![]() ![]() This issue was addressed with improved checks. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. ![]() MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/food` endpoint and food parameter. The Avirato hotels online booking engine WordPress plugin through 5.0.5 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks. The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Sloth_logo_customizer_project - sloth_logo_customizer Users are recommended to update to version 2.4.0. A different vulnerability than CVE-2022-31943.Ĭross Site Request Forgery (CSRF) vulnerability in Fl圜ms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save.Īuthenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0. A remote user may be able to cause unexpected system termination or corrupt kernel memoryĬross Site Request Forgery (CSRF) vulnerability in Bluethrust Clan Scripts v4 allows attackers to escilate privledges to an arbitrary account via a crafted request to /members/console.php?cID=5.įile upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. The issue was addressed with improved memory handling. Yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0.Ĭode Injection in GitHub repository jsreport/jsreport prior to 3.11.3.Ī vulnerability has been identified in SCALANCE LPE9403 (All versions = 1.5.0, download link: Ģ. High Vulnerabilities PrimaryVendor - Product Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. Patch information is provided when available. This information may include identifying information, values, definitions, and related links. Low: vulnerabilities with a CVSS base score of 0.0–3.9Įntries may include additional information provided by organizations and efforts sponsored by CISA. Medium: vulnerabilities with a CVSS base score of 4.0–6.9 High: vulnerabilities with a CVSS base score of 7.0–10.0 The division of high, medium, and low severities correspond to the following scores: Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. ![]() In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |