What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-12-30 23:15:10 | CVE-2022-34680 (lien direct) | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service. | Vulnerability Guideline | ||
|
2022-12-30 23:15:10 | CVE-2022-34682 (lien direct) | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a null-pointer dereference, which may lead to denial of service. | Vulnerability Guideline | ||
|
2022-12-30 23:15:10 | CVE-2022-34683 (lien direct) | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a null-pointer dereference occurs, which may lead to denial of service. | Vulnerability Guideline | ||
|
2022-12-30 23:15:10 | CVE-2022-42254 (lien direct) | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, data tampering, or information disclosure. | Vulnerability Guideline | ||
|
2022-12-30 23:15:10 | CVE-2022-42256 (lien direct) | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow in index validation may lead to denial of service, information disclosure, or data tampering. | Vulnerability Guideline | ||
|
2022-12-30 23:15:10 | CVE-2022-42258 (lien direct) | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure. | Vulnerability Guideline | ||
|
2022-12-30 23:15:10 | CVE-2022-42257 (lien direct) | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service. | Vulnerability Guideline | ||
|
2022-12-30 23:15:10 | CVE-2022-42255 (lien direct) | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering. | Vulnerability Guideline | ||
|
2022-12-30 23:15:10 | CVE-2022-34684 (lien direct) | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an off-by-one error may lead to data tampering or information disclosure. | Vulnerability Guideline | ||
|
2022-12-30 23:15:09 | CVE-2022-34674 (lien direct) | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined behavior or an information leak. | Vulnerability Guideline | ||
|
2022-12-30 23:15:09 | CVE-2022-34670 (lien direct) | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure. | Vulnerability Guideline | ||
|
2022-12-30 23:15:09 | CVE-2022-34677 (lien direct) | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or data tampering. | Vulnerability Guideline | ||
|
2022-12-30 23:15:09 | CVE-2022-34675 (lien direct) | NVIDIA Display Driver for Linux contains a vulnerability in the Virtual GPU Manager, where it does not check the return value from a null-pointer dereference, which may lead to denial of service. | Vulnerability Guideline | ||
|
2022-12-30 23:15:09 | CVE-2022-34673 (lien direct) | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering. | Vulnerability Guideline | ||
|
2022-12-30 23:15:09 | CVE-2022-34671 (lien direct) | NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | Vulnerability Guideline | ||
|
2022-12-30 23:15:09 | CVE-2022-34669 (lien direct) | NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can access or modify system files or other files that are critical to the application, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | Vulnerability Guideline | ||
|
2022-12-30 23:15:09 | CVE-2022-34676 (lien direct) | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read may lead to denial of service, information disclosure, or data tampering. | Vulnerability Guideline | ||
|
2022-12-30 23:15:08 | CVE-2017-20155 (lien direct) | A vulnerability was found in Sterc Google Analytics Dashboard for MODX up to 1.0.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file core/components/analyticsdashboardwidget/elements/tpl/widget.analytics.tpl of the component Internal Search. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.0.6 is able to address this issue. The name of the patch is 855d9560d3782c105568eedf9b22a769fbf29cc0. It is recommended to upgrade the affected component. The identifier VDB-217069 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-30 21:15:09 | CVE-2017-20154 (lien direct) | A vulnerability was found in ghostlander Phoenixcoin. It has been classified as problematic. Affected is the function CTxMemPool::accept of the file src/main.cpp. The manipulation leads to denial of service. Upgrading to version 0.6.6.1-pxc is able to address this issue. The name of the patch is 987dd68f71a7d8276cef3b6c3d578fd4845b5699. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217068. | Vulnerability Guideline | ||
 |
2022-12-30 12:18:42 | Recovering Smartphone Voice from the Accelerometer (lien direct) | Yet another smartphone side-channel attack: “EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers“: Abstract: Eavesdropping from the user’s smartphone is a well-known threat to the user’s safety and privacy. Existing studies show that loudspeaker reverberation can inject speech into motion sensor readings, leading to speech eavesdropping. While more devastating attacks on ear speakers, which produce much smaller scale vibrations, were believed impossible to eavesdrop with zero-permission motion sensors. In this work, we revisit this important line of reach. We explore recent trends in smartphone manufacturers that include extra/powerful speakers in place of small ear speakers, and demonstrate the feasibility of using motion sensors to capture such tiny speech vibrations. We investigate the impacts of these new ear speakers on built-in motion sensors and examine the potential to elicit private speech information from the minute vibrations. Our designed system ... | Threat Studies Guideline | ★★★★ | |
|
