Summary: Product Shopware Vendor Shopware AG Severity High - Users with login access to Shopware Admin panel may be able to obtain remote code/command execution Affected Versions v6.4.18.1 <= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4 (Commit facfc88) Tested Versions v6.4.20.0 (Latest stable version), v6.5.0.0-rc3 (Latest pre-release version) CVE Identifier CVE-2023-2017 CVE Description Server-side Template Injection (SSTI) in Shopware 6 (<= v6....

Summary Product Microsoft DirectMusic Vendor Microsoft Severity High Affected Versions Microsoft DirectMusic Core Services DLL (dmusic.dll) version 10.0.22000.1 Tested Versions Microsoft DirectMusic Core Services DLL (dmusic.dll) version 10.0.22000.1 CVE Identifier CVE-2022-44667 CVSS3.1 Scoring System Base Score: 7.8 (High) Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Metric Value Attack Vector (AV) Local Attack Complexity (AC) Low Privileges Required (PR) None User Interaction (UI) Required Scope (S) Unchanged Confidentiality (C) High Integrity (I) High Availability (A) High Product Overview Microsoft DirectMusic Core Services DLL is a dynamic link library (DLL) that is part of the DirectMusic component of the DirectX multimedia API for Windows operating systems....

Summary Product Microsoft DirectMusic Vendor Microsoft Severity High Affected Versions Microsoft DirectMusic Core Services DLL (dmusic.dll) version 10.0.22000.1 Tested Versions Microsoft DirectMusic Core Services DLL (dmusic.dll) version 10.0.22000.1 CVE Identifier CVE-2022-44668 CVSS3.1 Scoring System Base Score: 7.8 (High) Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Metric Value Attack Vector (AV) Local Attack Complexity (AC) Low Privileges Required (PR) None User Interaction (UI) Required Scope (S) Unchanged Confidentiality (C) High Integrity (I) High Availability (A) High Product Overview Microsoft DirectMusic Core Services DLL is a dynamic link library (DLL) that is part of the DirectMusic component of the DirectX multimedia API for Windows operating systems....

Summary: Product Asus System Control Interface Vendor Asus Severity High - Adversaries may exploit this software vulnerability to set weak file permissions, leading to local privilege escalation. Affected Versions MyASUS: 3.1.5.0 ASUS System Control Interface: 3.1.4.0 File Version: 1.0.9.0 (AsusSwitch.exe) Tested Versions MyASUS: 3.1.5.0 ASUS System Control Interface: 3.1.4.0 File Version: 1.0.9.0 (AsusSwitch.exe) CVE Identifier CVE-2022-26438 CWE CWE-276 - Incorrect Default Permissions CVSS3....

Summary: Product Asus System Control Interface Vendor Asus Severity Medium - Adversaries may exploit this software vulnerability to set weak file permissions, leading to local privilege escalation. Affected Versions MyASUS: 3.1.5.0ASUS System Control Interface: 3.1.4.0File Version: 1.0.52.0 (AsusSoftwareManager.exe)1.0.44.0 (AsusLiveUpdate.dll) Tested Versions MyASUS: 3.1.5.0ASUS System Control Interface: 3.1.4.0File Version: 1.0.52.0 (AsusSoftwareManager.exe)1.0.44.0 (AsusLiveUpdate.dll) CVE Identifier CVE-2022-26439 CWE CVSS3....

CVE: CVE-2021-4206 Tested Versions: QEMU < v6.0.0 Product URL(s): https://www.qemu.org/ Description of the vulnerability Technical Details QXL, the QEMU QXL video accelerator, is a para-virtualized framebuffer device for the SPICE protocol. It is the default video device when we create a VM from virt-manager. It exposes the RAMs and I/O ports to let guest communicate with it. 00:01.0 VGA compatible controller: Red Hat, Inc. QXL paravirtual graphic card (rev 04) (prog-if 00 [VGA controller]) Subsystem: Red Hat, Inc....

CVE: CVE-2021-4207 Tested Versions: QEMU < v6.0.0 Product URL(s): https://www.qemu.org/ Description of the vulnerability Technical Details QXL, the QEMU QXL video accelerator, is a para-virtualized framebuffer device for the SPICE protocol. It is the default video device when we create a VM from virt-manager. It exposes the RAMs and I/O ports to let guest communicate with it. 00:01.0 VGA compatible controller: Red Hat, Inc. QXL paravirtual graphic card (rev 04) (prog-if 00 [VGA controller]) Subsystem: Red Hat, Inc....