Description
Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows
Base Score: 7.5 HIGH
https://www.wireshark.org/security/wnpa-sec-2022-08.html
____________________________
Description
In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented.
Base Score: 8.8 HIGH
https://www.jetbrains.com/privacy-security/issues-fixed/
____________________________
Description
In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.
Base Score: 7.8 HIGH
https://www.jetbrains.com/privacy-security/issues-fixed/
_____________________________________
Description
In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible.
Base Score: 7.8 HIGH
https://www.jetbrains.com/privacy-security/issues-fixed/
_____________________________
Description
TOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write.
Base Score: 7.4 HIGH
https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=12
________________________________
Description
Integer overflow vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write.
Base Score: 7.8 HIGH
https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=12
________________________________
Description
IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805.
Base Score: 8.8 HIGH
https://www.ibm.com/support/pages/node/6844453
______________________________
Description
External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input.
Base Score: 7.5 HIGH
https://wordpress.org/plugins/wordpress-popular-posts/
______________________________
Description
IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.
Base Score: 7.5 HIGH
https://www.ibm.com/support/pages/node/6844763
___________________________________
Description
An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
https://fortiguard.com/psirt/FG-IR-22-252
______________________________
Description
An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.
Base Score: 7.5 HIGH
https://fortiguard.com/psirt/FG-IR-21-170
_________________________________
Description
IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID: 239437.
Base Score: 7.8 HIGH
https://www.ibm.com/support/pages/node/6844771
sourse:
https://nvd.nist.gov/vuln/detail/CVE-2021-3466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3466
CVE-2023-21803 Description Windows iSCSI Discovery Service Remote Code Execution Vulnerability Base Score: 9.8 CRITICAL https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21803 CVE-2023-21804 Description Windows Graphics Component Elevation of Privilege Vulnerability Base Score: 7.8 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21804 CVE-2023-21805 Description Windows MSHTML Platform Remote Code Execution Vulnerability Base Score: 7.8 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21805 CVE-2023-21806 Description Power BI Report Server Spoofing Vulnerability Base Score: 8.2 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21806 […]
CVE-2023-21792 Description 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21793. Base Score: 7.8 HIGH https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21792 ___________________________________________________ CVE-2023-21793 Description 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, […]
CVE-2022-43883 Description IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266. Base Score: 7.5 HIGH https://www.ibm.com/support/pages/node/6841801 ____________________ CVE-2022-38708 Description IBM Cognos Analytics […]
Leave a Reply