Description
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient validation of settings on the ‘tp_translation’ AJAX action which makes it possible for unauthenticated attackers to bypass any restrictions and influence the data shown on the site. Please note this is a separate issue from CVE-2022-2461. Notes from the researcher: When installed Transposh comes with a set of pre-configured options, one of these is the “Who can translate” setting under the “Settings” tab. However, this option is largely ignored, if Transposh has enabled its “autotranslate” feature (it’s enabled by default) and the HTTP POST parameter “sr0” is larger than 0. This is caused by a faulty validation in “wp/transposh_db.php.”
Base Score: 7.5 HIGH
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-2536
____________________________________________
Description
vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication.
Base Score: 9.8 CRITICAL
https://www.vmware.com/security/advisories/VMSA-2022-0031.html
_______________________________________
Description
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.
Base Score: 7.2 HIGH
https://www.vmware.com/security/advisories/VMSA-2022-0032.html
_____________________________________________
Description
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
Base Score: 8.2 HIGH
https://www.vmware.com/security/advisories/VMSA-2022-0033.html
____________________________________________
Description
vRealize Network Insight (vRNI) directory traversal vulnerability in vRNI REST API. A malicious actor with network access to the vRNI REST API can read arbitrary files from the server.
Base Score: 7.5 HIGH
https://www.vmware.com/security/advisories/VMSA-2022-0031.html
___________________________________________
Description
Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
Base Score: 9.8 CRITICAL
https://github.com/herry-zhang/Python3-RESTfulAPI/_
_______________________________________
Description
D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function.
Base Score: 9.8 CRITICAL
https://www.dlink.com/en/security-bulletin/
__________________________________________-
Description
A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0.
Base Score: 8.8 HIGH
https://lists.apache.org/thread/0rqvcxo6brmos9w3lzfsdn2lsmlblpw3
_____________________________________
Description
Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Base Score: 8.8 HIGH
https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html
________________________
sourse:
https://nvd.nist.gov/vuln/detail/CVE-2021-3466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3466
CVE-2013-0880 Description Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to databases. Base Score: 7.5 HIGH http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html
CVE-2023-23381 Description Visual Studio Remote Code Execution Vulnerability Base Score: 8.4 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23381 CVE-2023-21823 Description Windows Graphics Component Remote Code Execution Vulnerability Base Score: 7.8 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21823 CVE-2023-21815 Description Visual Studio Remote Code Execution Vulnerability Base Score: 8.4 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21815 CVE-2023-21808 Description .NET and Visual Studio Remote Code Execution Vulnerability Base Score: 7.8 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808 ______________________________________________________ […]
CVE-2023-21597 Description Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Base Score: 7.8 HIGH https://helpx.adobe.com/security/products/incopy/apsb23-08.html ____________________________________ CVE-2023-21596 Description […]
Leave a Reply