Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-38368: PSIRT Advisories — aviatrix_docs documentation

An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.

CVE
#csrf#vulnerability#web#mac#windows#linux#php#rce#ldap#aws#hard_coded_credentials#auth#ssl
CVE-2022-35822

Windows Defender Credential Guard Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-34709.

CVE-2022-34711

Windows Defender Credential Guard Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-34705, CVE-2022-35771.

CVE-2020-21642: ManageEngine Analytics Plus | Release Notes

Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code.

CVE-2020-23622: CVE-2020-12695: CallStranger Vulnerability in Universal Plug and Play (UPnP) Puts Billions of Devices At Risk

** UNSUPPORTED WHEN ASSIGNED ** An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header.

Most Q2 Attacks Targeted Old Microsoft Vulnerabilities

The most heavily targeted flaw last quarter was a remote code execution vulnerability in Microsoft Office that was disclosed and patched four years ago.

Windows, Linux and macOS Users Targeted by Chinese Iron Tiger APT Group

By Deeba Ahmed Chinese Espionage Group called Iron Tiger (aka LuckyMouse) is targeting Windows, Linux, and macOS Users with trojanized MiMi… This is a post from HackRead.com Read the original post: Windows, Linux and macOS Users Targeted by Chinese Iron Tiger APT Group

Windows Credential Guard Domain-Joined Device Public Key Privilege Escalation

On Windows, when registered to use a public key for computer authentication, the certificate is stored in a user accessible registry key leading to elevation of privilege.

Win32.Ransom.BlueSky MVID-2022-0632 Code Execution

The BlueSky Win32.Ransom.BlueSky ransomware looks for and executes arbitrary DLLs in its current working directory. Therefore, we can hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. The exploit DLL checks if the current directory is "C:\Windows\System32" and if not we grab our own process ID and terminate. All basic tests were conducted successfully in a virtual machine environment.