What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-11-20 13:15:29 | CVE-2022-4077 (lien direct) | A vulnerability was found in Yellow Tree Geolocation IP Detection Plugin. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214044. | Vulnerability Guideline | ||
|
2022-11-20 13:15:28 | CVE-2022-4076 (lien direct) | A vulnerability was found in codeboxr CBX User Online & Last Login Plugin and classified as problematic. This issue affects some unknown processing of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214043. | Vulnerability Guideline | ||
|
2022-11-20 13:15:27 | CVE-2022-4074 (lien direct) | A vulnerability, which was classified as problematic, was found in Show IP Address Plugin. This affects an unknown part of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214041 was assigned to this vulnerability. | Guideline | ||
|
2022-11-20 13:15:27 | CVE-2022-4075 (lien direct) | A vulnerability has been found in Banhammer Plugin and classified as problematic. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214042 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-11-20 13:15:26 | CVE-2022-4073 (lien direct) | A vulnerability, which was classified as problematic, has been found in Aleksandr R alx ip statistic Plugin. Affected by this issue is some unknown functionality of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214040. | Vulnerability Guideline | ||
|
2022-11-20 13:15:24 | CVE-2022-4072 (lien direct) | A vulnerability classified as problematic was found in Iridium Intelligence bad_ip WP Plugin. Affected by this vulnerability is an unknown functionality of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214039. | Vulnerability Guideline | ||
|
2022-11-20 13:15:18 | CVE-2022-4071 (lien direct) | A vulnerability classified as problematic has been found in RSJoomla RSFirewall Plugin. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214038 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-11-19 19:15:10 | CVE-2022-4066 (lien direct) | A vulnerability was found in davidmoreno onion. It has been rated as problematic. Affected by this issue is the function onion_response_flush of the file src/onion/response.c of the component Log Handler. The manipulation leads to allocation of resources. The name of the patch is de8ea938342b36c28024fd8393ebc27b8442a161. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-214028. | Vulnerability Guideline | ||
|
2022-11-19 19:15:10 | CVE-2022-4065 (lien direct) | A vulnerability was found in cbeust testng. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-214027. | Vulnerability Guideline | ||
|
2022-11-19 19:15:09 | CVE-2022-4064 (lien direct) | A vulnerability was found in Dalli. It has been classified as problematic. Affected is the function self.meta_set of the file lib/dalli/protocol/meta/request_formatter.rb of the component Meta Protocol Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The name of the patch is 48d594dae55934476fec61789e7a7c3700e0f50d. It is recommended to apply a patch to fix this issue. VDB-214026 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-11-19 00:15:31 | CVE-2022-4055 (lien direct) | When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked. | Guideline | ||
|
2022-11-19 00:15:29 | CVE-2022-34667 (lien direct) | NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability in cuobjdump, where an unprivileged remote attacker could exploit this buffer overflow condition by persuading a local user to download a specially crafted corrupted file and execute cuobjdump against it locally, which may lead to a limited denial of service and some loss of data integrity for the local user. | Vulnerability Guideline | ||
|
2022-11-19 00:15:27 | CVE-2022-34665 (lien direct) | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. | Vulnerability Guideline | ||
|
2022-11-19 00:15:27 | CVE-2022-31617 (lien direct) | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | Vulnerability Guideline | ||
|
2022-11-19 00:15:26 | CVE-2022-31616 (lien direct) | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to denial of service, or information disclosure. | Vulnerability Guideline | ||
|
2022-11-19 00:15:26 | CVE-2022-31615 (lien direct) | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. | Vulnerability Guideline | ||
|
2022-11-19 00:15:26 | CVE-2022-31613 (lien direct) | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where any local user can cause a null-pointer dereference, which may lead to a kernel panic. | Vulnerability Guideline | ||
|
2022-11-19 00:15:25 | CVE-2022-31612 (lien direct) | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to a system crash or a leak of internal kernel information. | Vulnerability Guideline | ||
