Description
Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows
Base Score: 7.5 HIGH
https://www.wireshark.org/security/wnpa-sec-2022-08.html
____________________________
Description
In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented.
Base Score: 8.8 HIGH
https://www.jetbrains.com/privacy-security/issues-fixed/
____________________________
Description
In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.
Base Score: 7.8 HIGH
https://www.jetbrains.com/privacy-security/issues-fixed/
_____________________________________
Description
In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible.
Base Score: 7.8 HIGH
https://www.jetbrains.com/privacy-security/issues-fixed/
_____________________________
Description
TOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write.
Base Score: 7.4 HIGH
https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=12
________________________________
Description
Integer overflow vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write.
Base Score: 7.8 HIGH
https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=12
________________________________
Description
IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805.
Base Score: 8.8 HIGH
https://www.ibm.com/support/pages/node/6844453
______________________________
Description
External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input.
Base Score: 7.5 HIGH
https://wordpress.org/plugins/wordpress-popular-posts/
______________________________
Description
IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.
Base Score: 7.5 HIGH
https://www.ibm.com/support/pages/node/6844763
___________________________________
Description
An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
https://fortiguard.com/psirt/FG-IR-22-252
______________________________
Description
An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.
Base Score: 7.5 HIGH
https://fortiguard.com/psirt/FG-IR-21-170
_________________________________
Description
IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID: 239437.
Base Score: 7.8 HIGH
https://www.ibm.com/support/pages/node/6844771
sourse:
https://nvd.nist.gov/vuln/detail/CVE-2021-3466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3466
CVE-2022-47986 Description IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was […]
CVE-2022-25992 Description Insecure inherited permissions in the Intel(R) oneAPI Toolkits oneapi-cli before version 0.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Base Score: 7.5 HIGH http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html ____________________ CVE-2022-26343 Description Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation […]
CVE-2023-21801 Description Microsoft PostScript Printer Driver Remote Code Execution Vulnerability Base Score: 7.8 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21801 CVE-2023-21777 Description Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability Base Score: 8.7 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21777 CVE-2023-21718 Description Microsoft SQL ODBC Driver Remote Code Execution Vulnerability Base Score: 7.8 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21718 CVE-2023-21707 Description Microsoft Exchange Server Remote […]
Leave a Reply