Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2022-27249: IdeaRE RefTree Shell Upload ≈ Packet Storm

An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource.

CVE
Open in Source
#vulnerability#web#ios#microsoft#linux#js
CVE-2022-27248: IdeaRE RefTree Path Traversal ≈ Packet Storm

A directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative path when invoking the affected DownloadDwg endpoint. An attack uses the path field to CaddemServiceJS/CaddemService.svc/rest/DownloadDwg.

CVE-2021-22277

Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service.

CVE-2022-26909: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

CVE-2022-26908: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

CVE-2022-26900: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

CVE-2022-26895: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

CVE-2022-26894: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

CVE-2022-1139: Chromium: CVE-2022-1139 Inappropriate implementation in Background Fetch API

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 100.0.1185.29 4/1/2022 100.0.4896.60

CVE-2022-1146: Chromium: CVE-2022-1146 Inappropriate implementation in Resource Timing

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 100.0.1185.29 4/1/2022 100.0.4896.60