Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-22015: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.

Microsoft Security Response Center
Open in Source
#vulnerability#web#windows#Windows Remote Desktop#Security Vulnerability
CVE-2022-26913: Windows Authentication Security Feature Bypass Vulnerability

**What Security Feature might be bypassed by this vulnerability?** The authentication feature could be bypassed as this vulnerability allows impersonation.

CVE-2022-22011: Windows Graphics Component Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.

CVE-2022-29150: Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-29151: Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-22713: Windows Hyper-V Denial of Service Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-23279: Windows ALPC Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-27412: Explore CMS 1.0 SQL Injection ≈ Packet Storm

Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request.

CVE-2022-27412: Explore CMS 1.0 SQL Injection ≈ Packet Storm

Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request.

CVE-2022-29933: cms/CHANGELOG.md at develop · craftcms/cms

Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality. Specifically, the attacker must send X-Forwarded-Host to the /index.php?p=admin/actions/users/send-password-reset-email URI. NOTE: the vendor's position is that a customer can already work around this by adjusting the configuration (i.e., by not using the default configuration).