05138803331

Faculty of Engineering, Ferdowsi University of Mashhad, Mashhad, Khorasan Razavi, Iran

- فارسی

Last Articles

High level vulnerability in cisco

فروردین ۷ , ۱۴۰۲

Read more←

CRITICAL level vulnerability inMicrosoft Outlook

فروردین ۷ , ۱۴۰۲

Read more←

CRITICAL level vulnerability in WordPress plugin

اسفند ۲۱ , ۱۴۰۱

Read more←

Categories

News (117)
- Security News (36)
- Technology News (81)
Uncategorized (1)

high level and critical vulnerability(10-13 December)

high level and critical vulnerability(10-13 December)

Description

Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

Base Score: 9.8 CRITICAL

https://github.com/herry-zhang/Python3-RESTfulAPI/commit/1c2081dca357685b3180b9baeb7e761e9a10ca99

_______________________________

Description

D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function.

Base Score: 9.8 CRITICAL

https://www.dlink.com/en/security-bulletin/

___________________________________

Description

A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0.

Base Score: 8.8 HIGH

https://lists.apache.org/thread/0rqvcxo6brmos9w3lzfsdn2lsmlblpw3

______________________________________

Description

Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Base Score: 8.8 HIGH

https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html

__________________________________

Description

Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)

Base Score: 8.8 HIGH

https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html

_________________________________________

Description

Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Base Score: 8.8 HIGH

https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html

_______________________________-

Description

Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Base Score: 8.8 HIGH

https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html

_______________________________

Description

Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Base Score: 8.8 HIGH

https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html

____________________________________-

Description

The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters input. This means that unauthenticated attackers can bypass the length restrictions and input more characters than allowed via the settings.

Base Score: 7.5 HIGH

https://www.wordfence.com/threat-intel/vulnerabilities/id/ac5549ec-f931-4b13-b5f9-0d6f3e53aae4

___________________________________-

Description

Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26804, CVE-2022-26805, CVE-2022-26806, CVE-2022-44692, CVE-2022-47211, CVE-2022-47212.

Base Score: 7.8 HIGH

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-47213

______________________________________

Description

Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26804, CVE-2022-26805, CVE-2022-26806, CVE-2022-44692, CVE-2022-47211, CVE-2022-47213.

Base Score: 7.8 HIGH

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-47212

___________________________________

Description

Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26804, CVE-2022-26805, CVE-2022-26806, CVE-2022-44692, CVE-2022-47212, CVE-2022-47213.

Base Score: 9.8 CRITICAL

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-47211

__________________________________

Description

Microsoft Outlook for Mac Spoofing Vulnerability.

Base Score: 7.5 HIGH

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44713

__________________________________-

Description

Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44694, CVE-2022-44695.

Base Score: 7.8 HIGH

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44696

_____________________________________-

Description

Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44694, CVE-2022-44696

Base Score: 7.8 HIGH

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44695

____________________________________-

Description

Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44690.

Base Score: 8.8 HIGH

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44693

_______________________________________

Description

Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44695, CVE-2022-44696.

Base Score: 7.8 HIGH

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44694

____________________________

Description

Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26804, CVE-2022-26805, CVE-2022-26806, CVE-2022-47211, CVE-2022-47212, CVE-2022-47213.

Base Score: 7.8 HIGH

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44692

___________________________________

Description

Microsoft Office OneNote Remote Code Execution Vulnerability.

Base Score: 7.8 HIGH

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44691

_____________________________________

Description

Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44693

Base Score: 8.8 HIGH

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44690

______________________________________-

Description

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.

Base Score: 8.3 HIGH

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44708

sourse:

https://nvd.nist.gov/vuln/detail/CVE-2021-3466

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3466

Security News

Apple fixes bug that let malicious apps skirt macOS’ security protections

Meta’s Tricky Quest to Protect Your Account

Leave a Reply Cancel reply

Related Articles

high level vulnerability in microsoft

CVE-2023-21792 Description 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21793. Base Score: 7.8 HIGH https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21792 ___________________________________________________ CVE-2023-21793 Description 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, […]

Category:

Security News

دی ۲۶ , ۱۴۰۱

Read more←

high level vulnerability in juniper

CVE-2023-22417 Description A Missing Release of Memory after Effective Lifetime vulnerability in the Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In an IPsec VPN environment, a memory leak will be seen if a DH or ECDH group is configured. Eventually the […]

Category:

Security News

دی ۲۶ , ۱۴۰۱

Read more←

CRITICAL level vulnerability inMicrosoft Outlook

CVE-2023-23397 Description:Microsoft Outlook Elevation of Privilege Vulnerability CNA: Microsoft CorporationBase Score: 9.8 CRITICAL Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397

Category:

Security News

فروردین ۷ , ۱۴۰۲

Read more←

Contact us

Address: Mashhad, Ferdowsi University of Mashhad, Faculty of Engineering, APA Specialized Center

Phone number: 05138803331

Working hours: 8 am to 4 pm

[email protected]

Links

© All rights reserved to APA Specialized Center of Ferdowsi University of Mashhad