|
2022-11-19 00:15:25 | CVE-2022-31610 (lien direct) | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | Vulnerability Guideline | ||
|
2022-11-19 00:15:24 | CVE-2022-31608 (lien direct) | NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | Vulnerability Guideline | ||
|
2022-11-19 00:15:23 | CVE-2022-31607 (lien direct) | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges, data tampering, and limited information disclosure. | Vulnerability Guideline | ||
|
2022-11-19 00:15:14 | CVE-2022-31606 (lien direct) | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode, which could lead to denial of service, information disclosure, escalation of privileges, or data tampering. | Vulnerability Guideline | ||
|
2022-11-18 23:15:26 | CVE-2022-41839 (lien direct) | Broken Access Control vulnerability in WordPress LoginPress plugin | Vulnerability Guideline | ||
|
2022-11-18 22:15:20 | CVE-2022-41900 (lien direct) | TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution. We have patched the issue in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0. We will also cherry pick this commit on TensorFlow 2.10.1. | Vulnerability Guideline | ||
|
2022-11-18 21:15:11 | CVE-2022-44641 (lien direct) | In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service. | Guideline | ||
|
2022-11-18 19:15:29 | CVE-2022-38075 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Mantenimiento web plugin | Vulnerability Guideline | ||
 |
2022-11-18 15:03:25 | Anatomy of a Stored Cross-site Scripting Vulnerability in Apache Spark (lien direct) | One of the services that Veracode offers is a consultation with an Application Security Consultant – a seasoned software developer and application security expert. In the context of a consultation, my team works with the software engineers of Veracode's customers to understand and, ideally, remediate security flaws found by the Veracode tool suite. There is a well-defined difference between a security flaw (a defect that can lead to a vulnerability) and a vulnerability (an exploitable condition within code that allows an attacker to attack it). While working with potentially dozens of different customer applications every week, we usually have a strong gut feeling for when a security flaw might constitute an exploitable vulnerability and should receive extra attention. During one of our consultations, a set of similar Cross-site Scripting (XSS) flaws was discovered by Veracode Static Analysis in what turned out to be 3rd party JavaScript files belonging to Apache Spark. After some… | Tool Vulnerability Guideline | ||
 |
2022-11-18 14:43:26 | GigaOm Names CTERA the Leader in Distributed Cloud File Storage for The Second Year in a Row (lien direct) | GigaOm Names CTERA the Leader in Distributed Cloud File Storage for The Second Year in a Row CTERA placed ahead of the competition in prestigious analyst report - Business News | Guideline | ||
 |
2022-11-18 08:33:08 | Gestion des accès : qui sont les principaux fournisseurs ? (lien direct) | Cinq fournisseurs se positionnent comme " leaders " du dernier Magic Quadrant de l'AM (gestion des accès). À quels titres ? | Guideline | ||
 |
2022-11-18 03:57:00 | Noname Security releases Recon attack simulator (lien direct) | As breaches increase and companies scramble to go from a defensive to an offensive approach, API-focused Noname Security has launched Recon, whice simulates an attacker performing reconnaissance on an organization's domains.Recon works from a root-level domain to find other domains, shadow domains, sub-domains, APIs, vulnerabilities, and public issues that put the organization at risk, according to Noname. “Then we start looking at, both actively and passively looking at any API-related information pertaining to those domains,” Troy Leilard, regional solution architect lead ANZ, tells CSO.To read this article in full, please click here | Guideline | ||
|
2022-11-18 00:15:09 | CVE-2022-24939 (lien direct) | A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error. | Guideline | ||
 |
2022-11-17 23:24:03 | Watchdog: Agency overseeing cybersecurity for offshore energy falling short (lien direct) | >The Government Accountability Office said that a worst-case scenario for an offshore oil and gas facility could lead to fatalities. | Guideline | ||
|
2022-11-17 23:15:23 | CVE-2022-42533 (lien direct) | In shared_metadata_init of SharedMetadata.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239415718References: N/A | Guideline | ||
|
