Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2022-23481: Out-of-Bound Read in xrdp_caps_process_confirm_active

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active() function. There are no known workarounds for this issue. Users are advised to upgrade.

CVE
Open in Source
#vulnerability#mac#microsoft#git
CVE-2022-23484: Integer Overflow in xrdp_mm_process_rail_update_window_text

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. There are no known workarounds for this issue. Users are advised to upgrade.

CVE-2022-23483: Out-of-Bound Read in libxrdp_send_to_channel

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to upgrade.

CVE-2022-23482: Out-of-Bound Read in xrdp_sec_process_mcs_data_CS_CORE

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function. There are no known workarounds for this issue. Users are advised to upgrade.

CVE-2022-23477: Buffer Overflow in audin_send_open

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in audin_send_open() function. There are no known workarounds for this issue. Users are advised to upgrade.

CVE-2022-3724: Crash in USB-HID dissector on Windows (#18384) · Issues · Wireshark Foundation / wireshark · GitLab

Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows

New Truebot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm

Cybersecurity researchers have reported an increase in TrueBot infections, primarily targeting Mexico, Brazil, Pakistan, and the U.S. Cisco Talos said the attackers behind the operation have moved from using malicious emails to alternative delivery methods such as the exploitation of a now-patched remote code execution (RCE) flaw in Netwrix auditor as well as the Raspberry Robin worm. "

43 Trillion Security Data Points Illuminate Our Most Pressing Threats

A new report helps companies understand an ever-changing threat landscape and how to strengthen their defenses against emerging cybersecurity trends.

How Naming Can Change the Game in Software Supply Chain Security

A reliance on CPE names currently makes accurate searching for high-risk security vulnerabilities difficult.

Planet eStream Code Execution / SQL Injection / XSS / Broken Control

Planet eStream versions prior to 6.72.10.07 suffer from shell upload, account takeover, broken access control, SQL injection, both persistent and reflective cross site scripting, path traversal, and information disclosure vulnerabilities.