What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-02 07:15:08 | CVE-2023-1151 (lien direct) | A vulnerability was found in SourceCodester Electronic Medical Records System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file administrator.php of the component Cookie Handler. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222163. | Vulnerability Guideline Medical | ||
|
2023-03-01 21:15:10 | CVE-2023-22738 (lien direct) | vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain their permissions and therefore might be able to access stuff they should not be allowed to access. This issue is patched in version 3.8.0. | Guideline | ||
 |
2023-03-01 20:25:32 | (Déjà vu) GCP-2023-001 (lien direct) | Published: 2023-03-01Description Description Severity Notes A new vulnerability (CVE-2022-4696) has been discovered in the Linux kernel that can lead to a privilege escalation on the node. For instructions and more details, see the following bulletins: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin High CVE-2022-4696 | Vulnerability Guideline | ★★★ | |
|
2023-03-01 20:15:12 | CVE-2023-1131 (lien direct) | A vulnerability has been found in SourceCodester Computer Parts Sales and Inventory System 1.0 and classified as problematic. This vulnerability affects unknown code of the file customer.php. The manipulation of the argument FIRST_NAME/LAST_NAME/PHONE_NUMBER leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222106 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-03-01 20:15:11 | CVE-2023-1130 (lien direct) | A vulnerability, which was classified as critical, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file processlogin. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222105 was assigned to this vulnerability. | Guideline | ||
 |
2023-03-01 18:22:20 | Endor Labs Partners with Security and Technology Leaders to Identify Top 10 Open Source Software Risks of 2023 (lien direct) | Endor Labs Partners with Security and Technology Leaders to Identify Top 10 Open Source Software Risks of 2023 20 CISOs and technology veterans collaborate with Endor Labs' Station 9 research team to develop first comprehensive report to analyze both operational and security Open Source Software risks - Special Reports | Guideline | ★★ | |
|
2023-03-01 16:14:04 | Checkmarx Appoints Sandeep Johri as CEO (lien direct) | Checkmarx Appoints Sandeep Johri as CEO; Co-founder and CEO Emmanuel Benzaquen Continues to Serve on the Board of Directors A seasoned, growth-focused executive in cloud, cybersecurity and DevOps markets, Johri brings over three decades of leadership at both enterprise and startup companies - Business News | Guideline | ★ | |
|
2023-03-01 15:15:11 | CVE-2022-46806 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Cart All In One For WooCommerce plugin | Vulnerability Guideline | ||
|
2023-03-01 15:15:11 | CVE-2022-47148 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce plugin | Vulnerability Guideline | ||
|
2023-03-01 15:15:10 | CVE-2022-46805 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin | Vulnerability Guideline | ||
|
2023-03-01 15:15:10 | CVE-2022-46798 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin | Vulnerability Guideline | ||
|
2023-03-01 14:15:16 | CVE-2022-45804 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin | Vulnerability Guideline | ||
|
2023-03-01 14:15:16 | CVE-2022-46797 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in Conversios All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce plugin | Vulnerability Guideline | ||
|
2023-03-01 14:15:16 | CVE-2022-40198 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in StandaloneTech TeraWallet – For WooCommerce plugin | Vulnerability Guideline | ||
|
2023-03-01 14:15:15 | CVE-2022-38468 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery plugin | Vulnerability Guideline | ||
|
2023-03-01 13:15:10 | CVE-2023-23984 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu – circle floating menu plugin | Vulnerability Guideline | ||
 |
2023-03-01 11:59:44 | 8 ways to secure Chrome browser for Google Workspace users (lien direct) | Posted by Kiran Nair, Product Manager, Chrome Browser Your journey towards keeping your Google Workspace users and data safe, starts with bringing your Chrome browsers under Cloud Management at no additional cost. Chrome Browser Cloud Management is a single destination for applying Chrome Browser policies and security controls across Windows, Mac, Linux, iOS and Android. You also get deep visibility into your browser fleet including which browsers are out of date, which extensions your users are using and bringing insight to potential security blindspots in your enterprise. Managing Chrome from the cloud allows Google Workspace admins to enforce enterprise protections and policies to the whole browser on fully managed devices, which no longer requires a user to sign into Chrome to have policies enforced. You can also enforce policies that apply when your managed users sign in to Chrome browser on any Windows, Mac, or Linux computer (via Chrome Browser user-level management) --not just on corporate managed devices.  This enables you to keep your corporate data and users safe, whether they are accessing work resources from fully managed, personal, or unmanaged devices used by your vendors. Getting started is easy. If your organization hasn't already, check out this guide for steps on how to enroll your devices. 2. Enforce built-in protections against Phishing, Ransomware & Malware Chrome uses Google's Safe Browsing technology to help protect billions of devices every day by showing warnings to users when they attempt to navigate to dangerous sites or download dangerous files. Safe Browsing is enabled by default for all users when they download Chrome. As an administrator, you can prevent your users from disabling Safe Browsing by enforcing the SafeBrowsingProtectionLevel policy.  Over the past few years, we've seen threats on the web becoming increasingly sophisticated. Turning on Enhanced Safe Browsing will substantially increase protection |
Ransomware Malware Tool Threat Guideline Cloud | ★★★ | |
|
