This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A remote attacker may be able to cause unexpected app termination or arbitrary code executionĪ use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.Ī use-after-free issue was addressed with improved memory management. The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This was partially patched in version 7.6.4 and fully patched in version 7.6.5. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF. Product: Android Versions: Android kernel Android ID: A-250100597References: N/A User interaction is not needed for exploitation. This could lead to remote code execution with no additional execution privileges needed. In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write due to a heap buffer overflow. A remote user may cause an unexpected app termination or arbitrary code execution This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A use after free issue was addressed with improved memory management.
0 kommentar(er)
