What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-13 16:00:00 | Majority of Firms Make Cybersecurity Decisions Without Attacker Insight (lien direct) | Cybersecurity experts believe senior leadership teams underestimate cyber-threats | Guideline | ★★ | |
 |
2023-02-13 15:15:21 | CVE-2023-0260 (lien direct) | The WP Review Slider WordPress plugin before 12.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. | Guideline | ||
|
2023-02-13 15:15:21 | CVE-2023-0262 (lien direct) | The WP Airbnb Review Slider WordPress plugin before 3.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. | Guideline | ||
|
2023-02-13 15:15:21 | CVE-2023-0263 (lien direct) | The WP Yelp Review Slider WordPress plugin before 7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. | Guideline | ||
|
2023-02-13 15:15:21 | CVE-2023-0261 (lien direct) | The WP TripAdvisor Review Slider WordPress plugin before 10.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. | Guideline | ||
|
2023-02-13 15:15:21 | CVE-2023-0259 (lien direct) | The WP Google Review Slider WordPress plugin before 11.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. | Guideline | ||
|
2023-02-13 15:15:20 | CVE-2023-0099 (lien direct) | The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | Guideline | ||
|
2023-02-13 15:15:20 | CVE-2023-0098 (lien direct) | The Simple URLs WordPress plugin before 115 does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL injection exploitable by low privilege users such as subscriber. | Guideline | ||
|
2023-02-13 15:15:17 | CVE-2022-4546 (lien direct) | The Mapwiz WordPress plugin through 1.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | Guideline | ||
|
2023-02-13 15:15:16 | CVE-2022-4445 (lien direct) | The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | Guideline | ||
 |
2023-02-13 13:13:02 | Netwrix was named an overall leader in KuppingerCole\'s Identity (lien direct) | Netwrix, a cybersecurity vendor that makes data security easy, was named an overall leader in KuppingerCole's Identity Governance and Administration Leadership Compass. This category combines an organisation's product leadership, innovation leadership, and market leadership ratings. - MAGIC QUADRANT | Guideline | ★★ | |
|
2023-02-13 12:15:11 | CVE-2023-0808 (lien direct) | A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. Upgrading to version MW3_16U_5406_1.53 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-220769 was assigned to this vulnerability. | Guideline Vulnerability | ||
|
2023-02-13 08:15:12 | CVE-2023-24572 (lien direct) | Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion. | Guideline Vulnerability | ||
|
2023-02-13 08:15:10 | CVE-2023-23697 (lien direct) | Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion. | Guideline Vulnerability | ||
|
2023-02-13 02:21:07 | CVE-2023-22350 (lien direct) | Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing parts management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | Guideline Vulnerability | ||
|
2023-02-13 02:21:07 | CVE-2023-22360 (lien direct) | Use-after free vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process even when an error was detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | Guideline Vulnerability | ||
|
2023-02-13 02:21:07 | CVE-2023-22353 (lien direct) | Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing control management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | Guideline Vulnerability | ||
|
2023-02-13 02:21:07 | CVE-2023-22349 (lien direct) | Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing screen management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | Guideline Vulnerability | ||
|
2023-02-13 02:21:06 | CVE-2023-22345 (lien direct) | Out-of-bound write vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process when out of specification errors are detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | Guideline Vulnerability | ||
|
2023-02-13 02:21:06 | CVE-2023-22347 (lien direct) | Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing file structure information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | Guideline Vulnerability | ||
|
2023-02-13 02:21:06 | CVE-2023-22346 (lien direct) | Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing template information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | Guideline Vulnerability | ||
 |
2023-02-13 00:06:25 | Ransomware hits Technion university to protest tech layoffs and Israel (lien direct) | A new ransomware group going by the name 'DarkBit' has hit Technion - Israel Institute of Technology, one of Israel's leading research universities. The ransom note posted by DarkBit is littered with messaging protesting tech layoffs and promoting anti-Israel rhetoric, as well as the group demanding a $1.7 million payment. [...] | Ransomware Guideline | ★★ | |
|
2023-02-12 21:15:10 | CVE-2020-36661 (lien direct) | A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic. This vulnerability affects the function is_header of the file src/multipart.lua. The manipulation leads to inefficient regular expression complexity. Upgrading to version 0.5.9-1 is able to address this issue. The name of the patch is d632e5df43a2928fd537784a99a79dec288bf01b. It is recommended to upgrade the affected component. VDB-220642 is the identifier assigned to this vulnerability. | Guideline Vulnerability | ||
