What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-10-31 00:15:10 | CVE-2023-46139 (lien direct) | Kernelsu est une solution racine basée sur le noyau pour Android.À partir de la version 0.6.1 et avant la version 0.7.0, si un périphérique installé Kernelsu est infecté par un logiciel malveillant dont le bloc de signature d'application est spécialement construit, il peut reprendre les privilèges racine sur l'appareil.La logique de vérification vulnérable obtient en fait la signature du dernier bloc avec un ID de `0x7109871a`, tandis que la logique de vérification lors de l'installation d'Android est d'obtenir la première.En plus de la mise à niveau de la signature réelle qui a été corrigée (KSU pensait que c'était V2 mais était en fait V3), il y a aussi le problème de la dégradation de la signature réelle (KSU pensait que c'était V2 mais était en fait V1).Trouvez une condition dans la logique de vérification de la signature qui entraînera une erreur de signature, et Kernelsu n'implémente pas les mêmes conditions, donc KSU pense qu'il y a une signature V2, mais la vérification de la signature APK utilise réellement la signature V1.Ce problème est résolu dans la version 0.7.0.En tant que solution de contournement, maintenez le gestionnaire de Kernelsu installé et évitez d'installer des applications inconnues.
KernelSU is a Kernel based root solution for Android. Starting in version 0.6.1 and prior to version 0.7.0, if a KernelSU installed device is infected with a malware whose app signing block specially constructed, it can take over root privileges on the device. The vulnerable verification logic actually obtains the signature of the last block with an id of `0x7109871a`, while the verification logic during Android installation is to obtain the first one. In addition to the actual signature upgrade that has been fixed (KSU thought it was V2 but was actually V3), there is also the problem of actual signature downgrading (KSU thought it was V2 but was actually V1). Find a condition in the signature verification logic that will cause the signature not to be found error, and KernelSU does not implement the same conditions, so KSU thinks there is a V2 signature, but the APK signature verification actually uses the V1 signature. This issue is fixed in version 0.7.0. As workarounds, keep the KernelSU manager installed and avoid installing unknown apps. |
Malware | ||
|
2023-10-25 18:17:28 | CVE-2023-36085 (lien direct) | Le SisqualWFM 7.1.319.103 à 7.1.319.111 pour Android, a une vulnérabilité d'injection d'en-tête hôte dans son point de terminaison "/ SisqualidentityServer / Core /".En modifiant l'en-tête hôte HTTP, un attaquant peut modifier les liens de page Web et même rediriger les utilisateurs vers des emplacements arbitraires ou malveillants.Cela peut entraîner des attaques de phishing, une distribution de logiciels malveillants et un accès non autorisé aux ressources sensibles.
The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources. |
Malware Vulnerability | ||
|
2023-10-20 07:15:14 | CVE-2020-36698 (lien direct) | La sécurité & amp;Le plugin de malware par malware par CleanTalk pour WordPress est vulnérable à l'interaction utilisateur non autorisée dans les versions jusqu'à et comprenant 2,50.Cela est dû aux vérifications de la capacité manquantes sur plusieurs actions AJAX et la divulgation nonce dans la page source du tableau de bord administratif.Cela permet aux attaquants authentifiés, avec des autorisations de niveau abonné et au-dessus, d'appeler les fonctions et de supprimer et / ou de télécharger des fichiers.
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and/or upload files. |
Malware | ||
|
2023-10-19 20:15:08 | CVE-2023-30633 (lien direct) | Un problème a été découvert dans Treeconfigdriver dans Insyde Insydeh2o avec le noyau 5.0 à 5.5.Il peut signaler les fausses valeurs de PCR TPM et ainsi masquer l'activité malveillante.Les périphériques utilisent des registres de configuration de la plate-forme (PCR) pour enregistrer des informations sur la configuration des périphériques et des logiciels pour garantir que le processus de démarrage est sécurisé.(Par exemple, Windows utilise ces mesures de PCR pour déterminer la santé de l'appareil.) Un appareil vulnérable peut se faire passer pour un appareil sain en étendant des valeurs arbitraires dans les banques de registre de configuration de la plate-forme (PCR).Cela nécessite un accès physique à un appareil de victime de la victime cible ou un compromis d'identification de l'utilisateur pour un appareil.Ce problème est similaire à CVE-2021-42299 (sur les appareils Surface Pro).
