What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-12 04:15:17 | CVE-2022-47326 (lien direct) | In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | Guideline | ||
|
2023-02-12 04:15:17 | CVE-2022-47324 (lien direct) | In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | Guideline | ||
|
2023-02-12 04:15:17 | CVE-2022-47329 (lien direct) | In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | Guideline | ||
|
2023-02-12 04:15:17 | CVE-2022-47332 (lien direct) | In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | Guideline | ||
|
2023-02-12 04:15:17 | CVE-2022-47331 (lien direct) | In wlan driver, there is a race condition. This could lead to local denial of service in wlan services. | Guideline | ||
|
2023-02-12 04:15:17 | CVE-2022-47333 (lien direct) | In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | Guideline | ||
|
2023-02-12 04:15:17 | CVE-2022-47344 (lien direct) | In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services. | Guideline | ||
|
2023-02-12 04:15:17 | CVE-2022-47346 (lien direct) | In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services. | Guideline | ||
|
2023-02-12 04:15:17 | CVE-2022-47345 (lien direct) | In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services. | Guideline | ||
|
2023-02-12 04:15:17 | CVE-2022-47328 (lien direct) | In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | Guideline | ||
|
2023-02-12 04:15:17 | CVE-2022-47342 (lien direct) | In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services. | Guideline | ||
|
2023-02-12 04:15:17 | CVE-2022-47343 (lien direct) | In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services. | Guideline | ||
|
2023-02-12 04:15:17 | CVE-2022-47341 (lien direct) | In engineermode services, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. | Guideline | ||
|
2023-02-12 04:15:17 | CVE-2022-47339 (lien direct) | In cmd services, there is a OS command injection issue due to missing permission check. This could lead to local escalation of privilege with system execution privileges needed. | Guideline | ||
|
2023-02-12 04:15:17 | CVE-2022-47327 (lien direct) | In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | Guideline | ||
|
2023-02-12 04:15:17 | CVE-2022-47330 (lien direct) | In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | Guideline | ||
|
2023-02-12 04:15:17 | CVE-2022-47325 (lien direct) | In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | Guideline | ||
|
2023-02-12 04:15:16 | CVE-2022-47323 (lien direct) | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | Guideline | ||
|
2023-02-12 04:15:16 | CVE-2022-47322 (lien direct) | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | Guideline | ||
|
2023-02-12 04:15:16 | CVE-2022-44447 (lien direct) | In wlan driver, there is a possible null pointer dereference issue due to a missing bounds check. This could lead to local denial of service in wlan services. | Guideline | ||
|
2023-02-12 04:15:16 | CVE-2022-44448 (lien direct) | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | Guideline | ||
|
2023-02-12 04:15:16 | CVE-2022-42783 (lien direct) | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | Guideline | ||
|
2023-02-12 04:15:16 | CVE-2022-44421 (lien direct) | In wlan driver, there is a possible missing permission check. This could lead to local In wlan driver, information disclosure. | Guideline | ||
|
2023-02-12 04:15:15 | CVE-2022-38686 (lien direct) | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | Guideline | ||
|
2023-02-12 04:15:15 | CVE-2022-42292 (lien direct) | NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering. | Vulnerability Guideline | ||
|
2023-02-12 04:15:15 | CVE-2022-38681 (lien direct) | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | Guideline | ||
|
2023-02-12 04:15:15 | CVE-2022-38680 (lien direct) | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | Guideline | ||
|
2023-02-12 04:15:15 | CVE-2022-38674 (lien direct) | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | Guideline | ||
|
2023-02-12 04:15:15 | CVE-2022-38675 (lien direct) | In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | Guideline | ||
|
2023-02-11 18:15:11 | CVE-2023-0783 (lien direct) | A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the component PHP File Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220641 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-11 18:15:11 | CVE-2023-0782 (lien direct) | A vulnerability was found in Tenda AC23 16.03.07.45 and classified as critical. Affected by this issue is the function formSetSysToolDDNS/formGetSysToolDDNS of the file /bin/httpd. The manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220640. | Vulnerability Guideline | ||
|
2023-02-11 13:15:19 | CVE-2023-0781 (lien direct) | A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects the function query of the file removeOrder.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220624. | Vulnerability Guideline | ||
 |
2023-02-11 11:15:00 | CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active abuse in the wild. Included among the three is CVE-2022-24990, a bug affecting TerraMaster network-attached storage (TNAS) devices that could lead to unauthenticated remote code execution with the highest privileges. Details | Guideline | ★★ | |
|
2023-02-11 01:23:26 | CVE-2023-25558 (lien direct) | DataHub is an open-source metadata platform. When the DataHub frontend is configured to authenticate via SSO, it will leverage the pac4j library. The processing of the `id_token` is done in an unsafe manner which is not properly accounted for by the DataHub frontend. Specifically, if any of the id_token claims value start with the {#sb64} prefix, pac4j considers the value to be a serialized Java object and will deserialize it. This issue may lead to Remote Code Execution (RCE) in the worst case. Although a `RestrictedObjectInputStream` is in place, that puts some restriction on what classes can be deserialized, it still allows a broad range of java packages and potentially exploitable with different gadget chains. Users are advised to upgrade. There are no known workarounds. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-086. | Vulnerability Guideline | ||
