Description
Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
Base Score: 9.8 CRITICAL
https://github.com/herry-zhang/Python3-RESTfulAPI/commit/1c2081dca357685b3180b9baeb7e761e9a10ca99
_______________________________
Description
D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function.
Base Score: 9.8 CRITICAL
https://www.dlink.com/en/security-bulletin/
___________________________________
Description
A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0.
Base Score: 8.8 HIGH
https://lists.apache.org/thread/0rqvcxo6brmos9w3lzfsdn2lsmlblpw3
______________________________________
Description
Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Base Score: 8.8 HIGH
https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html
__________________________________
Description
Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)
Base Score: 8.8 HIGH
https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html
_________________________________________
Description
Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Base Score: 8.8 HIGH
https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html
_______________________________-
Description
Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Base Score: 8.8 HIGH
https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html
_______________________________
Description
Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Base Score: 8.8 HIGH
https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html
____________________________________-
Description
The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters input. This means that unauthenticated attackers can bypass the length restrictions and input more characters than allowed via the settings.
Base Score: 7.5 HIGH
https://www.wordfence.com/threat-intel/vulnerabilities/id/ac5549ec-f931-4b13-b5f9-0d6f3e53aae4
___________________________________-
Description
Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26804, CVE-2022-26805, CVE-2022-26806, CVE-2022-44692, CVE-2022-47211, CVE-2022-47212.
Base Score: 7.8 HIGH
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-47213
______________________________________
Description
Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26804, CVE-2022-26805, CVE-2022-26806, CVE-2022-44692, CVE-2022-47211, CVE-2022-47213.
Base Score: 7.8 HIGH
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-47212
___________________________________
Description
Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26804, CVE-2022-26805, CVE-2022-26806, CVE-2022-44692, CVE-2022-47212, CVE-2022-47213.
Base Score: 9.8 CRITICAL
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-47211
__________________________________
Description
Microsoft Outlook for Mac Spoofing Vulnerability.
Base Score: 7.5 HIGH
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44713
__________________________________-
Description
Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44694, CVE-2022-44695.
Base Score: 7.8 HIGH
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44696
_____________________________________-
Description
Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44694, CVE-2022-44696
Base Score: 7.8 HIGH
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44695
____________________________________-
Description
Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44690.
Base Score: 8.8 HIGH
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44693
_______________________________________
Description
Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44695, CVE-2022-44696.
Base Score: 7.8 HIGH
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44694
____________________________
Description
Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26804, CVE-2022-26805, CVE-2022-26806, CVE-2022-47211, CVE-2022-47212, CVE-2022-47213.
Base Score: 7.8 HIGH
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44692
___________________________________
Description
Microsoft Office OneNote Remote Code Execution Vulnerability.
Base Score: 7.8 HIGH
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44691
_____________________________________
Description
Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44693
Base Score: 8.8 HIGH
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44690
______________________________________-
Description
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.
Base Score: 8.3 HIGH
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44708
sourse:
https://nvd.nist.gov/vuln/detail/CVE-2021-3466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3466
CVE-2022-25992 Description Insecure inherited permissions in the Intel(R) oneAPI Toolkits oneapi-cli before version 0.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Base Score: 7.5 HIGH http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html ____________________ CVE-2022-26343 Description Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation […]
CVE-2019-25044 Description The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue. Base Score: 7.8 HIGH https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2
CVE-2023-21819 Description Windows Secure Channel Denial of Service Vulnerability Base Score: 7.5 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21819 CVE-2023-21820 Description Windows Distributed File System (DFS) Remote Code Execution Vulnerability Base Score: 7.4 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21820 CVE-2023-21822 Description Windows Graphics Component Elevation of Privilege Vulnerability Base Score: 7.8 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21822 CVE-2023-23374 Description Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Base Score: 8.3 […]
Leave a Reply