|
2023-02-12 15:15:10 | CVE-2019-25103 (lien direct) | A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file simple-markdown.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. Upgrading to version 0.5.2 is able to address this issue. The name of the patch is 89797fef9abb4cab2fb76a335968266a92588816. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220639. | Guideline Vulnerability | ||
|
2023-02-12 14:15:11 | CVE-2019-25102 (lien direct) | A vulnerability, which was classified as problematic, was found in simple-markdown 0.6.0. Affected is an unknown function of the file simple-markdown.js. The manipulation with the input | Guideline | ||
|
2023-02-12 14:15:10 | CVE-2015-10078 (lien direct) | A vulnerability, which was classified as problematic, has been found in atwellpub Resend Welcome Email Plugin 1.0.1. This issue affects the function send_welcome_email_url of the file resend-welcome-email.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is b14c1f66d307783f0ae74f88088a85999107695c. It is recommended to upgrade the affected component. The identifier VDB-220637 was assigned to this vulnerability. | Guideline | ||
|
2023-02-12 08:15:10 | CVE-2023-0784 (lien direct) | A vulnerability classified as critical has been found in SourceCodester Best Online News Portal 1.0. Affected is an unknown function of the component Login Page. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220644. | Guideline Vulnerability | ||
|
2023-02-12 08:15:10 | CVE-2023-0785 (lien direct) | A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file check_availability.php. The manipulation of the argument username leads to exposure of sensitive information through data queries. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220645 was assigned to this vulnerability. | Guideline Vulnerability | ||
|
2023-02-12 04:15:19 | CVE-2022-47450 (lien direct) | In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | Guideline | ||
|
2023-02-12 04:15:19 | CVE-2022-47452 (lien direct) | In gnss driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in wlan services. | Guideline | ||
|
2023-02-12 04:15:19 | CVE-2022-47451 (lien direct) | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | Guideline | ||
|
2023-02-12 04:15:18 | CVE-2022-47355 (lien direct) | In log service, there is a missing permission check. This could lead to local denial of service in log service. | Guideline | ||
|
2023-02-12 04:15:18 | CVE-2022-47357 (lien direct) | In log service, there is a missing permission check. This could lead to local denial of service in log service. | Guideline | ||
|
2023-02-12 04:15:18 | CVE-2022-47367 (lien direct) | In bluetooth driver, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | Guideline | ||
|
2023-02-12 04:15:18 | CVE-2022-47354 (lien direct) | In log service, there is a missing permission check. This could lead to local denial of service in log service. | Guideline | ||
|
2023-02-12 04:15:18 | CVE-2022-47361 (lien direct) | In firewall service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. | Guideline | ||
|
2023-02-12 04:15:18 | CVE-2022-47358 (lien direct) | In log service, there is a missing permission check. This could lead to local denial of service in log service. | Guideline | ||
|
2023-02-12 04:15:18 | CVE-2022-47365 (lien direct) | In wlan driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in wlan services. | Guideline | ||
|
2023-02-12 04:15:18 | CVE-2022-47366 (lien direct) | In wlan driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in wlan services. | Guideline | ||
|
2023-02-12 04:15:18 | CVE-2022-47368 (lien direct) | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | Guideline | ||
|
2023-02-12 04:15:18 | CVE-2022-47359 (lien direct) | In log service, there is a missing permission check. This could lead to local denial of service in log service. | Guideline | ||
|
2023-02-12 04:15:18 | CVE-2022-47369 (lien direct) | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | Guideline | ||
|
2023-02-12 04:15:18 | CVE-2022-47371 (lien direct) | In bt driver, there is a thread competition leads to early release of resources to be accessed. This could lead to local denial of service in kernel. | Guideline | ||
|
2023-02-12 04:15:18 | CVE-2022-47348 (lien direct) | In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services. | Guideline | ||
|
2023-02-12 04:15:18 | CVE-2022-47363 (lien direct) | In wlan driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service in wlan services. | Guideline | ||
|
2023-02-12 04:15:18 | CVE-2022-47347 (lien direct) | In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services. | Guideline | ||
|
2023-02-12 04:15:18 | CVE-2022-47364 (lien direct) | In wlan driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in wlan services. | Guideline | ||
|
2023-02-12 04:15:18 | CVE-2022-47370 (lien direct) | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | Guideline | ||
|
2023-02-12 04:15:18 | CVE-2022-47360 (lien direct) | In log service, there is a missing permission check. This could lead to local denial of service in log service. | Guideline | ||
|
2023-02-12 04:15:18 | CVE-2022-47356 (lien direct) | In log service, there is a missing permission check. This could lead to local denial of service in log service. | Guideline |
To see everything:
Our RSS (filtrered)