An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers (PCRs) to record information about device and software configuration to ensure that the boot process is secure. (For example, Windows uses these PCR measurements to determine device health.) A vulnerable device can masquerade as a healthy device by extending arbitrary values into Platform Configuration Register (PCR) banks. This requires physical access to a target victim\'s device, or compromise of user credentials for a device. This issue is similar to CVE-2021-42299 (on Surface Pro devices). |
Malware | ||
|
2023-10-10 17:15:12 | CVE-2023-37939 (lien direct) | Une exposition d'informations sensibles à une vulnérabilité d'acteur non autorisée [CWE-200] dans & acirc; & nbsp; Forticlient pour Windows 7.2.0, 7.0 Toutes les versions, 6.4 Toutes les versions, 6.2 Toutes les versions, Linux 7.2.0, 7.0 Toutes les versions, 6.4 Toutes les versions, 6.2, 6.2 Toutes les versions et Mac 7.2.0 à 7.2.1, 7.0 Toutes les versions, 6.4 Toutes les versions, 6.2 Toutes les versions, peuvent autoriser un attaquant authentifié local sans privilèges administratifs pour récupérer la liste des fichiers ou dossiers ou des dossiers ou des dossiersbalayage.
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning. |
Malware Vulnerability | ||
|
2023-09-20 00:15:09 | CVE-2020-24089 (lien direct) | Un problème a été découvert dans imfhpregFilter.sys dans iobit malware Fighter version 8.0.2, permet aux attaquants locaux de provoquer un déni de service (DOS).
An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS). |
Malware | ||
|
2023-08-09 03:15:43 | CVE-2023-39341 (lien direct) | "FFRI Yarai", "FFRI Yarai Home and Business Edition" et leurs produits OEM gèrent mal les conditions exceptionnelles, ce qui peut conduire à un état de déni de service (DOS).
Les produits et versions affectés sont les suivants: FFRI YARAI Versions 3.4.0 à 3.4.6 et 3.5.0, FFRI Yarai Home and Business Edition version 1.4.0, Infotrace Mark II Malware Protection (Mark II Zerona) Versions 3.0.1 à 3.2.2, Versions Zerona / Zerona Plus 3.2.32 à 3.2.36, ActSecure?Versions 3.4.0 à 3.4.6 et 3.5.0, Dual SAFED PORTÉE PAR FFRI YARAI Version 1.4.1, EDR Plus Pack (versions FFRI YARAI FFRI 3.4.0 à 3.4.6 et 3.5.0) et Edr Plus Pack Cloud(Versions FFRI Yarai groupées 3.4.0 à 3.4.6 et 3.5.0).
"FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure ? versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0). |
Malware Cloud | ||
|
2023-03-26 23:15:07 | CVE-2023-1646 (lien direct) | Une vulnérabilité a été trouvée dans Iobit Malware Fighter 9.4.0.776.Il a été déclaré comme critique.Cette vulnérabilité affecte la fonction 0x8018e000 / 0x8018e004 dans la bibliothèque imfcameraprotect.sys du gestionnaire IOCTL du composant.La manipulation conduit à un débordement de tampon basé sur la pile.Une attaque doit être approchée localement.L'exploit a été divulgué au public et peut être utilisé.VDB-224026 est l'identifiant attribué à cette vulnérabilité.
