Faculty of Engineering, Ferdowsi University of Mashhad, Mashhad, Khorasan Razavi, Iran

0

سبد خرید

Latest Articles

Categories

article

high level vulnerability in dlink

CVE-2019-17621 Description The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. Base Score: 9.8 CRITICAL https://www.dlink.com/en/security-bulletin

article

high level vulnerability in Linux

CVE-2022-2196 Description A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn’t need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code […]

article

high level vulnerability in wordpress

CVE-2022-4043 Description The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. Base Score: 7.2 HIGH https://wpscan.com/vulnerability/ffff8c83-0a59-450a-9b40-c7f3af7205fc __________________________________ CVE-2022-3679 Description The Starter Templates by Kadence WP WordPress plugin before 1.2.17 […]

article

high level vulnerability in chrome

CVE-2023-0138 Description Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) Base Score: 8.8 HIGH https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html _____________________________ CVE-2023-0136 Description Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote […]

article

high level vulnerability in microsoft

CVE-2023-21792 Description 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21793. Base Score: 7.8 HIGH https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21792 ___________________________________________________ CVE-2023-21793 Description 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, […]

article

high level vulnerability in Red hat

CVE-2022-4337 Description An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. Base Score: 9.8 CRITICAL https://www.openwall.com/lists/oss-security/2022/12/21/4 ______________________________ CVE-2022-4338 Description An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. Base Score: 9.8 CRITICAL https://www.openwall.com/lists/oss-security/2022/12/21/4 _______________________________ CVE-2022-3715 Description A flaw was found in the bash package, where a heap-buffer […]

article

high level vulnerability in juniper

CVE-2023-22417 Description A Missing Release of Memory after Effective Lifetime vulnerability in the Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In an IPsec VPN environment, a memory leak will be seen if a DH or ECDH group is configured. Eventually the […]

article

high level vulnerability in Adobe

CVE-2023-21597 Description Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Base Score: 7.8 HIGH https://helpx.adobe.com/security/products/incopy/apsb23-08.html ____________________________________ CVE-2023-21596 Description […]

article

high level vulnerability in Microsoft

CVE-2023-21535 Description Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21548. Base Score: 8.1 HIGH https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21535 __________________________________ CVE-2023-21532 Description Windows GDI Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21552. Base Score: 7.0 HIGH https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21532 ___________________________________ CVE-2023-21531 Description Azure Service Fabric Container Elevation of Privilege Vulnerability. Base […]

article

high level vulnerability in Linux

CVE-2022-42255 Description NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering. Base Score: 7.8 HIGH https://nvidia.custhelp.com/app/answers/detail/a_id/5415 ___________________________________________ CVE-2022-34676 Description NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, […]

© All rights reserved to APA Specialized Center of Ferdowsi University of Mashhad