Description
Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows
Base Score: 7.5 HIGH
https://www.wireshark.org/security/wnpa-sec-2022-08.html
____________________________
Description
In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented.
Base Score: 8.8 HIGH
https://www.jetbrains.com/privacy-security/issues-fixed/
____________________________
Description
In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.
Base Score: 7.8 HIGH
https://www.jetbrains.com/privacy-security/issues-fixed/
_____________________________________
Description
In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible.
Base Score: 7.8 HIGH
https://www.jetbrains.com/privacy-security/issues-fixed/
_____________________________
Description
TOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write.
Base Score: 7.4 HIGH
https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=12
________________________________
Description
Integer overflow vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write.
Base Score: 7.8 HIGH
https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=12
________________________________
Description
IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805.
Base Score: 8.8 HIGH
https://www.ibm.com/support/pages/node/6844453
______________________________
Description
External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input.
Base Score: 7.5 HIGH
https://wordpress.org/plugins/wordpress-popular-posts/
______________________________
Description
IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.
Base Score: 7.5 HIGH
https://www.ibm.com/support/pages/node/6844763
___________________________________
Description
An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
https://fortiguard.com/psirt/FG-IR-22-252
______________________________
Description
An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.
Base Score: 7.5 HIGH
https://fortiguard.com/psirt/FG-IR-21-170
_________________________________
Description
IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID: 239437.
Base Score: 7.8 HIGH
https://www.ibm.com/support/pages/node/6844771
sourse:
https://nvd.nist.gov/vuln/detail/CVE-2021-3466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3466
CVE-2022-2536 Description The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient validation of settings on the ‘tp_translation’ AJAX action which makes it possible for unauthenticated attackers to bypass any restrictions and influence the data shown on […]
CVE-2013-0880 Description Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to databases. Base Score: 7.5 HIGH http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html
CVE-2023-21597 Description Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Base Score: 7.8 HIGH https://helpx.adobe.com/security/products/incopy/apsb23-08.html ____________________________________ CVE-2023-21596 Description […]
Leave a Reply