What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-11-10 07:58:23 | Shashank Samant Appointed as the Lead Director of Rackspace Technology (lien direct) | Shashank Samant Appointed as the Lead Director of Rackspace Technology. Mr. Samant has substantial global technology services industry experience, with particular expertise in the software and digital products verticals. He has served on the Rackspace Technology board since October 19, 2021. - Business News | Guideline | ||
 |
2022-11-09 23:15:13 | CVE-2022-3265 (lien direct) | A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. | Vulnerability Guideline | ||
|
2022-11-09 21:15:14 | CVE-2022-27674 (lien direct) | Insufficient validation in the IOCTL input/output buffer in AMD ?Prof may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service. | Guideline | ★★★★ | |
|
2022-11-09 21:15:13 | CVE-2022-23831 (lien direct) | Insufficient validation of the IOCTL input buffer in AMD ?Prof may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service. | Guideline | ||
|
2022-11-09 21:15:13 | CVE-2022-23824 (lien direct) | IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. | Guideline | ||
|
2022-11-09 21:15:12 | CVE-2021-26392 (lien direct) | Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA. | Guideline | ||
|
2022-11-09 21:15:11 | CVE-2020-12931 (lien direct) | Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. | Guideline | ||
|
2022-11-09 21:15:10 | CVE-2020-12930 (lien direct) | Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. | Guideline | ||
|
2022-11-09 18:15:15 | CVE-2022-32588 (lien direct) | An out-of-bounds write vulnerability exists in the PICT parsing pctwread_14841 functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | Vulnerability Guideline | ||
|
2022-11-09 18:15:14 | CVE-2022-29888 (lien direct) | A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability. | Vulnerability Guideline | ||
|
2022-11-09 18:15:14 | CVE-2022-30543 (lien direct) | A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability. | Vulnerability Guideline | ||
|
2022-11-09 18:15:14 | CVE-2022-29481 (lien direct) | A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability. | Vulnerability Guideline | ||
|
2022-11-09 18:15:14 | CVE-2022-28689 (lien direct) | A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | Vulnerability Guideline | ||
|
2022-11-09 18:15:13 | CVE-2022-26023 (lien direct) | A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability. | Vulnerability Guideline | ||
|
2022-11-09 16:15:18 | CVE-2022-43488 (advanced_dynamic_pricing_for_woocommerce) (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin | Vulnerability Guideline | ||
|
2022-11-09 16:15:18 | CVE-2022-41978 (lien direct) | Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin | Vulnerability Guideline | ||
|
2022-11-09 14:15:11 | CVE-2022-31253 (lien direct) | A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1. | Vulnerability Guideline | ||
 |
2022-11-09 13:00:28 | Prisma Cloud Is a CNAPP Leader According to Frost & Sullivan (lien direct) | Prisma Cloud is named a CNAPP Leader by Frost & Sullivan for remarkable growth, leading innovation, and clear vision for code-to-cloud security. | Guideline | ||
 |
2022-11-09 09:35:00 | GitHub releases new SDLC security features including private vulnerability reporting (lien direct) | GitHub has announced new security features across its platform to help protect the software development lifecycle (SDLC). These include private vulnerability reporting, CodeQL vulnerability scanning support for the Ruby programming language, and two new security overview options. The world's leading development platform said these updates make securing the SDLC end-to-end easier and more seamless for developers. The releases come as SDLC cybersecurity remains high on the agenda with research revealing an increase of almost 800% in software supply chain attacks.To read this article in full, please click here | Vulnerability Guideline | ||
|
2022-11-09 07:15:09 | CVE-2022-45061 (lien direct) | An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. | Guideline | ||
 |
2022-11-09 00:00:00 | Hack the Real Box: APT41\'s New Subgroup Earth Longzhi (lien direct) | We looked into the campaigns deployed by a new subgroup of advanced persistent threat (APT) group APT41, Earth Longzhi. This entry breaks down the technical details of the campaigns in full as presented at HITCON PEACE 2022 in August. | Threat Guideline | APT 41 | |
|
2022-11-08 22:15:19 | CVE-2022-41215 (lien direct) | SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information. | Guideline | ||
|
2022-11-08 22:15:17 | CVE-2022-41203 (lien direct) | In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserialization of untrusted data vulnerability. This could highly compromise the Confidentiality, Integrity, and Availability of the system. | Guideline | ||
|