A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been declared as critical. This vulnerability affects the function 0x8018E000/0x8018E004 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-224026 is the identifier assigned to this vulnerability. |
Malware Vulnerability Guideline | ||
|
2023-03-26 23:15:07 | CVE-2023-1644 (lien direct) | Une vulnérabilité a été trouvée dans IOBIT Malware Fighter 9.4.0.776 et classifiée comme problématique.Ce problème est la fonction 0x8018e010 dans la bibliothèque imfcameraprotect.sys du gestionnaire IOCTL du composant.La manipulation conduit au déni de service.Il est possible de lancer l'attaque de l'hôte local.L'exploit a été divulgué au public et peut être utilisé.L'identifiant de cette vulnérabilité est VDB-224024.
A vulnerability was found in IObit Malware Fighter 9.4.0.776 and classified as problematic. Affected by this issue is the function 0x8018E010 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224024. |
Malware Vulnerability Guideline | ||
|
2023-03-26 23:15:07 | CVE-2023-1645 (lien direct) | Une vulnérabilité a été trouvée dans Iobit Malware Fighter 9.4.0.776.Il a été classé comme problématique.Cela affecte la fonction 0x8018e008 dans la bibliothèque imfcameraprotect.sys du gestionnaire IOCTL du composant.La manipulation conduit au déni de service.L'attaque doit être approchée localement.L'exploit a été divulgué au public et peut être utilisé.L'identifiant VDB-224025 a été attribué à cette vulnérabilité.
A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been classified as problematic. This affects the function 0x8018E008 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-224025 was assigned to this vulnerability. |
Malware Vulnerability Guideline | ||
|
2023-03-26 22:15:07 | CVE-2023-1643 (lien direct) | Une vulnérabilité a été trouvée dans IOBIT Malware Fighter 9.4.0.776 et classifiée comme problématique.Cette vulnérabilité est la fonction 0x8001e000 / 0x8001e004 / 0x8001e018 / 0x8001e01c / 0x8001e024 / 0x8001e040 dans la bibliothèque imfhpregfilter.sys du gestionnaire de composant IOCTL.La manipulation conduit au déni de service.Attaquer localement est une exigence.L'exploit a été divulgué au public et peut être utilisé.L'identifiant associé de cette vulnérabilité est VDB-224023.
A vulnerability has been found in IObit Malware Fighter 9.4.0.776 and classified as problematic. Affected by this vulnerability is the function 0x8001E000/0x8001E004/0x8001E018/0x8001E01C/0x8001E024/0x8001E040 in the library ImfHpRegFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224023. |
Malware Vulnerability Guideline | ||
|
2023-03-26 22:15:07 | CVE-2023-1642 (lien direct) | Une vulnérabilité, qui a été classée comme problématique, a été trouvée dans Iobit Malware Fighter 9.4.0.776.La fonction est la fonction 0x222034 / 0x222038 / 0x22203C / 0x222040 dans la bibliothèque ObcallBackProcess.SYS du gestionnaire IOCTL du composant.La manipulation conduit au déni de service.L'accès local est nécessaire pour aborder cette attaque.L'exploit a été divulgué au public et peut être utilisé.VDB-224022 est l'identifiant attribué à cette vulnérabilité.
A vulnerability, which was classified as problematic, was found in IObit Malware Fighter 9.4.0.776. Affected is the function 0x222034/0x222038/0x22203C/0x222040 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-224022 is the identifier assigned to this vulnerability. |
Malware Guideline | ||
|
2023-03-26 22:15:06 | CVE-2023-1640 (lien direct) | Une vulnérabilité classée comme problématique a été trouvée dans IOBIT MALWORE Fighter 9.4.0.776.Cette vulnérabilité affecte la fonction 0x222010 dans la bibliothèque obcallbackprocess.Sys du gestionnaire IOCTL du composant.La manipulation conduit au déni de service.L'attaque doit être approchée localement.L'exploit a été divulgué au public et peut être utilisé.L'identifiant de cette vulnérabilité est VDB-224020.
