Description
Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows
Base Score: 7.5 HIGH
https://www.wireshark.org/security/wnpa-sec-2022-08.html
____________________________
Description
In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented.
Base Score: 8.8 HIGH
https://www.jetbrains.com/privacy-security/issues-fixed/
____________________________
Description
In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.
Base Score: 7.8 HIGH
https://www.jetbrains.com/privacy-security/issues-fixed/
_____________________________________
Description
In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible.
Base Score: 7.8 HIGH
https://www.jetbrains.com/privacy-security/issues-fixed/
_____________________________
Description
TOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write.
Base Score: 7.4 HIGH
https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=12
________________________________
Description
Integer overflow vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write.
Base Score: 7.8 HIGH
https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=12
________________________________
Description
IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805.
Base Score: 8.8 HIGH
https://www.ibm.com/support/pages/node/6844453
______________________________
Description
External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input.
Base Score: 7.5 HIGH
https://wordpress.org/plugins/wordpress-popular-posts/
______________________________
Description
IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.
Base Score: 7.5 HIGH
https://www.ibm.com/support/pages/node/6844763
___________________________________
Description
An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
https://fortiguard.com/psirt/FG-IR-22-252
______________________________
Description
An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.
Base Score: 7.5 HIGH
https://fortiguard.com/psirt/FG-IR-21-170
_________________________________
Description
IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID: 239437.
Base Score: 7.8 HIGH
https://www.ibm.com/support/pages/node/6844771
sourse:
https://nvd.nist.gov/vuln/detail/CVE-2021-3466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3466
CVE-2023-21589 Description Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Base Score: 7.8 HIGH https://helpx.adobe.com/security/products/indesign/apsb23-07.html _____________________________________________________________________ CVE-2023-21588 […]
CVE-2022-42255 Description NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering. Base Score: 7.8 HIGH https://nvidia.custhelp.com/app/answers/detail/a_id/5415 ___________________________________________ CVE-2022-34676 Description NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, […]
CVE-2020-14349 Description It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication. Base Score: 7.1 […]
Leave a Reply