Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-44666: Windows Contacts Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

Microsoft Security Response Center
Open in Source
#vulnerability#web#windows#rce#Windows Contacts#Security Vulnerability
CVE-2022-44673: Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

CVE-2022-44674: Windows Bluetooth Driver Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.

CVE-2022-45269: CVE-2022-45269

A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary files.

Judging Management System 1.0 Shell Upload

Judging Management System version 1.0 a remote shell upload vulnerability.

Rash of New Ransomware Variants Springs Up in the Wild

Vohuk, ScareCrow, and AESRT add to the ransomware chaos that organizations have to contend with on a daily basis.

Judging Management System 1.0 SQL Injection

Judging Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Red Hat Security Advisory 2022-8913-01

Red Hat Security Advisory 2022-8913-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.1 serves as a replacement for Red Hat JBoss Web Server 5.7.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a code execution vulnerability.

CVE-2022-45275: bug_report/RCE-1.md at main · ATKF/bug_report

An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-45996: public_bug/tenda/w20e/2 at main · bugfinder0/public_bug

Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output.