A vulnerability classified as problematic was found in IObit Malware Fighter 9.4.0.776. This vulnerability affects the function 0x222010 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224020. |
Malware Vulnerability Guideline | ||
|
2023-03-26 22:15:06 | CVE-2023-1641 (lien direct) | Une vulnérabilité, qui a été classée comme problématique, a été trouvée dans Iobit Malware Fighter 9.4.0.776.Ce problème affecte la fonction 0x222018 dans la bibliothèque obcallbackprocess.Sys du gestionnaire IOCTL du composant.La manipulation conduit au déni de service.Une attaque doit être approchée localement.L'exploit a été divulgué au public et peut être utilisé.L'identifiant VDB-224021 a été attribué à cette vulnérabilité.
A vulnerability, which was classified as problematic, has been found in IObit Malware Fighter 9.4.0.776. This issue affects the function 0x222018 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-224021 was assigned to this vulnerability. |
Malware Guideline | ||
|
2023-03-26 21:15:06 | CVE-2023-1638 (lien direct) | Une vulnérabilité a été trouvée dans Iobit Malware Fighter 9.4.0.776.Il a été considéré comme problématique.Ce problème est la fonction 0x8001e024 / 0x8001e040 dans la bibliothèque imfregistryFilter.Sys du gestionnaire IOCTL du composant.La manipulation conduit au déni de service.Attaquer localement est une exigence.L'exploit a été divulgué au public et peut être utilisé.VDB-224018 est l'identifiant attribué à cette vulnérabilité.
A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been rated as problematic. Affected by this issue is the function 0x8001E024/0x8001E040 in the library ImfRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-224018 is the identifier assigned to this vulnerability. |
Malware Vulnerability Guideline | ||
|
2023-03-26 21:15:06 | CVE-2023-1639 (lien direct) | Une vulnérabilité classée comme problématique a été trouvée dans IOBIT MALWORE Fighter 9.4.0.776.Cela affecte la fonction 0x8001e04c dans la bibliothèque imfregistryFilter.SYS du gestionnaire IOCTL du composant.La manipulation conduit au déni de service.Il est possible de lancer l'attaque de l'hôte local.L'exploit a été divulgué au public et peut être utilisé.L'identifiant associé de cette vulnérabilité est VDB-224019.
A vulnerability classified as problematic has been found in IObit Malware Fighter 9.4.0.776. This affects the function 0x8001E04C in the library ImfRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224019. |
Malware Vulnerability Guideline | ||
|
2023-02-02 10:15:09 | CVE-2022-43665 (lien direct) | A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target process. An attacker can provide a malicious file to trigger this vulnerability. | Malware Vulnerability Guideline | ||
|
2023-01-30 21:15:12 | CVE-2022-4794 (lien direct) | The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies. | Malware | ||
|
2023-01-23 07:15:10 | CVE-2023-24068 (lien direct) | Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code into pre-existing attachments or replace them completely. A threat actor can forward the existing attachment in the corresponding conversation to external groups, and the name and size of the file will not change, allowing the malware to masquerade as another file. | Malware Threat | ||
|
2023-01-02 22:15:18 | CVE-2022-4417 (lien direct) | The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users | Malware | ||
|
2022-12-20 04:15:09 | CVE-2022-47578 (lien direct) | An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by booting into Safe Mode. This allows a file to be exchanged outside the laptop/system. Safe Mode can be launched by any user (even without admin rights). Data exfiltration can occur, and also malware might be introduced onto the system. | Malware | ||
|
2022-12-06 00:15:10 | CVE-2022-4173 (lien direct) | A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avast and AVG Antivirus version 22.10. | Malware Vulnerability | ||
|
2022-11-15 21:15:36 | CVE-2022-30772 (lien direct) | Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by malware to overwrite SMRAM or OS kernel memory. This issue was discovered by Insyde engineering during a security review. This issue is fixed in: Kernel 5.0: 05.09.41 Kernel 5.1: 05.17.43 Kernel 5.2: 05.27.30 Kernel 5.3: 05.36.30 Kernel 5.4: 05.44.30 Kernel 5.5: 05.52.30 https://www.insyde.com/security-pledge/SA-2022065 | Malware | ||
|