2023-03-01 11:15:12 | CVE-2021-4327 (lien direct) | A vulnerability was found in SerenityOS. It has been rated as critical. Affected by this issue is the function initialize_typed_array_from_array_buffer in the library Userland/Libraries/LibJS/Runtime/TypedArray.cpp. The manipulation leads to integer overflow. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is f6c6047e49f1517778f5565681fb64750b14bf60. It is recommended to apply a patch to fix this issue. VDB-222074 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-03-01 10:15:10 | CVE-2023-1113 (lien direct) | A vulnerability was found in SourceCodester Simple Payroll System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file admin/?page=admin of the component POST Parameter Handler. The manipulation of the argument fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222073 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-03-01 10:15:09 | CVE-2023-1112 (lien direct) | A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1. It has been classified as critical. Affected is an unknown function of the file admin-ajax.php. The manipulation of the argument upload_name leads to relative path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222072. | Vulnerability Guideline | ||
|
2023-03-01 08:15:13 | CVE-2023-22757 (lien direct) | There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | Guideline | ||
|
2023-03-01 08:15:13 | CVE-2023-22756 (lien direct) | There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | Guideline | ||
|
2023-03-01 08:15:12 | CVE-2023-22755 (lien direct) | There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | Guideline | ||
|
2023-03-01 08:15:12 | CVE-2023-22749 (lien direct) | There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | Guideline | ||
|
2023-03-01 08:15:12 | CVE-2023-22754 (lien direct) | There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | Guideline | ||
|
2023-03-01 08:15:12 | CVE-2023-22753 (lien direct) | There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | Guideline | ||
|
2023-03-01 08:15:12 | CVE-2023-22751 (lien direct) | There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | Guideline | ||
|
2023-03-01 08:15:12 | CVE-2023-22747 (lien direct) | There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | Guideline | ||
|
2023-03-01 08:15:12 | CVE-2023-22750 (lien direct) | There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | Guideline | ||
|
2023-03-01 08:15:12 | CVE-2023-22752 (lien direct) | There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | Guideline | ||
|
2023-03-01 08:15:12 | CVE-2023-22748 (lien direct) | There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | Guideline | ||
|
2023-03-01 08:15:11 | CVE-2023-0567 (lien direct) | In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. | Guideline | ||
|
2023-03-01 08:15:10 | CVE-2022-27677 (lien direct) | Failure to validate privileges during installation of AMD Ryzenâ„¢ Master may allow an attacker with low privileges to modify files potentially leading to privilege escalation and code execution by the lower privileged user. | Guideline | ||
|
2023-03-01 00:15:10 | CVE-2023-0847 (lien direct) | The Sub-IoT implementation of the DASH 7 Alliance protocol has a vulnerability that can lead to an out-of-bounds write prior to implementation version 0.5.0. If the protocol has been compiled using default settings, this will only grant the attacker access to allocated but unused memory. However, if it was configured using non-default settings, there is the possibility that exploiting this vulnerability could lead to system crashes and remote code execution. | Vulnerability Guideline | ||
|
2023-02-28 21:15:11 | CVE-2023-1099 (lien direct) | A vulnerability was found in SourceCodester Online Student Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file eduauth/edit-class-detail.php?editid=1. The manipulation of the argument editideditid leads to sql injection. The attack may be launched remotely. VDB-222002 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-28 21:15:11 | CVE-2023-1100 (lien direct) | A vulnerability classified as critical has been found in SourceCodester Online Catering Reservation System 1.0. This affects an unknown part of the file /reservation/add_message.php of the component POST Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222003. | Vulnerability Guideline | ||
 |
2023-02-28 20:17:02 | Borderless SD-WAN: Ushering in the New Era of Borderless Enterprise (lien direct) | >Let's face it, your remote connectivity architecture isn't going to cut it for much longer. Maybe you struggle with providing uniform secure optimized access, or with a patchwork of multi-vendor policies, or with network blind spots across all remote users, devices, sites, and clouds. One or all of these issues can lead to a situation […] | Guideline | ★★ | |
|
2023-02-28 19:15:16 | CVE-2023-1017 (lien direct) | An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context. | Vulnerability Guideline | ||
|
2023-02-28 18:15:10 | CVE-2022-41727 (lien direct) | An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service. | Guideline | ||
|
2023-02-28 17:15:11 | CVE-2023-20946 (lien direct) | In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-244423101 | Guideline | ||
|
2023-02-28 17:15:11 | CVE-2023-20945 (lien direct) | In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-246932269 | Guideline | ||
|
2023-02-28 17:15:11 | CVE-2023-20948 (lien direct) | In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-230630526 | Guideline | ||
|
2023-02-28 17:15:10 | CVE-2023-20933 (lien direct) | In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-245860753 | Guideline | ||
|
2023-02-28 17:15:10 | CVE-2023-20934 (lien direct) | In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-258672042 | Guideline | ||
|
2023-02-28 17:15:10 | CVE-2023-20944 (lien direct) | In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-244154558 | Guideline | ||
|
2023-02-28 17:15:10 | CVE-2023-20932 (lien direct) | In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-248251018 | Guideline | ||
|
2023-02-28 17:15:10 | CVE-2023-20940 (lien direct) | In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256237041 | Guideline | ||
|
2023-02-28 17:15:10 | CVE-2022-20551 (lien direct) | In createTrack of AudioFlinger.cpp, there is a possible way to record audio without a privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243376549 | Guideline | ||
|
2023-02-28 17:15:10 | CVE-2023-20938 (lien direct) | In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257685302References: Upstream kernel | Guideline | ||
|
2023-02-28 17:15:10 | CVE-2023-20939 (lien direct) | In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243362981 | Guideline |
To see everything:
Our RSS (filtrered)
