Description
The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.
Base Score: 7.2 HIGH
https://wpscan.com/vulnerability/ffff8c83-0a59-450a-9b40-c7f3af7205fc
__________________________________
Description
The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
Base Score: 8.8 HIGH
https://wpscan.com/vulnerability/ec4b9bf7-71d6-4528-9dd1-cc7779624760
________________________________
Description
The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import (intentionally or not) a malicious settings file and a suitable gadget chain is present on the blog.
Base Score: 8.8 HIGH
https://wpscan.com/vulnerability/55772932-eebd-475b-b5df-e80fab288ee5
___________________________________
Description
The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
Base Score: 7.2 HIGH
https://wpscan.com/vulnerability/f927dbe0-3939-4882-a469-1309ac737ee6
CVE-2023-21803 Description Windows iSCSI Discovery Service Remote Code Execution Vulnerability Base Score: 9.8 CRITICAL https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21803 CVE-2023-21804 Description Windows Graphics Component Elevation of Privilege Vulnerability Base Score: 7.8 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21804 CVE-2023-21805 Description Windows MSHTML Platform Remote Code Execution Vulnerability Base Score: 7.8 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21805 CVE-2023-21806 Description Power BI Report Server Spoofing Vulnerability Base Score: 8.2 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21806 […]
CVE-2022-4337 Description An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. Base Score: 9.8 CRITICAL https://www.openwall.com/lists/oss-security/2022/12/21/4 ______________________________ CVE-2022-4338 Description An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. Base Score: 9.8 CRITICAL https://www.openwall.com/lists/oss-security/2022/12/21/4 _______________________________ CVE-2022-3715 Description A flaw was found in the bash package, where a heap-buffer […]
CVE-2019-25044 Description The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue. Base Score: 7.8 HIGH https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2
Leave a Reply