2022-11-12 05:15:12 | CVE-2022-38652 (lien direct) | ** UNSUPPORTED WHEN ASSIGNED ** A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within a Hyperic Agent instance and its host operating system with the privileges of the Hyperic Agent process (often SYSTEM on Windows platforms). NOTE: prior exploitation of CVE-2022-38650 results in the disclosure of the authentication material required to exploit this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | Malware Vulnerability | ★★ | |
|
2022-11-12 05:15:11 | CVE-2022-38650 (lien direct) | ** UNSUPPORTED WHEN ASSIGNED ** A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with the privileges of the Hyperic server process. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | Malware Vulnerability | ★★★★ | |
|
2022-09-23 14:15:12 | CVE-2022-3144 (lien direct) | The Wordfence Security – Firewall & Malware Scan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 7.6.0 via a setting on the options page due to insufficient escaping on the stored value. This makes it possible for authenticated users, with administrative privileges, to inject malicious web scripts into the setting that executes whenever a user accesses a page displaying the affected setting on sites running a vulnerable version. | Malware | ||
|
2022-09-13 19:15:13 | CVE-2022-39206 (lien direct) | Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket (e.g. /var/run/docker.sock on Linux) is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daemon on the host machine. This is a known dangerous pattern, as it can be used to break out of Docker containers and, in most cases, gain root privileges on the host system. This issue allows regular (non-admin) users to potentially take over the build infrastructure of a OneDev instance. Attackers need to have an account (or be able to register one) and need permission to create a project. Since code.onedev.io has the right preconditions for this to be exploited by remote attackers, it could have been used to hijack builds of OneDev itself, e.g. by injecting malware into the docker images that are built and pushed to Docker Hub. The impact is increased by this as described before. Users are advised to upgrade to 7.3.0 or higher. There are no known workarounds for this issue. | Malware | ||
|
2022-08-24 12:15:08 | CVE-2022-33172 (lien direct) | de.fac2 1.34 allows bypassing the User Presence protection mechanism when there is malware on the victim's PC. | Malware | ★★★ | |
|
2022-07-28 21:15:08 | CVE-2021-41556 (lien direct) | sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions has been disabled. An attacker might abuse this bug to target (for example) Cloud services that allow customization via SquirrelScripts, or distribute malware through video games that embed a Squirrel Engine. | Malware Guideline | ||
|
2022-07-01 14:15:08 | CVE-2014-3648 (lien direct) | The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can't be reached or can slow the server down by purposefully wasting it's time with slow endpoints. Similarly, one can provide whatever HTTP end point they want. This turns the server into a DDOS vector or an anonymizer for the posting of malware and so on. | Malware | ||
|
2022-06-27 09:15:10 | CVE-2022-1995 (lien direct) | The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) | Malware Guideline | ||
|
2022-06-27 09:15:08 | CVE-2022-1028 (lien direct) | The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) | Malware Guideline | ★★ | |
|
2022-05-23 19:16:07 | CVE-2022-31466 (lien direct) | Quick Heal Total Security before 12.1.1.27 has a TOCTOU race condition that leads to privilege escalation. It may follow a symlink that was created after a malware check. | Malware Guideline | ||
|
2022-05-12 17:15:09 | CVE-2022-21147 (lien direct) | An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this vulnerability to cause denial of service and termination of malware scan. An attacker can provide a malicious file to trigger this vulnerability. | Malware Vulnerability | ★★★★ | |
|
2022-05-07 04:15:09 | CVE-2022-30330 (lien direct) | In the KeepKey firmware before 7.3.2, the bootloader can be exploited in unusual situations in which the attacker has physical access, convinces the victim to install malicious firmware, or knows the victim's seed phrase. lib/board/supervise.c mishandles svhandler_flash_* address range checks. If exploited, any installed malware could persist even after wiping the device and resetting the firmware. | Malware | ||