2022-11-17 23:15:21 | CVE-2022-41132 (lien direct) | Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability in Ezoic plugin | Vulnerability Guideline | ||
|
2022-11-17 23:15:14 | CVE-2022-20460 (lien direct) | In (TBD) mprot_unmap? of (TBD), there is a possible way to corrupt the memory mapping due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239557547References: N/A | Guideline | ||
|
2022-11-17 23:15:13 | CVE-2022-20459 (lien direct) | In (TBD) of (TBD), there is a possible way to redirect code execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239556260References: N/A | Guideline | ||
|
2022-11-17 23:15:13 | CVE-2022-20428 (lien direct) | In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239555411References: N/A | Guideline | ||
|
2022-11-17 23:15:12 | CVE-2022-20427 (lien direct) | In (TBD) of (TBD), there is a possible way to corrupt memory due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239555070References: N/A | Guideline | ||
|
2022-11-17 20:00:00 | Dust Mobile annonce une levée de fonds Série B de 12 millions d\'euros (lien direct) | Dust Mobile annonce une levée de fonds Série B de 12 millions d'euros menée par le Fonds Innovation Défense, géré Bpifrance et souscrit par l'Agence de l'innovation de défense (AID), destiné à soutenir l'innovation des technologies duales et transversales, accompagné des investisseurs historiques, Tikehau Ace Capital, leader européen du capital-investissement dans la sécurité du numérique, via le fonds Brienne III (fonds dédié à la cybersécurité) et OMNES Capital, acteur majeur du capital investissement et de l'investissement en infrastructure. - Business | Guideline | ||
|
2022-11-17 17:15:14 | CVE-2022-4052 (lien direct) | A vulnerability was found in Student Attendance Management System and classified as critical. This issue affects some unknown processing of the file /Admin/createClass.php. The manipulation of the argument Id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213845 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-11-17 17:15:14 | CVE-2022-4053 (lien direct) | A vulnerability was found in Student Attendance Management System. It has been classified as problematic. Affected is an unknown function of the file createClass.php. The manipulation of the argument className leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213846 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-11-17 17:15:13 | CVE-2022-4051 (lien direct) | A vulnerability has been found in Hostel Searching Project and classified as critical. This vulnerability affects unknown code of the file view-property.php. The manipulation of the argument property_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213844. | Vulnerability Guideline | ||
|
2022-11-17 17:15:10 | CVE-2022-38390 (lien direct) | Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978. | Vulnerability Guideline | ||
|
2022-11-17 17:09:50 | Tanium reconnu comme un acteur leader par le rapport GigaOm dédié aux solutions de gestion des correctifs (lien direct) | Tanium reconnu comme un acteur leader par le rapport GigaOm dédié aux solutions de gestion des correctifs Ce classement récompense l'éditeur à la pointe du secteur grâce à d'exceptionnelles capacités de gestion des correctifs - Magic Quadrant | Guideline | ||
|
2022-11-17 15:33:25 | IGEL Ends Production of IGEL-branded Hardware, Partners with Leading Device Manufacturers to Expand Global Software Reach (lien direct) | IGEL Ends Production of IGEL-branded Hardware, Partners with Leading Device Manufacturers to Expand Global Software Reach IGEL teams with HP, Lenovo, and LG to deliver its managed endpoint operating system, enabling partners and customer to derive more value from their investments in Microsoft, Citrix, and VMware VDI, DaaS and SaaS solutions - Product Reviews | Guideline | ||
|
2022-11-17 15:19:17 | Pathlock Expands Leadership Team with Appointment of CRO to Fuel Next Stage of Growth (lien direct) | Pathlock Expands Leadership Team with Appointment of CRO to Fuel Next Stage of Growth. Damon Tompkins to lead field operations and spearhead sales, customer success and strategic partnership efforts - Business News | Guideline | ||
|
2022-11-17 15:12:56 | Ping Identity désigné comme un leader dans la gestion des identités et des accès par Forrester (lien direct) | Ping Identity désigné comme un leader dans la gestion des identités et des accès par Forrester - Magic Quadrant | Guideline | ||
 |