2022-11-08 22:15:16 | CVE-2022-3821 (lien direct) | An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. | Guideline | ||
|
2022-11-08 22:15:11 | CVE-2022-20426 (lien direct) | In multiple functions of many files, there is a possible obstruction of the user's ability to select a phone account due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-236263294 | Guideline | ||
|
2022-11-08 22:15:11 | CVE-2022-20453 (lien direct) | In update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240685104 | Guideline | ||
|
2022-11-08 22:15:11 | CVE-2022-20451 (lien direct) | In onCallRedirectionComplete of CallsManager.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235098883 | Guideline | ||
|
2022-11-08 22:15:11 | CVE-2022-20452 (lien direct) | In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240138318 | Guideline | ||
|
2022-11-08 22:15:11 | CVE-2022-20414 (lien direct) | In setImpl of AlarmManagerService.java, there is a possible way to put a device into a boot loop due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-234441463 | Guideline | ||
|
2022-11-08 22:15:11 | CVE-2022-20463 (lien direct) | In factoryReset of WifiServiceImpl, there is a possible way to preserve WiFi settings due to a logic error in the code. This could lead to a local non-security issue across network factory resets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-231985227 | Guideline | ||
|
2022-11-08 22:15:11 | CVE-2022-20457 (lien direct) | In getMountModeInternal of StorageManagerService.java, there is a possible prevention of package installation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-243924784 | Guideline | ||
|
2022-11-08 22:15:11 | CVE-2022-20441 (lien direct) | In navigateUpTo of Task.java, there is a possible way to launch an unexported intent handler due to a logic error in the code. This could lead to local escalation of privilege if the targeted app has an intent trampoline, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-238605611 | Guideline | ||
|
2022-11-08 22:15:11 | CVE-2022-20446 (lien direct) | In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-229793943 | Guideline | ||
|
2022-11-08 22:15:11 | CVE-2022-20448 (lien direct) | In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-237540408 | Guideline | ||
|
2022-11-08 22:15:11 | CVE-2022-20450 (lien direct) | In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way to bypass user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-210065877 | Guideline | ||
|
2022-11-08 22:15:11 | CVE-2022-20462 (lien direct) | In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-230356196 | Guideline | ||
|
2022-11-08 22:15:11 | CVE-2022-20454 (lien direct) | In fdt_next_tag of fdt.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242096164 | Guideline | ||
|
2022-11-08 22:15:11 | CVE-2022-20447 (lien direct) | In PAN_WriteBuf of pan_api.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233604485 | Guideline | ||
|
2022-11-08 22:15:11 | CVE-2022-20445 (lien direct) | In process_service_search_rsp of sdp_discovery.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-225876506 | Guideline | ||
|
2022-11-08 22:15:11 | CVE-2022-20465 (lien direct) | In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-218500036 | Guideline | ||
|
2022-11-08 22:15:10 | CVE-2021-39661 (lien direct) | In _PMRLogicalOffsetToPhysicalOffset of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-246824784 | Guideline | ||
|
2022-11-08 22:15:10 | CVE-2021-1050 (lien direct) | In MMU_UnmapPages of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-243825200 | Guideline | ||
|
2022-11-08 21:15:15 | CVE-2022-32617 (lien direct) | In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262364; Issue ID: ALPS07262364. | Guideline | ||
|
2022-11-08 21:15:15 | CVE-2022-32618 (lien direct) | In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262454; Issue ID: ALPS07262454. | Guideline | ||
|
2022-11-08 21:15:15 | CVE-2022-32616 (lien direct) | In isp, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341258; Issue ID: ALPS07341258. | Guideline | ||
|
2022-11-08 21:15:15 | CVE-2022-32615 (lien direct) | In ccd, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326559; Issue ID: ALPS07326559. | Guideline | ||
|
2022-11-08 21:15:14 | CVE-2022-32614 (lien direct) | In audio, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310571; Issue ID: ALPS07310571. | Guideline | ||
|
2022-11-08 21:15:14 | CVE-2022-32613 (lien direct) | In vcu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07206340; Issue ID: ALPS07206340. | Guideline | ||
|
2022-11-08 21:15:14 | CVE-2022-32612 (lien direct) | In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203500; Issue ID: ALPS07203500. | Guideline | ||
|
2022-11-08 21:15:13 | CVE-2022-32609 (lien direct) | In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203410; Issue ID: ALPS07203410. | Guideline |
To see everything:
Our RSS (filtrered)