|
2022-05-03 04:15:09 | CVE-2022-20748 (lien direct) | A vulnerability in the local malware analysis process of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to insufficient error handling in the local malware analysis process of an affected device. An attacker could exploit this vulnerability by sending a crafted file through the device. A successful exploit could allow the attacker to cause the local malware analysis process to crash, which could result in a DoS condition. Notes: Manual intervention may be required to recover from this situation. Malware cloud lookup and dynamic analysis will not be impacted. | Malware Vulnerability Threat | ||
|
2022-04-28 16:15:08 | CVE-2022-1514 (lien direct) | Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account. | Malware | ||
|
2022-04-25 10:15:09 | CVE-2022-1457 (lien direct) | Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account. | Malware | ★★ | |
|
2022-04-11 15:15:08 | CVE-2022-0989 (lien direct) | An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain. | Malware | ||
|
2022-03-07 09:15:09 | CVE-2022-0429 (lien direct) | The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability. | Malware Guideline | ||
|
2022-02-04 23:15:11 | CVE-2021-29218 (lien direct) | A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows. | Malware Vulnerability Guideline | ||
|
2021-11-13 18:15:07 | CVE-2021-43616 (lien direct) | The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json. | Malware | ||
|
2021-10-08 16:15:08 | CVE-2021-41919 (lien direct) | webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is working by adding or replacing a personal profile picture. The affected endpoint is /includes/upload.php on the HTTP POST data. This allows an attacker to exploit the platform by injecting code or malware and, under certain conditions, to execute code on remote user browsers. | Malware | ||
|
2021-08-10 15:15:07 | CVE-2021-33699 (lien direct) | Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. This allows an unauthorized attacker or malware to takeover legitimate apps and to steal user's sensitive information. | Malware Vulnerability | ★★★★ | |
|
2021-06-16 18:15:08 | CVE-2021-1566 (lien direct) | A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP servers. This vulnerability is due to improper certificate validation when an affected device establishes TLS connections. A man-in-the-middle attacker could exploit this vulnerability by sending a crafted TLS packet to an affected device. A successful exploit could allow the attacker to spoof a trusted host and then extract sensitive information or alter certain API requests. | Malware Vulnerability | ★★★ | |
|
2021-06-09 14:15:10 | CVE-2021-33666 (lien direct) | When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it is vulnerable to MIME sniffing, which, in certain circumstances, could be used to facilitate an XSS attack or malware proliferation. | Malware | ||
|
2021-05-13 03:15:06 | CVE-2020-36198 (lien direct) | A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Malware Remover versions prior to 4.6.1.0. This issue does not affect: QNAP Systems Inc. Malware Remover 3.x. | Malware Vulnerability | ||
|
2021-05-11 15:15:08 | CVE-2021-27612 (lien direct) | In specific situations SAP GUI for Windows, versions - 7.60, 7.70 forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim. | Malware Guideline | ||
|
2021-04-08 04:15:12 | CVE-2021-1386 (lien direct) | A vulnerability in the dynamic link library (DLL) loading mechanism in Cisco Advanced Malware Protection (AMP) for Endpoints Windows Connector, ClamAV for Windows, and Immunet could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected Windows system. To exploit this vulnerability, the attacker would need valid credentials on the system. The vulnerability is due to insufficient validation of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on an affected system. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges. | Malware Vulnerability | ||
|
2021-03-31 14:15:19 | CVE-2021-23985 (lien direct) | If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a direct network connection to the victim) to monitor the user's browsing activity and (plaintext) network traffic. This was addressed by providing a visual cue when Devtools has an open network socket. This vulnerability affects Firefox < 87. | Malware Vulnerability |
To see everything:
Our RSS (filtrered)
