What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-07 17:15:10 | CVE-2022-40691 (lien direct) | An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. | Vulnerability Guideline Industrial | ||
|
2023-02-07 17:15:09 | CVE-2011-10002 (lien direct) | A vulnerability classified as critical has been found in weblabyrinth 0.3.1. This affects the function Labyrinth of the file labyrinth.inc.php. The manipulation leads to sql injection. Upgrading to version 0.3.2 is able to address this issue. The name of the patch is 60793fd8c8c4759596d3510641e96ea40e7f60e9. It is recommended to upgrade the affected component. The identifier VDB-220221 was assigned to this vulnerability. | Vulnerability Guideline | ||
 |
2023-02-07 13:22:49 | Neustar Security Services introduces UltraPlatform (lien direct) | Neustar Security Services introduces UltraPlatform to safeguard enterprises' digital assets Solution combines three industry-leading, cloud-based security services - Product Reviews | Guideline | ★★ | |
|
2023-02-07 13:15:10 | CVE-2023-0707 (lien direct) | A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been rated as critical. Affected by this issue is the function delete_record of the file function.php. The manipulation of the argument id leads to sql injection. VDB-220346 is the identifier assigned to this vulnerability. | Vulnerability Guideline Medical | ||
|
2023-02-07 12:15:08 | CVE-2015-10075 (lien direct) | A vulnerability was found in Custom-Content-Width 1.0. It has been declared as problematic. Affected by this vulnerability is the function override_content_width/register_settings of the file custom-content-width.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is e05e0104fc42ad13b57e2b2cb2d1857432624d39. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220219. NOTE: This attack is not very likely. | Vulnerability Guideline | ||
|
2023-02-07 10:15:52 | CVE-2015-10074 (lien direct) | A vulnerability was found in OpenSeaMap online_chart 1.2. It has been classified as problematic. Affected is the function init of the file index.php. The manipulation of the argument mtext leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version staging is able to address this issue. The name of the patch is 8649157158f921590d650e2d2f4bdf0df1017e9d. It is recommended to upgrade the affected component. VDB-220218 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-07 10:15:52 | CVE-2023-0706 (lien direct) | A vulnerability, which was classified as critical, has been found in SourceCodester Medical Certificate Generator App 1.0. Affected by this issue is some unknown functionality of the file manage_record.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-220340. | Vulnerability Guideline Medical | ||
|
2023-02-07 08:43:49 | Double nomination chez Semperis (lien direct) | Double nomination chez Semperis pour accompagner sa forte croissance en Europe Le leader de la cybersécurité nomme Christophe Laakmann au titre de Area Vice-président Channels & Alliances EMEA et promeut Baptiste Rech, Area Vice-président Europe du Sud. - Business | Guideline | ★ | |
|
2023-02-07 03:15:08 | CVE-2022-31611 (lien direct) | NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution. | Vulnerability Guideline | ||
|
2023-02-07 03:15:08 | CVE-2022-42291 (lien direct) | NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory. | Vulnerability Guideline | ||
|
2023-02-06 23:15:09 | CVE-2022-44617 (lien direct) | A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. | Guideline | ||
|
2023-02-06 22:15:09 | CVE-2021-31575 (lien direct) | In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234. | Guideline | ||
|
2023-02-06 22:15:09 | CVE-2021-31573 (lien direct) | In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234. | Guideline | ||
|
2023-02-06 22:15:09 | CVE-2021-31577 (lien direct) | In Boa, there is a possible escalation of privilege due to a missing permission check. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241. | Guideline | ||
|
2023-02-06 22:15:09 | CVE-2021-31576 (lien direct) | In Boa, there is a possible information disclosure due to a missing permission check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241. | Guideline | ||
|
2023-02-06 22:15:09 | CVE-2021-31578 (lien direct) | In Boa, there is a possible escalation of privilege due to a stack buffer overflow. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241. | Guideline | ||
|
2023-02-06 22:15:09 | CVE-2021-31574 (lien direct) | In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234. | Guideline | ||
|
2023-02-06 20:15:15 | CVE-2023-20618 (lien direct) | In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519184; Issue ID: ALPS07519184. | Guideline | ||
|
2023-02-06 20:15:15 | CVE-2023-20619 (lien direct) | In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519159; Issue ID: ALPS07519159. | Guideline | ||
|
2023-02-06 20:15:15 | CVE-2023-20616 (lien direct) | In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07560720. | Guideline | ||
|
2023-02-06 20:15:15 | CVE-2023-20615 (lien direct) | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629572; Issue ID: ALPS07629572. | Guideline | ||
|
2023-02-06 20:15:14 | CVE-2023-20602 (lien direct) | In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494107; Issue ID: ALPS07494107. | Guideline | ||
|
2023-02-06 20:15:14 | CVE-2023-20605 (lien direct) | In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07550104; Issue ID: ALPS07550104. | Guideline | ||
|
2023-02-06 20:15:14 | CVE-2023-0234 (lien direct) | The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue. | Guideline | ||
|
