Description
Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows
Base Score: 7.5 HIGH
https://www.wireshark.org/security/wnpa-sec-2022-08.html
____________________________
Description
In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented.
Base Score: 8.8 HIGH
https://www.jetbrains.com/privacy-security/issues-fixed/
____________________________
Description
In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.
Base Score: 7.8 HIGH
https://www.jetbrains.com/privacy-security/issues-fixed/
_____________________________________
Description
In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible.
Base Score: 7.8 HIGH
https://www.jetbrains.com/privacy-security/issues-fixed/
_____________________________
Description
TOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write.
Base Score: 7.4 HIGH
https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=12
________________________________
Description
Integer overflow vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write.
Base Score: 7.8 HIGH
https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=12
________________________________
Description
IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805.
Base Score: 8.8 HIGH
https://www.ibm.com/support/pages/node/6844453
______________________________
Description
External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input.
Base Score: 7.5 HIGH
https://wordpress.org/plugins/wordpress-popular-posts/
______________________________
Description
IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.
Base Score: 7.5 HIGH
https://www.ibm.com/support/pages/node/6844763
___________________________________
Description
An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
https://fortiguard.com/psirt/FG-IR-22-252
______________________________
Description
An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.
Base Score: 7.5 HIGH
https://fortiguard.com/psirt/FG-IR-21-170
_________________________________
Description
IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID: 239437.
Base Score: 7.8 HIGH
https://www.ibm.com/support/pages/node/6844771
sourse:
https://nvd.nist.gov/vuln/detail/CVE-2021-3466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3466
CVE-2023-20025 Description A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device. This vulnerability is due to incorrect user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending crafted requests to the web-based […]
CVE-2023-21792 Description 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21793. Base Score: 7.8 HIGH https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21792 ___________________________________________________ CVE-2023-21793 Description 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, […]
CVE-2019-17621 Description The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. Base Score: 9.8 CRITICAL https://www.dlink.com/en/security-bulletin
Leave a Reply