CVE CyberSecurity Database News

Dec 30, 2022 Windows Microsoft

CVE-2022-34671 An NVIDIA GPU Display Driver has a user mode vulnerability where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, denial of service, or escalated privileges.

This issue is due to a memory corruption vulnerability in the graphics driver. An attacker can inject malicious code into a privileged process, run a

Dec 26, 2022

CVE-2022-41767 An issue was found in MediaWiki before 1.35.8, 1.36.x, 1.37.x, and 1.38.x before 1.38.3.

This results in the editing history of the IP address being displayed in the article. This issue has been addressed by reassigning the edits to

Dec 26, 2022

CVE-2021-44856 An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1

This allows for bypassing the blacklist and allowing the blocked title to be edited via Special:ChangeContentModel . Therefore it is recommended to upgrade to the

Dec 26, 2022

CVE-2021-38561 The index calculation of golang.org/x/text before 0.3.7 is mishandled, causing an out-of-bounds read in BCP 47 tag parsing.

For more information, see the fixes for golang.org/issue/11641 and golang.org/issue/16111. You are likely to be at risk if you:

Dec 26, 2022 PHP

CVE-2021-44855 An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1

A user with the ability to upload images can post a link to a malicious image hosted outside of MediaWiki, where JavaScript is injected into