Description
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266.
Base Score: 7.5 HIGH
https://www.ibm.com/support/pages/node/6841801
____________________
Description
IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180.
Base Score: 9.1 CRITICAL
https://www.ibm.com/support/pages/node/6841801
____________________________________
Description
The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.
Base Score: 7.5 HIGH
https://wpscan.com/vulnerability/b60a0d3d-148f-4e9b-baee-7332890804ed
____________________________________
Description
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP’s extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers.
Base Score: 9.8 CRITICAL
https://wpscan.com/vulnerability/6bb07ec1-f1aa-4f4b-9717-c92f651a90a7
___________________________________
Base Score: 7.5 HIGH
Description
The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP.
https://wpscan.com/vulnerability/fec68e6e-f612-43c8-8301-80f7ae3be665
____________________________________
Description
The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users
Base Score: 9.8 CRITICAL
https://wpscan.com/vulnerability/5c96bb40-4c2d-4e91-8339-e0ddce25912f
__________________________________
Description
IBM Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751.
Base Score: 7.8 HIGH
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260
___________________________________________________-
Description
IBM Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750.
Base Score: 7.8 HIGH
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151
____________________________________________________
Description
IBM Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file.
Base Score: 7.8 HIGH
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260
_________________________________
Description
IBM Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file.
Base Score: 7.8 HIGH
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151
______________________________
Description
IBM Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755.
Base Score: 7.8 HIGH
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100260
______________________________
Description
IBM Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44754.
Base Score: 7.8 HIGH
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102151
____________________
sourse:
https://nvd.nist.gov/vuln/detail/CVE-2021-3466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3466
CVE-2023-21803 Description Windows iSCSI Discovery Service Remote Code Execution Vulnerability Base Score: 9.8 CRITICAL https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21803 CVE-2023-21804 Description Windows Graphics Component Elevation of Privilege Vulnerability Base Score: 7.8 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21804 CVE-2023-21805 Description Windows MSHTML Platform Remote Code Execution Vulnerability Base Score: 7.8 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21805 CVE-2023-21806 Description Power BI Report Server Spoofing Vulnerability Base Score: 8.2 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21806 […]
CVE-2021-3120 Description An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context of the web server. In order to exploit this vulnerability, an attacker must be able to place a valid Gift […]
CVE-2023-21535 Description Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21548. Base Score: 8.1 HIGH https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21535 __________________________________ CVE-2023-21532 Description Windows GDI Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21552. Base Score: 7.0 HIGH https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21532 ___________________________________ CVE-2023-21531 Description Azure Service Fabric Container Elevation of Privilege Vulnerability. Base […]
Leave a Reply