What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-12-05 15:15:18 | CVE-2022-32621 (lien direct) | In isp, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310829; Issue ID: ALPS07310829. | Guideline | ||
|
2022-12-05 15:15:18 | CVE-2022-32625 (lien direct) | In display, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326216; Issue ID: ALPS07326216. | Guideline | ||
|
2022-12-05 15:15:17 | CVE-2022-32619 (lien direct) | In keyinstall, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07439659; Issue ID: ALPS07439659. | Guideline | ||
|
2022-12-05 15:15:17 | CVE-2022-32596 (lien direct) | In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446213; Issue ID: ALPS07446213. | Guideline | ||
|
2022-12-05 15:15:17 | CVE-2022-32620 (lien direct) | In mpu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07541753; Issue ID: ALPS07541753. | Guideline | ||
|
2022-12-05 15:15:17 | CVE-2022-32598 (lien direct) | In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446228; Issue ID: ALPS07446228. | Guideline | ||
|
2022-12-05 15:15:17 | CVE-2022-32594 (lien direct) | In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446207; Issue ID: ALPS07446207. | Guideline | ||
|
2022-12-05 15:15:17 | CVE-2022-32597 (lien direct) | In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446228; Issue ID: ALPS07446228. | Guideline | ||
 |
2022-12-05 10:45:00 | Digital Giant ABB to Pay $315m in Bribery Case (lien direct) | Firm pleads guilty in major South Africa conspiracy | Guideline | ★★ | |
|
2022-12-05 10:15:10 | CVE-2022-4282 (lien direct) | A vulnerability was found in SpringBootCMS and classified as critical. Affected by this issue is some unknown functionality of the component Template Management. The manipulation leads to injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214790 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-05 07:15:10 | CVE-2022-4281 (lien direct) | A vulnerability has been found in Facepay 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /face-recognition-php/facepay-master/camera.php. The manipulation of the argument userId leads to authorization bypass. The attack can be launched remotely. The identifier VDB-214789 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-05 04:15:09 | CVE-2022-41777 (lien direct) | Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash. | Vulnerability Guideline | ||
 |
2022-12-05 02:00:00 | When blaming the user for a security breach is unfair – or just wrong (lien direct) | In his career in IT security leadership, Aaron de Montmorency has seen a lot - an employee phished on their first day by someone impersonating the CEO, an HR department head asked to change the company's direct deposit information by a bogus CFO, not to mention multichannel criminal engagement with threat actors attacking from social media to email to SMS text.In these cases, the users almost fell for it, but something didn't feel right. So, they manually verified by calling the executives who were being impersonated. De Montmorency, director of IT, security, and compliance with Tacoma, Washington-based Elevate Health, praises the instincts that stopped the attacks from causing financial or reputational damage. Yet, he contends that expecting users to be the frontline defense against rampant phishing, pharming, whaling, and other credential-based attacks increasingly taking place over out-of-band channels is a recipe for disaster.To read this article in full, please click here | Threat Guideline | ★★★ | |
|
2022-12-03 18:15:10 | CVE-2022-4278 (lien direct) | A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214775. | Vulnerability Guideline | ||
|
2022-12-03 18:15:10 | CVE-2022-4280 (lien direct) | A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214778 is the identifier assigned to this vulnerability. | Guideline | ||
|
2022-12-03 18:15:10 | CVE-2022-4279 (lien direct) | A vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Affected is an unknown function of the file /hrm/employeeview.php. The manipulation of the argument search leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214776. | Vulnerability Guideline | ||
|
2022-12-03 18:15:09 | CVE-2022-4277 (lien direct) | A vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214774 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-03 16:15:10 | CVE-2022-4275 (lien direct) | A vulnerability has been found in House Rental System and classified as critical. Affected by this vulnerability is an unknown functionality of the file search-property.php of the component POST Request Handler. The manipulation of the argument search_property leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214771. | Vulnerability Guideline | ||
|
2022-12-03 16:15:10 | CVE-2022-4276 (lien direct) | A vulnerability was found in House Rental System and classified as critical. Affected by this issue is some unknown functionality of the file tenant-engine.php of the component POST Request Handler. The manipulation of the argument id_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214772. | Vulnerability Guideline | ||
|
2022-12-03 16:15:09 | CVE-2022-4274 (lien direct) | A vulnerability, which was classified as critical, was found in House Rental System. Affected is an unknown function of the file /view-property.php. The manipulation of the argument property_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214770 is the identifier assigned to this vulnerability. | Guideline | ||