|
2023-02-11 01:23:26 | CVE-2023-25560 (lien direct) | DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be able to augment these JSON strings to be sent to the backend and that can potentially be abused by including new or colliding values. This issue may lead to an authentication bypass and the creation of system accounts, which effectively can lead to full system compromise. Users are advised to upgrade. There are no known workarounds for this vulnerability. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-080. | Vulnerability Guideline | ||
|
2023-02-11 01:23:26 | CVE-2023-25562 (lien direct) | DataHub is an open-source metadata platform. In versions of DataHub prior to 0.8.45 Session cookies are only cleared on new sign-in events and not on logout events. Any authentication checks using the `AuthUtils.hasValidSessionCookie()` method could be bypassed by using a cookie from a logged out session, as a result any logged out session cookie may be accepted as valid and therefore lead to an authentication bypass to the system. Users are advised to upgrade. There are no known workarounds for this issue. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-083. | Vulnerability Guideline | ||
|
2023-02-11 01:23:26 | CVE-2023-25559 (lien direct) | DataHub is an open-source metadata platform. When not using authentication for the metadata service, which is the default configuration, the Metadata service (GMS) will use the X-DataHub-Actor HTTP header to infer the user the frontend is sending the request on behalf of. When the backends retrieves the header, its name is retrieved in a case-insensitive way. This case differential can be abused by an attacker to smuggle an X-DataHub-Actor header with different casing (eg: X-DATAHUB-ACTOR). This issue may lead to an authorization bypass by allowing any user to impersonate the system user account and perform any actions on its behalf. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-079. | Vulnerability Guideline | ||
|
2023-02-11 01:23:25 | CVE-2022-45104 (lien direct) | Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands on the underlying system. | Guideline | ||
|
2023-02-11 01:23:25 | CVE-2022-34449 (lien direct) | PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys vulnerability. Authenticated admin users can exploit the issue that leads to view and modifying sensitive information stored in the application. | Guideline | ||
|
2023-02-11 01:23:24 | CVE-2022-34392 (lien direct) | SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information. | Guideline | ||
|
2023-02-11 01:23:24 | CVE-2022-34404 (lien direct) | Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service. | Guideline | ||
|
2023-02-11 01:23:24 | CVE-2022-34445 (lien direct) | Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure. | Guideline | ||
|
2023-02-11 01:23:23 | CVE-2022-34384 (lien direct) | Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation. | Vulnerability Guideline | ||
 |
2023-02-10 19:45:08 | December ransomware attack leads to massive data breach from California health network (lien direct) |  Facilities within California's Heritage Provider Network reported a data breach related to a ransomware attack in December |
Ransomware Data Breach Guideline | Heritage Heritage | ★★★ |
|
2023-02-10 15:15:11 | CVE-2022-4903 (lien direct) | A vulnerability was found in CodenameOne 7.0.70. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use of implicit intent for sensitive communication. It is possible to launch the attack remotely. Upgrading to version 7.0.71 is able to address this issue. The name of the patch is dad49c9ef26a598619fc48d2697151a02987d478. It is recommended to upgrade the affected component. VDB-220470 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-10 15:15:11 | CVE-2015-10077 (lien direct) | A vulnerability was found in webbuilders-group silverstripe-kapost-bridge 0.3.3. It has been declared as critical. Affected by this vulnerability is the function index/getPreview of the file code/control/KapostService.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 0.4.0 is able to address this issue. The name of the patch is 2e14b0fd0ea35034f90890f364b130fb4645ff35. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220471. | Vulnerability Guideline | ||
|
2023-02-10 13:15:11 | CVE-2023-23698 (lien direct) | Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete. | Vulnerability Guideline | ||
|
2023-02-10 13:15:11 | CVE-2023-24573 (lien direct) | Dell Command | Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion. | Vulnerability Guideline | ||
|
2023-02-10 12:15:11 | CVE-2023-0774 (lien direct) | A vulnerability has been found in SourceCodester Medical Certificate Generator App 1.0 and classified as critical. This vulnerability affects unknown code of the file action.php. The manipulation of the argument lastname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-220558 is the identifier assigned to this vulnerability. | Vulnerability Guideline Medical | ||
|
2023-02-10 10:15:11 | CVE-2022-34454 (lien direct) | Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privileged malicious user could potentially exploit this vulnerability, leading to system takeover. This impacts compliance mode clusters. | Guideline |
To see everything:
Our RSS (filtrered)
