Description
Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain conditions. This issue affects Apache Traffic Server: from 8.0.0 through 9.1.3.
Base Score: 7.5 HIGH
https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02
________________________
Description
In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent.
Base Score: 7.8 HIGH
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102049
__________________________________
Description
PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3.
Base Score: 9.8 CRITICAL
https://huntr.dev/bounties/3dab0466-c35d-4163-b3c7-a8666e2f7d95
_____________________________
Description
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames.
Base Score: 7.8 HIGH
https://lore.kernel.org/r/20221123153543.8568-4-philipturnbull@github.com
____________________________________
Description
An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet.
Base Score: 7.1 HIGH
https://lore.kernel.org/r/20221123153543.8568-2-philipturnbull@github.com
______________________________
Description
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames.
Base Score: 7.8 HIGH
https://lore.kernel.org/r/20221123153543.8568-3-philipturnbull@github.com
_______________________________________-
Description
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames.
Base Score: 7.8 HIGH
https://lore.kernel.org/r/20221123153543.8568-5-philipturnbull@github.com
_______________________________
Description
vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.
Base Score: 7.2 HIGH
https://www.vmware.com/security/advisories/VMSA-2022-0034.html
__________________________________________
sourse:
https://nvd.nist.gov/vuln/detail/CVE-2021-3466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3466
CVE-2020-7346 Description Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker’s choosing. This requires the creation and removal of junctions by the attacker along with sending a specific IOTL […]
CVE-2021-24581 Description The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its “Logo Title” setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack. Base […]
CVE-2023-23560 Description In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation. Base Score: Critical https://support.lexmark.com/alerts/ ___________________________________ CVE-2016-9244 Description A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may […]
Leave a Reply