Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Artificial Intelligence and Security: What You Should Know

Next-generation AI products learn proactively and identify changes in the networks, users, and databases using "data drift" to adapt to specific threats as they evolve.

DARKReading
Open in Source
#vulnerability#windows#intel
CVE-2022-31788: SQL Injection Vulnerability PoC #1 - IdeaLMS

IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID= pathname.

CVE-2022-27502: RealVNC® - Remote access software for desktop and mobile | RealVNC

RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM.

CVE-2021-44582: CVE-2021-44582/Privilege Escalation via Forced Browsing in Sourcecodester Money Transfer Management System at main · warmachine-57/CVE-2021-44582

A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1.0, which allows a remote malicious user to gain elevated privileges to the Admin role via any URL.

CVE-2017-20018: XAMPP 7.1.1-0-VC14 DLL Hijacking ≈ Packet Storm

A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It is possible to launch the attack remotely.

CVE-2022-30702: Security Bulletin: Trend Micro Security Out-Of-Bounds Read Information Disclosure Vulnerability

Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected machine.

CVE-2022-30703: Security Bulletin: Trend Micro Security Exposed Dangerous Method Information Disclosure Vulnerability

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege escalation.

New MSDT 0-day Flaw ‘DogWalk’ Receives Free Unofficial Patches

By Deeba Ahmed DogWalk comes soon after another MSDT zero-day vulnerability dubbed Follina was discovered, and Microsoft claimed it was a… This is a post from HackRead.com Read the original post: New MSDT 0-day Flaw ‘DogWalk’ Receives Free Unofficial Patches

CVE-2022-26362: oss-security - Xen Security Advisory 401 v2 (CVE-2022-26362)

x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited.

CVE-2022-26377: security - CVE-2022-26377: Apache HTTP Server: mod_proxy_ajp: Possible request smuggling

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.