2022-12-30 12:15:09 | CVE-2018-25060 (lien direct) | A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The name of the patch is dadd1711a617000b70e5e408a76531b73187031c. It is recommended to apply a patch to fix this issue. VDB-217058 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-30 12:15:09 | CVE-2020-36638 (lien direct) | A vulnerability was found in Chris92de AdminServ. It has been rated as problematic. This issue affects some unknown processing of the file resources/core/adminserv.php. The manipulation of the argument error leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 9a45087814295de6fb3a3fe38f96293665234da1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217043. | Vulnerability Guideline | ||
|
2022-12-30 12:15:09 | CVE-2022-4860 (lien direct) | A vulnerability was found in KBase Metrics. It has been classified as critical. This affects the function upload_user_data of the file source/daily_cron_jobs/methods_upload_user_stats.py. The manipulation leads to sql injection. The name of the patch is 959dfb6b05991e30b0fa972a1ecdcaae8e1dae6d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217059. | Vulnerability Guideline | ||
|
2022-12-30 12:15:09 | CVE-2022-4859 (lien direct) | A vulnerability, which was classified as problematic, has been found in Joget up to 7.0.33. This issue affects the function submitForm of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UserProfileMenu.java of the component User Profile Menu. The manipulation of the argument firstName/lastName leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 7.0.34 is able to address this issue. The name of the patch is 9a77f508a2bf8cf661d588f37a4cc29ecaea4fc8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217055. | Vulnerability Guideline | ||
|
2022-12-30 12:15:09 | CVE-2020-36637 (lien direct) | A vulnerability was found in Chris92de AdminServ. It has been declared as problematic. This vulnerability affects unknown code of the file resources/core/adminserv.php. The manipulation of the argument text leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 3ed17dab3b4d6e8bf1c82ddfbf882314365e9cd7. It is recommended to apply a patch to fix this issue. VDB-217042 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-30 12:15:08 | CVE-2017-20151 (lien direct) | A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The name of the patch is ac5590925874ef810018a6b60fec216eee54fb32. It is recommended to apply a patch to fix this issue. VDB-217054 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-30 12:15:08 | CVE-2017-20153 (lien direct) | A vulnerability has been found in aerouk imageserve and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument REQUEST_URI leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2ac3cd4f90b4df66874fab171376ca26868604c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217057 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-30 12:15:08 | CVE-2017-20152 (lien direct) | A vulnerability, which was classified as problematic, was found in aerouk imageserve. Affected is an unknown function of the file public/viewer.php of the component File Handler. The manipulation of the argument filelocation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is bd23c784f0e5cb12f66d15c100248449f87d72e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217056. | Vulnerability Guideline | ||
|
2022-12-30 11:15:10 | CVE-2018-25059 (lien direct) | A vulnerability was found in pastebinit up to 0.2.2 and classified as problematic. Affected by this issue is the function pasteHandler of the file server.go. The manipulation of the argument r.URL.Path leads to path traversal. Upgrading to version 0.2.3 is able to address this issue. The name of the patch is 1af2facb6d95976c532b7f8f82747d454a092272. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217040. | Vulnerability Guideline | ||
|
2022-12-30 10:15:10 | CVE-2022-4857 (lien direct) | A vulnerability was found in Modbus Tools Modbus Poll up to 9.10.0 and classified as critical. Affected by this issue is some unknown functionality of the file mbpoll.exe of the component mbp File Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-217022 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-30 10:15:09 | CVE-2022-4856 (lien direct) | A vulnerability has been found in Modbus Tools Modbus Slave up to 7.5.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file mbslave.exe of the component mbs File Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217021 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-30 09:15:08 | CVE-2022-4855 (lien direct) | A vulnerability, which was classified as critical, was found in SourceCodester Lead Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-217020. | Vulnerability Guideline | ||
|
2022-12-29 20:15:10 | CVE-2022-38212 (lien direct) | Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38203. | Guideline | ||
|
2022-12-29 20:15:10 | CVE-2022-38211 (lien direct) | Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.9.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38212. | Guideline | ||
|
2022-12-29 20:15:09 | CVE-2022-38205 (lien direct) | In some non-default installations of Esri Portal for ArcGIS versions 10.9.1 and below, a directory traversal issue may allow a remote, unauthenticated attacker to traverse the file system and lead to the disclosure of sensitive data (not customer-published content). | Guideline | ||
|
2022-12-29 20:15:09 | CVE-2022-38203 (lien direct) | Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38212. | Guideline | ||
|
2022-12-29 19:15:08 | CVE-2022-46178 (lien direct) | MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.1 allow users to upload a file, but do not validate the file name, which may lead to upload file to any path. The vulnerability has been fixed in v2.5.1. There are no workarounds. | Vulnerability Guideline | ||
