 | CVE-2022-20484 (lien direct) | In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242702851 | Guideline | ||
|
2022-12-13 16:15:16 | CVE-2022-20497 (lien direct) | In updatePublicMode of NotificationLockscreenUserManagerImpl.java, there is a possible way to reveal sensitive notifications on the lockscreen due to an incorrect state transition. This could lead to local information disclosure with physical access required and an app that runs above the lockscreen, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-246301979 | Guideline | ||
|
2022-12-13 16:15:16 | CVE-2022-20477 (lien direct) | In shouldHideNotification of KeyguardNotificationVisibilityProvider.kt, there is a possible way to show hidden notifications due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-241611867 | Guideline | ||
|
2022-12-13 16:15:16 | CVE-2022-20482 (lien direct) | In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-240422263 | Guideline | ||
|
2022-12-13 16:15:16 | CVE-2022-20491 (lien direct) | In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703556 | Guideline | ||
|
2022-12-13 16:15:16 | CVE-2022-20495 (lien direct) | In getEnabledAccessibilityServiceList of AccessibilityManager.java, there is a possible way to hide an accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243849844 | Guideline | ||
|
2022-12-13 16:15:16 | CVE-2022-20485 (lien direct) | In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242702935 | Guideline | ||
|
2022-12-13 16:15:16 | CVE-2022-20488 (lien direct) | In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703217 | Guideline | ||
|
2022-12-13 16:15:16 | CVE-2022-20479 (lien direct) | In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241764340 | Guideline | ||
|
2022-12-13 16:15:16 | CVE-2022-20486 (lien direct) | In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703118 | Guideline | ||
|
2022-12-13 16:15:16 | CVE-2022-20483 (lien direct) | In several functions that parse avrc response in avrc_pars_ct.cc and related files, there are possible out of bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242459126 | Guideline | ||
|
2022-12-13 16:15:16 | CVE-2022-20476 (lien direct) | In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-240936919 | Guideline | ||
|
2022-12-13 16:15:16 | CVE-2022-20473 (lien direct) | In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239267173 | Guideline | ||
|
2022-12-13 16:15:16 | CVE-2022-20496 (lien direct) | In setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-245242273 | Guideline | ||
|
2022-12-13 16:15:16 | CVE-2022-20478 (lien direct) | In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241764135 | Guideline | ||
|
2022-12-13 16:15:15 | CVE-2022-20471 (lien direct) | In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-238177877 | Guideline | ||
|
2022-12-13 16:15:15 | CVE-2022-20240 (lien direct) | In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-231496105 | Guideline | ||
|
2022-12-13 16:15:15 | CVE-2022-20449 (lien direct) | In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239701237 | Guideline | ||
|
2022-12-13 16:15:15 | CVE-2022-20469 (lien direct) | In avct_lcb_msg_asmbl of avct_lcb_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-230867224 | Guideline | ||
|
2022-12-13 16:15:15 | CVE-2022-20411 (lien direct) | In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-232023771 | Guideline | ||
|
2022-12-13 16:15:15 | CVE-2022-20472 (lien direct) | In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239210579 | Guideline | ||
|
2022-12-13 16:15:15 | CVE-2022-20442 (lien direct) | In onCreate of ReviewPermissionsActivity.java, there is a possible way to grant permissions for a separate app with API level < 23 due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-176094367 | Guideline | ||
|
2022-12-13 16:15:15 | CVE-2022-20466 (lien direct) | In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user's password on a secondary display due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-179725730 | Guideline | ||
|
2022-12-13 16:15:15 | CVE-2022-20468 (lien direct) | In BNEP_ConnectResp of bnep_api.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228450451 | Guideline | ||
|
2022-12-13 16:15:15 | CVE-2022-20470 (lien direct) | In bindRemoteViewsService of AppWidgetServiceImpl.java, there is a possible way to bypass background activity launch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-234013191 | Guideline | ||
|
2022-12-13 16:15:15 | CVE-2022-20444 (lien direct) | In several functions of inputDispatcher.cpp, there is a possible way to make toasts clickable due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197296414 | Guideline | ||
|
2022-12-13 16:15:14 | CVE-2021-39660 (lien direct) | In TBD of TBD, there is a possible way to archive arbitrary code execution in kernel due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-254742984 | Guideline | ||
|
2022-12-13 16:15:14 | CVE-2021-0934 (lien direct) | In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-169762606 | Guideline | ||
|
2022-12-13 16:15:14 | CVE-2021-39617 (lien direct) | In the user interface buttons of PermissionController, there is a possible way to bypass permissions dialogs due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-175190844 | Guideline | ||
 |
2022-12-13 15:57:00 | BrandPost: 3 Common DDoS Myths (lien direct) | There are several trends evident in the latest DDoS Threat Intelligence Report from NETSCOUT. These include adaptive distributed denial-of-service (DDoS), direct-path TCP-based DDoS, proliferation of botnets, sociopolitical fallout, and collateral damage. The thing these trends all have in common is they are designed to evade common DDoS defense measures and cause maximum harm to targets and others in their proximity. DDoS always attempts to disrupt, destabilize, and deny availability and often succeeds. The only thing that can prevent its success is a well-designed network with intelligent DDoS mitigation systems (IDMSs). For many organizations, common myths can lead to poor choices and overconfidence when it comes to properly architecting a solution.To read this article in full, please click here | Threat Guideline | ★★ | |
|
2022-12-13 15:15:10 | CVE-2022-29580 (lien direct) | There exists a path traversal vulnerability in the Android Google Search app. This is caused by the incorrect usage of uri.getLastPathSegment. A symbolic encoded string can bypass the path logic to get access to unintended directories. An attacker can manipulate paths that could lead to code execution on the device. We recommend upgrading beyond version 13.41 | Vulnerability Guideline | ||
|
2022-12-13 13:04:00 | BrandPost: Securing Operational Technology Environments for Critical Infrastructure (lien direct) | Juniper Networks is applying its industry leading AI-driven capabilities and cloud-native architectures to Critical Infrastructure (CI) networks. We're directly addressing the communications and cybersecurity challenges exposed by the convergence of IT and OT networks alongside the ever-increasing drumbeat of cyber threats from sophisticated, state-sponsored malicious actors. By enabling network architects, builders, and operators to fully support network users, Juniper is empowering network professionals to defend our nation's electric grids, hospitals, water facilities, and other critical infrastructure. The challenge is substantial. Many CI environments have grown organically over decades, leaving the technical debt in the form of legacy communications and layers of undocumented point solutions that represent an unknown amount of cyberattack surface. But that's not where the commonality ends. All CI networks: To read this article in full, please click here | Guideline | ★★ | |
 |
2022-12-13 12:45:00 | How Netskope Cloud Exchange as a Managed Service Can Help Improve Your Security Posture (lien direct) | >Starting January 1, 2023, Netskope will offer customers Cloud Exchange (CE), its industry leading integration platform, as a managed service. This managed service will enable a much larger customer base to benefit from CE, including customers lacking in-house resources or preferring to consume CE as a managed service. The new managed service delivers CE as […] | Guideline | ★★ | |
|
2022-12-13 09:15:09 | CVE-2022-4444 (lien direct) | A vulnerability was found in ipti br.tag. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.13.0 is able to address this issue. The name of the patch is 7e311be22d3a0a1b53e61cb987ba13d681d85f06. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215431. | Vulnerability Guideline | ||
|
2022-12-13 08:15:10 | CVE-2022-23523 (lien direct) | In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets point beyond the end of the file this could lead to Virtual Machine Monitors using the `linux-loader` crate entering an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner. This issue has been addressed in 0.8.1. The issue can be mitigated by ensuring that only trusted kernel images are loaded or by verifying that the headers do not point beyond the end of the file. | Guideline | ||
 |
2022-12-13 07:45:41 | SentinelOne annonce la prise en charge d\'Amazon Security Lake pour les investigations dans le cloud (lien direct) | SentinelOne annonce la prise en charge d'Amazon Security Lake pour les investigations dans le cloud Le leader du XDR alimente sa solution Singularity™ XDR en données OCSF pour transformer les SecOps - Produits | Guideline | ★ | |
 |
2022-12-13 07:16:18 | Our Customers Have Spoken: CrowdStrike Delivers the Best in EDR, EPP and XDR (lien direct) | Time and again, analyst reports, independent tests and numerous other awards and acknowledgements affirm CrowdStrike is a leader in cybersecurity. Why is this important? Because when CrowdStrike is #1, it's our customers who win. But to us, the best validation of the power of the CrowdStrike Falcon® platform comes from our customers themselves. We are […] | Guideline | ★★ | |
|
2022-12-13 04:15:25 | CVE-2022-41274 (lien direct) | SAP Disclosure Management - version 10.1, allows an authenticated attacker to exploit certain misconfigured application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can lead to the exposure of data like financial reports. | Guideline | ||
|
2022-12-13 04:15:24 | CVE-2022-41272 (lien direct) | An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data across the entire system. This allows the attacker to have full read access to user data, make limited modifications to user data, and degrade the performance of the system, leading to a high impact on confidentiality and a limited impact on the availability and integrity of the application. | Guideline | ||
|
2022-12-13 03:15:09 | CVE-2022-41271 (lien direct) | An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability affects local users and data, leading to a considerable impact on confidentiality as well as availability and a limited impact on the integrity of the application. These operations can be used to: * Read any information * Modify sensitive information * Denial of Service attacks (DoS) * SQL Injection | Vulnerability Guideline |
To see everything:
Our RSS (filtrered)
