Daily Vulnerability Trends: Sun Jan 08 2023

trend 7
Daily Vulnerability Trends (sourced from VulnMon)
CVE NAMECVE Description
CVE-2020-28362Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
CVE-2022-43931Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2022-41082Microsoft Exchange Server Remote Code Execution Vulnerability.
CVE-2022-37958SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability.
CVE-2021-25682It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.
CVE-2022-46689A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.
CVE-2022-3515 No description provided
CVE-2022-39947A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiADC version 7.0.0 through 7.0.2, FortiADC version 6.2.0 through 6.2.3, FortiADC version version 6.1.0 through 6.1.6, FortiADC version 6.0.0 through 6.0.4, FortiADC version 5.4.0 through 5.4.5 may allow an attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
CVE-2022-23087 No description provided
CVE-2022-33942Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2023-22278 No description provided
CVE-2022-41076PowerShell Remote Code Execution Vulnerability.
CVE-2022-41080Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41123.
CVE-2022-20186In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-215001024References: N/A
CVE-2022-25026 No description provided


Copyright © All rights reserved. | CoverNews by AF themes.