|
2022-12-03 15:15:09 | CVE-2021-37533 (lien direct) | Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. | Guideline | ||
|
2022-12-03 09:15:10 | CVE-2022-4273 (lien direct) | A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument pfimg leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214769 was assigned to this vulnerability. | Guideline | ||
|
2022-12-03 09:15:08 | CVE-2022-4272 (lien direct) | A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214760. | Vulnerability Guideline | ||
|
2022-12-02 14:15:10 | CVE-2022-46366 (lien direct) | ** UNSUPPORTED WHEN ASSIGNED ** Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no longer supported by the maintainer. Users are recommended to upgrade to a supported version line of Apache Tapestry. | Vulnerability Guideline | ||
|
2022-12-02 04:33:00 | BrandPost: Improving Cyber Hygiene with Multi-Factor Authentication and Cyber Awareness (lien direct) | Using multi-factor authentication (MFA) is one of the key components of an organizations Identity and Access Management (IAM) program to maintain a strong cybersecurity posture. Having multiple layers to verify users is important, but MFA fatigue is also real and can be exploited by hackers.Enabling MFA for all accounts is a best practice for all organizations, but the specifics of how it is implemented are significant because attackers are developing workarounds. That said, when done correctly – and with the right pieces in place – MFA is an invaluable tool in the cyber toolbox and a key piece of proper cyber hygiene. This is a primary reason why MFA was a key topic for this year's cybersecurity awareness month. For leaders and executives, the key is to ensure employees are trained to understand the importance of the security tools – like MFA – available to them while also making the process easy for them.To read this article in full, please click here | Tool Guideline | ★★ | |
|
2022-12-02 03:15:09 | CVE-2022-45562 (lien direct) | Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access. | Guideline | ||
 |
2022-12-01 21:40:00 | September 2023 (lien direct) | 30 August - 1rd September - Sydney (Australia) Security Expo ICC Sidney - Darling Harbour www.securityexpo.com.au 5 - 7 September - Las Vegas (USA) Commercial UAV Expo Americas Commercial UAV Expo is the world's leading trade show and conference focusing on the integration and operation of commercial UAS with more exhibitors than any other commercial drone event. Industries covered include Construction; Drone Delivery; Energy & Utilities; Forestry & Agriculture; Infrastructure (...) - Diary | Guideline | ★★ | |
|
2022-12-01 17:15:11 | CVE-2022-29837 (lien direct) | A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution. | Vulnerability Guideline | ||
|
2022-12-01 15:15:10 | CVE-2022-4257 (lien direct) | A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214631. | Vulnerability Guideline | ||
|
2022-12-01 14:32:33 | Versa Achieves Leading Value Spot with Top “AAA” Rating and Lowest Price Per Mbps Score Over Competitive Field (lien direct) | Versa Achieves Leading Value Spot with Top “AAA” Rating and Lowest Price Per Mbps Score Over Competitive Field. Versa Networks, the recognized leader of single-vendor Secure Access Service Edge (SASE), today announced it has achieved the highest possible rating of “AAA” in the industry's first-of-its-kind Cloud Network Firewall comparative test. - Business News | Guideline | ★★ | |
 |
2022-12-01 14:00:00 | Flaws in GX Works3 Threaten Mitsubishi Electric Safety PLC Security (lien direct) | >In this blog, we uncover three vulnerabilities that affect Mitsubishi Electric GX Works3, tracked under CVE-2022-29831, CVE-2022-29832, and CVE-2022-29833 (Mitsubishi Electric advisory 2022-015, CISA advisory TODO), and that, in the worst-case scenario, may lead to the compromise of safety PLCs with the only requirement being the possession of associated GX Works3 project files. | Guideline | ★★★ | |
|
2022-12-01 11:15:10 | CVE-2022-1471 (lien direct) | SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. | Guideline | ||
|
2022-12-01 11:15:10 | CVE-2022-3270 (lien direct) | In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability. | Guideline | ||
|
2022-12-01 10:43:09 | SentinelOne announces support for Amazon Security Lake to power cloud investigations (lien direct) | SentinelOne announces support for Amazon Security Lake to power cloud investigations XDR leader ingests OCSF data into Singularity™ XDR to transform SecOps - Business News | Guideline | ★★ | |
|
2022-12-01 08:15:09 | CVE-2022-4249 (lien direct) | A vulnerability, which was classified as problematic, was found in Movie Ticket Booking System. Affected is an unknown function of the component POST Request Handler. The manipulation of the argument ORDER_ID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214626 is the identifier assigned to this vulnerability. | Guideline | ||
|
2022-12-01 08:15:09 | CVE-2022-4246 (lien direct) | A vulnerability classified as problematic has been found in Kakao PotPlayer. This affects an unknown part of the component MID File Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214623. | Vulnerability Guideline | ||
|
