Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2022-38012

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.

CVE
#vulnerability#microsoft#rce#chrome
Microsoft Patch Tuesday for September 2022 — Snort rules and prominent vulnerabilities

By Jon Munshaw and Asheer Malhotra.  Microsoft released its monthly security update Tuesday, disclosing 64 vulnerabilities across the company’s hardware and software line, a sharp decline from the record number of issues Microsoft disclosed last month.  September's security update features five critical vulnerabilities, 10 fewer than were included in last month’s Patch Tuesday. There are two moderate-severity vulnerabilities in this release and a low-security issue that’s already been patched as a part of a recent Google Chromium update. The remainder is considered “important.”  The most serious vulnerability exists in several versions of Windows Server and Windows 10 that could allow an attacker to gain the ability to execute remote code (RCE) by sending a singular, specially crafted IPv6 packet to a Windows node where IPSec is enabled. CVE-2022-34718 only affects instances that have IPSec enabled. This vulnerability has a severity score of 9.8 out of 10 and is considered “more likely...

CVE-2022-38292: [Security Bugs] Server Side Request Forgery · Issue #158 · slims/slims9_bulian

SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php.

CVE-2021-44425: Remote Desktop Software for Windows – AnyDesk

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using the tunneling feature, allows the attacker unauthorized access to the local machine's AnyDesk tunneling protocol stack (and also to any remote destination machine software that is listening to the AnyDesk tunneled port).

Infix LMS 4.3.0 IFRAME Injection

Infix LMS version 4.3.0 suffers from an iframe injection vulnerability.

Google Completes Acquisition of Mandiant

The threat-intelligence and cyberdefense company company will join Google Cloud and retain its brand name.