Description
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266.
Base Score: 7.5 HIGH
https://www.ibm.com/support/pages/node/6841801
____________________
Description
IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180.
Base Score: 9.1 CRITICAL
https://www.ibm.com/support/pages/node/6841801
____________________________________
Description
The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.
Base Score: 7.5 HIGH
https://wpscan.com/vulnerability/b60a0d3d-148f-4e9b-baee-7332890804ed
____________________________________
Description
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP’s extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers.
Base Score: 9.8 CRITICAL
https://wpscan.com/vulnerability/6bb07ec1-f1aa-4f4b-9717-c92f651a90a7
___________________________________
Base Score: 7.5 HIGH
Description
The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP.
https://wpscan.com/vulnerability/fec68e6e-f612-43c8-8301-80f7ae3be665
____________________________________
Description
The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users
Base Score: 9.8 CRITICAL
https://wpscan.com/vulnerability/5c96bb40-4c2d-4e91-8339-e0ddce25912f
__________________________________
Description
IBM Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751.
Base Score: 7.8 HIGH
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260
___________________________________________________-
Description
IBM Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750.
Base Score: 7.8 HIGH
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151
____________________________________________________
Description
IBM Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file.
Base Score: 7.8 HIGH
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260
_________________________________
Description
IBM Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file.
Base Score: 7.8 HIGH
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151
______________________________
Description
IBM Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755.
Base Score: 7.8 HIGH
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260
______________________________
Description
IBM Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44754.
Base Score: 7.8 HIGH
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151
____________________
sourse:
https://nvd.nist.gov/vuln/detail/CVE-2021-3466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3466
CVE-2020-14349 Description It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication. Base Score: 7.1 […]
CVE-2022-46328 Description Some smartphones have the input validation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. Base Score: 7.5 HIGH https://consumer.huawei.com/en/support/bulletin/2022/12/ ______________________________ CVE-2022-46327 Description Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions. Base Score: 9.8 CRITICAL https://consumer.huawei.com/en/support/bulletin/2022/12/ _____________________________ CVE-2022-46326 Description Some smartphones have […]
CVE-2023-21535 Description Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21548. Base Score: 8.1 HIGH https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21535 __________________________________ CVE-2023-21532 Description Windows GDI Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21552. Base Score: 7.0 HIGH https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21532 ___________________________________ CVE-2023-21531 Description Azure Service Fabric Container Elevation of Privilege Vulnerability. Base […]
Leave a Reply