Faculty of Engineering, Ferdowsi University of Mashhad, Mashhad, Khorasan Razavi, Iran

0

سبد خرید

high level and critical vulnerability (part 1)(16-19 December )

high level and critical vulnerability (part 1)(16-19 December )

CVE-2022-43883

Description  

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266.

Base Score: 7.5 HIGH

https://www.ibm.com/support/pages/node/6841801

____________________

CVE-2022-38708

Description

IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180.

Base Score: 9.1 CRITICAL

https://www.ibm.com/support/pages/node/6841801

____________________________________

CVE-2022-4106

Description

The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.

Base Score: 7.5 HIGH

https://wpscan.com/vulnerability/b60a0d3d-148f-4e9b-baee-7332890804ed

____________________________________

CVE-2022-4063

Description

The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP’s extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers.

Base Score: 9.8 CRITICAL

https://wpscan.com/vulnerability/6bb07ec1-f1aa-4f4b-9717-c92f651a90a7

___________________________________

CVE-2022-4061

Base Score: 7.5 HIGH

Description

The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP.

https://wpscan.com/vulnerability/fec68e6e-f612-43c8-8301-80f7ae3be665

____________________________________

CVE-2022-4050

Description

The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users

Base Score: 9.8 CRITICAL

https://wpscan.com/vulnerability/5c96bb40-4c2d-4e91-8339-e0ddce25912f

__________________________________

CVE-2022-44755

Description

IBM Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751.

Base Score: 7.8 HIGH

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260

___________________________________________________-

CVE-2022-44754

Description

IBM Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750.

Base Score: 7.8 HIGH

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151

____________________________________________________

CVE-2022-44753

Description

IBM Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file.

Base Score: 7.8 HIGH

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260

_________________________________

CVE-2022-44752

Description

IBM Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file.

Base Score: 7.8 HIGH

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151

______________________________

CVE-2022-44751

Description

IBM Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755.

Base Score: 7.8 HIGH

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260

______________________________

CVE-2022-44750

Description

IBM Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44754.

Base Score: 7.8 HIGH

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151

____________________

sourse:

https://nvd.nist.gov/vuln/detail/CVE-2021-3466

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3466

 

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

© All rights reserved to APA Specialized Center of Ferdowsi University of Mashhad