Description
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266.
Base Score: 7.5 HIGH
https://www.ibm.com/support/pages/node/6841801
____________________
Description
IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180.
Base Score: 9.1 CRITICAL
https://www.ibm.com/support/pages/node/6841801
____________________________________
Description
The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.
Base Score: 7.5 HIGH
https://wpscan.com/vulnerability/b60a0d3d-148f-4e9b-baee-7332890804ed
____________________________________
Description
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP’s extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers.
Base Score: 9.8 CRITICAL
https://wpscan.com/vulnerability/6bb07ec1-f1aa-4f4b-9717-c92f651a90a7
___________________________________
Base Score: 7.5 HIGH
Description
The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP.
https://wpscan.com/vulnerability/fec68e6e-f612-43c8-8301-80f7ae3be665
____________________________________
Description
The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users
Base Score: 9.8 CRITICAL
https://wpscan.com/vulnerability/5c96bb40-4c2d-4e91-8339-e0ddce25912f
__________________________________
Description
IBM Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751.
Base Score: 7.8 HIGH
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260
___________________________________________________-
Description
IBM Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750.
Base Score: 7.8 HIGH
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151
____________________________________________________
Description
IBM Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file.
Base Score: 7.8 HIGH
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260
_________________________________
Description
IBM Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file.
Base Score: 7.8 HIGH
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151
______________________________
Description
IBM Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755.
Base Score: 7.8 HIGH
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260
______________________________
Description
IBM Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44754.
Base Score: 7.8 HIGH
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151
____________________
sourse:
https://nvd.nist.gov/vuln/detail/CVE-2021-3466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3466
CVE-2022-46328 Description Some smartphones have the input validation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. Base Score: 7.5 HIGH https://consumer.huawei.com/en/support/bulletin/2022/12/ ______________________________ CVE-2022-46327 Description Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions. Base Score: 9.8 CRITICAL https://consumer.huawei.com/en/support/bulletin/2022/12/ _____________________________ CVE-2022-46326 Description Some smartphones have […]
CVE-2023-23560 Description In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation. Base Score: Critical https://support.lexmark.com/alerts/ ___________________________________ CVE-2016-9244 Description A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may […]
CVE-2019-25044 Description The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue. Base Score: 7.8 HIGH https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2
Leave a Reply