In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.ĭ-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.3.146. Bitdefender Antivirus Plus versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45.
This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. As a result, unauthenticated attackers could perform SQL injection attacks The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. Patch information is provided when available. This information may include identifying information, values, definitions, and related links.
Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.
0 kommentar(er)