2023-02-06 20:15:14 | CVE-2023-0686 (lien direct) | A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function update_cart of the file /oews/classes/Master.php?f=update_cart of the component HTTP POST Request Handler. The manipulation of the argument cart_id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-220245 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-06 20:15:14 | CVE-2023-20614 (lien direct) | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628615; Issue ID: ALPS07628615. | Guideline | ||
|
2023-02-06 20:15:14 | CVE-2023-20611 (lien direct) | In gpu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588678; Issue ID: ALPS07588678. | Guideline | ||
|
2023-02-06 20:15:14 | CVE-2023-20613 (lien direct) | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628614; Issue ID: ALPS07628614. | Guideline | ||
|
2023-02-06 20:15:14 | CVE-2023-0236 (lien direct) | The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | Guideline | ||
|
2023-02-06 20:15:14 | CVE-2023-20609 (lien direct) | In ccu, there is a possible out of bounds read due to a logic error. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570864; Issue ID: ALPS07570864. | Guideline | ||
|
2023-02-06 20:15:14 | CVE-2023-20612 (lien direct) | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629571; Issue ID: ALPS07629571. | Guideline | ||
|
2023-02-06 20:15:14 | CVE-2023-20610 (lien direct) | In display drm, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363469; Issue ID: ALPS07363469. | Guideline | ||
|
2023-02-06 20:15:14 | CVE-2023-20606 (lien direct) | In apusys, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571104; Issue ID: ALPS07571104. | Guideline | ||
|
2023-02-06 20:15:14 | CVE-2023-20607 (lien direct) | In ccu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07512839; Issue ID: ALPS07512839. | Guideline | ||
|
2023-02-06 20:15:14 | CVE-2023-20608 (lien direct) | In display drm, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363599; Issue ID: ALPS07363599. | Guideline | ||
|
2023-02-06 20:15:14 | CVE-2023-20604 (lien direct) | In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494067; Issue ID: ALPS07494067. | Guideline | ||
|
2023-02-06 20:15:11 | CVE-2022-32656 (lien direct) | In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705035; Issue ID: GN20220705035. | Guideline | ||
|
2023-02-06 20:15:11 | CVE-2022-32654 (lien direct) | In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705011; Issue ID: GN20220705011. | Guideline | ||
|
2023-02-06 20:15:11 | CVE-2022-32643 (lien direct) | In ccd, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07341261. | Guideline | ||
|
2023-02-06 20:15:11 | CVE-2022-32663 (lien direct) | In Wi-Fi driver, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220720014; Issue ID: GN20220720014. | Guideline | ||
|
2023-02-06 20:15:11 | CVE-2022-32655 (lien direct) | In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705028; Issue ID: GN20220705028. | Guideline | ||
|
2023-02-06 20:15:11 | CVE-2022-4681 (lien direct) | The Hide My WP WordPress plugin before 6.2.9 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | Guideline | ||
|
2023-02-06 20:15:10 | CVE-2015-10073 (lien direct) | A vulnerability, which was classified as problematic, was found in tinymighty WikiSEO 1.2.1. This affects the function modifyHTML of the file WikiSEO.body.php of the component Meta Property Tag Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.2 is able to address this issue. The name of the patch is 089a5797be612b18a820f9f1e6593ad9a91b1dba. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220215. | Vulnerability Guideline | ||
|
2023-02-06 20:15:10 | CVE-2022-32642 (lien direct) | In ccd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326547; Issue ID: ALPS07326547. | Guideline | ||
|
2023-02-06 20:15:10 | CVE-2022-32595 (lien direct) | In widevine, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446236; Issue ID: ALPS07446236. | Guideline | ||
|
2023-02-06 20:15:10 | CVE-2017-20177 (lien direct) | A vulnerability, which was classified as problematic, has been found in WangGuard Plugin 1.8.0. Affected by this issue is the function wangguard_users_info of the file wangguard-user-info.php of the component WGG User List Handler. The manipulation of the argument userIP leads to cross site scripting. The attack may be launched remotely. The name of the patch is 88414951e30773c8d2ec13b99642688284bf3189. It is recommended to apply a patch to fix this issue. VDB-220214 is the identifier assigned to this vulnerability. | Guideline | ||
|
2023-02-06 19:15:10 | CVE-2022-4902 (lien direct) | A vulnerability classified as problematic has been found in eXo Chat Application. Affected is an unknown function of the file application/src/main/webapp/vue-app/components/ExoChatMessageComposer.vue of the component Mention Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.3.0-20220417 is able to address this issue. The name of the patch is 26bf307d3658d1403cfd5c3ad423ce4c4d1cb2dc. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-220212. | Vulnerability Guideline | ||
|
2023-02-06 19:15:10 | CVE-2023-0687 (lien direct) | A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-06 17:15:09 | CVE-2020-36660 (lien direct) | A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. Upgrading to version 0.12.12 is able to address this issue. The name of the patch is 9e03f68e46e85ca9c9694a6971859b3ee66f0240. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220211. | Vulnerability Guideline | ||
|
2023-02-06 13:15:09 | CVE-2023-0679 (lien direct) | A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220220. | Vulnerability Guideline |
To see everything:
Our RSS (filtrered)
