Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2022-21972: Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

Microsoft Security Response Center
Open in Source
#vulnerability#web#rce#Windows Point-to-Point Tunneling Protocol#Security Vulnerability
CVE-2022-23270: Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-29972: Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver

**Is the CVSS vector different as it relates to the Microsoft services that the vulnerability affects?** The vulnerability in the Redshift driver referenced in the CVE impacts Microsoft services listed in the affected software table. The environmental score as it relates to affected Microsoft services can be different than the score assigned by the owner of the CVE. The base environmental score that Micrososft has assigned is 8.2. Environmental Vector Element Value Comment Modified Attack Vector Network Modified Attack Complexity Low Modified Privileges Required High Modified User Interaction None Modified Scope Changed The vulnerability in the redshift driver impacts the services listed in the affected software. Modified Confidentiality High Modified Integrity High Modified Availability High **Are there any special roles that enable exploitation of this vulnerability?** Exploiting this vulnerability requires an attacker to have at least one of the following role...

CVE-2022-1501: Chromium: CVE-2022-1501 Inappropriate implementation in iframe

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 101.0.1210.32 4/28/2022 101.0.4951.41

CVE-2022-1500: Chromium: CVE-2022-1500 Insufficient data validation in Dev Tools

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 101.0.1210.32 4/28/2022 101.0.4951.41

CVE-2022-1499: Chromium: CVE-2022-1499 Inappropriate implementation in WebAuthentication

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 101.0.1210.32 4/28/2022 101.0.4951.41

CVE-2022-1498: Chromium: CVE-2022-1498 Inappropriate implementation in HTML Parser

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 101.0.1210.32 4/28/2022 101.0.4951.41

CVE-2022-1497: Chromium: CVE-2022-1497 Inappropriate implementation in Input

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 101.0.1210.32 4/28/2022 101.0.4951.41

CVE-2022-1495: Chromium: CVE-2022-1495 Incorrect security UI in Downloads

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 101.0.1210.32 4/28/2022 101.0.4951.41

CVE-2022-1494: Chromium: CVE-2022-1494 Insufficient data validation in Trusted Types

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 101.0.1210.32 4/28/2022 101.0.4951.41