2022-11-17 14:35:00 | Gartner Insights: How to Respond to the Cyberthreat Landscape (lien direct) | The digital transformation era has fundamentally changed how organizations operate, including how they manage information technology processes and systems. This change has been driven primarily by a desire to improve efficiency, reduce costs, and increase agility across multiple business areas. These changes are often accompanied by a shift from traditional physical environments to fully virtualized ones. While the benefits of virtualization are well documented, the adoption of virtualization leads to the creation of highly vulnerable network architecture, especially when combined with public cloud resources. The risk of cyberattacks is increasing across industries, impacting every aspect of modern life. This includes everything from financial institutions to healthcare providers, manufacturing companies to retail stores, government agencies to educational institutions, energy utilities to transportation systems, telecommunications carriers to media outlets, and many others. Gartner Cybersecurity Research In fact, according to Gartner, nearly 90% of large enterprises now face some form of cyberattack each month. And among those attacks, 40% are considered high severity. In addition, there are over 3,200 known malware families, ranging from simple viruses to sophisticated targeted attacks. Gartner found that most organizations understand the importance of addressing cybercrime, but only some know how to do it properly. They believe cybersecurity must address technology and people issues, but they don’t fully realize how much of a challenge this truly is. Gartner’s research found that the current cybersecurity approach is failing, and a shift is needed. The research recommends that organizations take a holistic view of the problem and ensure proper alignment of security to top emerging threats by: • Gaining a clear picture of the current state of play: What are the biggest threats facing companies today? Where do they lie within the context of the overall threat landscape? And can you identify the threats? • Understanding where the most significant risk lies: Which areas pose the greatest threat to businesses today? And why? • Implementing effective strategies for mitigating threats: What are effective ways to address the most significant threats? For example, what types of technologies can help protect against data breaches? And how do you protect against insider threats? Or secure cloud environments? Post-Covid Era Cybersecurity Even though we’re now past the COVID-19 crisis, there were many disruptions in the cybersecurity industry. Many large companies continue to focus on remote work, causing cloud-based operations to increase and expanding 5G networks connected devices at faster speeds and greater bandwidths. Cryptocurrencies exploded in popularity and are now bought, sold, and traded by individuals on a grander scale than ever before. Many organizations need more visibility into the full extent of the risks across their growing attack surface, making it challenging to identify and address vulnerabilities effectively. In addition, the rapid pace of innovation and sophistication in attacks makes it increasingly challenging for organizations to keep up with new threats. Organizations must ensure they have the right solutions, like a threat intelligence management or extended detection and response (XDR) platform, to defend against cyberattacks proactively. Cyber Attacks and Attackers are Evolving The stereotypical hacker working alone is no longer the main threat. Today’s attackers are more methodological and work within larger teams of individuals, often organized into hacking collectives known as advanced persistent threats (APTs). These groups are typically comprised of highly skilled professionals who spend months plannin | Malware Threat Guideline | ||
 |
2022-11-17 10:21:02 | Tank, the leader of the Zeus cybercrime gang, was arrested by the Swiss police (lien direct) | >A suspected leader of the Zeus cybercrime gang, Vyacheslav Igorevich Penchukov (aka Tank), was arrested by Swiss police. Swiss police last month arrested in Geneva Vyacheslav Igorevich Penchukov (40), also known as Tank, which is one of the leaders of the JabberZeus cybercrime group. “Vyacheslav “Tank” Penchukov, the accused 40-year-old Ukrainian leader of a prolific cybercriminal […] | Guideline | ||
|
2022-11-16 21:01:28 | Viakoo Announce Strategic Alliance with Nozomi Networks (lien direct) | Viakoo Announce Strategic Alliance with Nozomi Networks to Deliver Agentless, End to End, IoT Security at Scale Leaders in operational technology/Internet of Things (OT/IoT) discovery and remediation partner to deliver best-in-class IoT enterprise security management solution - Business News | Guideline |
To see everything:
Our RSS (filtrered)