 |
2022-12-29 17:00:00 | 3 Industries, 3 Security Programs (lien direct) | Security leaders from a media corporation, a commercial real estate company, and an automotive technology company share how they address cyber-risk. | Guideline | ★★ | |
|
2022-12-29 09:15:08 | CVE-2021-4296 (lien direct) | A vulnerability, which was classified as problematic, has been found in w3c Unicorn. This issue affects the function ValidatorNuMessage of the file src/org/w3c/unicorn/response/impl/ValidatorNuMessage.java. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 51f75c31f7fc33859a9a571311c67ae4e95d9c68. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217019. | Vulnerability Guideline | ||
|
2022-12-29 09:15:08 | CVE-2021-4295 (lien direct) | A vulnerability classified as problematic was found in ONC code-validator-api up to 1.0.30. This vulnerability affects the function vocabularyValidationConfigurations of the file src/main/java/org/sitenv/vocabularies/configuration/CodeValidatorApiConfiguration.java of the component XML Handler. The manipulation leads to xml external entity reference. Upgrading to version 1.0.31 is able to address this issue. The name of the patch is fbd8ea121755a2d3d116b13f235bc8b61d8449af. It is recommended to upgrade the affected component. VDB-217018 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-29 08:15:08 | CVE-2018-25058 (lien direct) | A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible to initiate the attack remotely. Upgrading to version 18.0.0 is able to address this issue. The name of the patch is 7d281c6fb5acbc29a2cad295262c1f0c19ca56f3. It is recommended to upgrade the affected component. The identifier VDB-217017 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-28 21:15:11 | CVE-2022-4823 (lien direct) | A vulnerability, which was classified as problematic, was found in InSTEDD Nuntium. Affected is an unknown function of the file app/controllers/geopoll_controller.rb. The manipulation of the argument signature leads to observable timing discrepancy. It is possible to launch the attack remotely. The name of the patch is 77236f7fd71a0e2eefeea07f9866b069d612cf0d. It is recommended to apply a patch to fix this issue. VDB-217002 is the identifier assigned to this vulnerability. | Guideline | ||
|
2022-12-28 21:15:11 | CVE-2022-4822 (lien direct) | A vulnerability, which was classified as problematic, has been found in FlatPress. This issue affects some unknown processing of the file setup/lib/main.lib.php of the component Setup. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 5f23b4c2eac294cc0ba5e541f83a6f8a26f9fed1. It is recommended to apply a patch to fix this issue. The identifier VDB-217001 was assigned to this vulnerability. | Guideline | ||
|
2022-12-28 21:15:10 | CVE-2022-4821 (lien direct) | A vulnerability classified as problematic was found in FlatPress. This vulnerability affects the function onupload of the file admin/panels/uploader/admin.uploader.php of the component XML File Handler/MD File Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 3cc223dec5260e533a84b5cf5780d3a4fbf21241. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217000. | Vulnerability Guideline | ||
|
2022-12-28 21:15:10 | CVE-2022-4819 (lien direct) | A vulnerability was found in HotCRP. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is d4ffdb0ef806453c54ddca7fdda3e5c60356285c. It is recommended to apply a patch to fix this issue. VDB-216998 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-28 21:15:10 | CVE-2022-4818 (lien direct) | A vulnerability was found in Talend Open Studio for MDM. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file org.talend.mdm.core/src/com/amalto/core/storage/SystemStorageWrapper.java. The manipulation leads to xml external entity reference. Upgrading to version 20221220_1938 is able to address this issue. The name of the patch is 95590db2ad6a582c371273ceab1a73ad6ed47853. It is recommended to upgrade the affected component. The identifier VDB-216997 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-28 21:15:10 | CVE-2022-4820 (lien direct) | A vulnerability classified as problematic has been found in FlatPress. This affects an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 229752b51025e678370298284d42f8ebb231f67f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216999. | Vulnerability Guideline | ||
|
2022-12-28 21:15:09 | CVE-2018-25057 (lien direct) | A vulnerability was found in simple_php_link_shortener. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument $link["id"] leads to sql injection. The name of the patch is b26ac6480761635ed94ccb0222ba6b732de6e53f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216996. | Vulnerability Guideline | ||
|
2022-12-28 19:15:09 | CVE-2022-4817 (lien direct) | A vulnerability was found in centic9 jgit-cookbook. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insecure temporary file. The attack can be initiated remotely. The name of the patch is b8cb29b43dc704708d598c60ac1881db7cf8e9c3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216988. | Vulnerability Guideline | ||
|
2022-12-28 19:15:08 | CVE-2017-20150 (lien direct) | A vulnerability was found in challenge website. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is f1644b1d3502e5aa5284f31ea80d2623817f4d42. It is recommended to apply a patch to fix this issue. The identifier VDB-216989 was assigned to this vulnerability. | Vulnerability Guideline |
To see everything:
Our RSS (filtrered)