2022-12-01 08:15:09 | CVE-2022-4248 (lien direct) | A vulnerability, which was classified as critical, has been found in Movie Ticket Booking System. This issue affects some unknown processing of the file editBooking.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214625 was assigned to this vulnerability. | Guideline | ||
|
2022-12-01 08:15:09 | CVE-2022-4247 (lien direct) | A vulnerability classified as critical was found in Movie Ticket Booking System. This vulnerability affects unknown code of the file booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214624. | Vulnerability Guideline | ||
|
2022-12-01 08:15:09 | CVE-2022-4252 (lien direct) | A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function builtin_echo of the file categories.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214629 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-01 08:15:09 | CVE-2022-4253 (lien direct) | A vulnerability was found in SourceCodester Canteen Management System. It has been declared as problematic. This vulnerability affects the function builtin_echo of the file customer.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214630 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-01 08:15:09 | CVE-2022-4251 (lien direct) | A vulnerability was found in Movie Ticket Booking System and classified as problematic. Affected by this issue is some unknown functionality of the file editBooking.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214628. | Vulnerability Guideline | ||
|
2022-12-01 08:15:09 | CVE-2022-4250 (lien direct) | A vulnerability has been found in Movie Ticket Booking System and classified as problematic. Affected by this vulnerability is an unknown functionality of the file booking.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214627. | Vulnerability Guideline | ||
 |
2022-12-01 00:00:00 | Top 3 Non-Technical Cybersecurity Trends for 2023 (lien direct) | A strong cybersecurity strategy isn't just about choosing the right tools. Cybersecurity experts Greg Young and William Malik discuss three non-technical cybersecurity trends for 2023 to help security leaders reduce cyber risk across the enterprise attack surface. | Guideline | ★★ | |
|
2022-11-30 17:15:10 | CVE-2022-46149 (lien direct) | Cap'n Proto is a data interchange format and remote procedure call (RPC) system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error handling list-of-list. This issue may lead someone to remotely segfault a peer by sending it a malicious message, if the victim performs certain actions on a list-of-pointer type. Exfiltration of memory is possible if the victim performs additional certain actions on a list-of-pointer type. To be vulnerable, an application must perform a specific sequence of actions, described in the GitHub Security Advisory. The bug is present in inlined code, therefore the fix will require rebuilding dependent applications. Cap'n Proto has C++ fixes available in versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3. The `capnp` Rust crate has fixes available in versions 0.13.7, 0.14.11, and 0.15.2. | Guideline | ||
|
2022-11-30 17:15:10 | CVE-2022-4234 (lien direct) | A vulnerability was found in SourceCodester Canteen Management System. It has been rated as problematic. This issue affects the function builtin_echo of the file youthappam/brand.php. The manipulation of the argument brand_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214595. | Vulnerability Guideline | ||
 |
2022-11-30 16:28:30 | Twitter isn\'t going to stop people posting COVID-19 misinformation anymore (lien direct) | As of September 2022, Twitter had challenged 11.72 million accounts, suspended 11,230 accounts, and removed over 97,674 pieces of misleading content related to COVID-19 worldwide. Today? It’s not doing anything. As an update on the company’s COVID-19 misinformation report webpage notes: Effective November 23, 2022, Twitter is no longer enforcing the COVID-19 misleading information policy. … Continue reading "Twitter isn’t going to stop people posting COVID-19 misinformation anymore" | Guideline | ★★★★ | |
|
2022-11-30 15:48:28 | SimSpace Expands Globally with Commercial Release of Cyber Force Platform (lien direct) | SimSpace Expands Globally with Commercial Release of Cyber Force Platform used by US Cyber Command Elite Forces SimSpace is expanding its executive leadership team and bolstering their offering by opening additional offices in the US, EMEA, and APAC. - Business News | Guideline | ★★★ | |
|
2022-11-30 15:15:10 | CVE-2021-31740 (lien direct) | SEPPMail's web frontend, user input is not embedded correctly in the web page and therefore leads to cross-site scripting vulnerabilities (XSS). | Guideline | ||
 |
2022-11-30 15:11:58 | (Déjà vu) 3 New Vulnerabilities Affect OT Products from German Companies Festo and CODESYS (lien direct) | Researchers have disclosed details of three new security vulnerabilities affecting operational technology (OT) products from CODESYS and Festo that could lead to source code tampering and denial-of-service (DoS). The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL. "These issues exemplify either an | Guideline | ★★★ | |
|
2022-11-30 14:15:10 | CVE-2021-4242 (lien direct) | A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 and classified as critical. Affected by this issue is some unknown functionality of the file ip/syscmd.htm. The manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214592. | Vulnerability Guideline |
To see everything:
Our RSS (filtrered)
