Topic

Microsoft

A collection of 136 issues

CVE-2021-3782 An internal reference count is kept on the buffer pool to track each new buffer.

The reference count can be increased by creating an external reference to a buffer storage object, or creating a large number of external references to a particular buffer storage object. The number of external references to a buffer storage object must be greater than or equal to the number of

CVE-2022-23951 Keylime's quote responses can contain untrusted ZIP data which can lead to zip bombs.

This issue has been resolved in 6.3.0. Before upgrading to 6.3.0, make sure to disable the quote feature in your settings, or to un-install the old version of keylime. When using the Gist agent, newly created Gists can be posted to malicious URL shorteners which can

CVE-2022-38545 Valine v1.4.18 has a RCE vulnerability that allows attackers to execute arbitrary code.

This update also fixes several bugs and provides overall improved performance. In addition, this release updates the v1.4.17 release to v1.4.18, which fixes the following issues: Fixed an issue where v1.4.18 would fail to start on Windows due to the presence of the ‘%USERDOMAIN%

CVE-2022-0143 The LDAP connector with StartTLS enabled grants unauthenticated access. This started as an issue in 1.5.20.9.

All installations of IdM and RCS are vulnerable to this issue, including all versions prior to 4.0.1.10, 4.0.1.9, and 4.0.1.8. This issue has been fixed in these versions. For all other versions of Identity Management and Remote Connector Server, it is

CVE-2022-1580 The Site Offline Or Coming Soon Or Maintenance Mode plugin before 1.5.3 prevents users from accessing a website if the URL contains certain keywords.

For example, if you wanted to stop users from accessing your website via Google or Microsoft Bing by adding the keywords "Bing" or "Google" to the URL, you could do so by adding those keywords to the URL's query string. For example, if you wanted to stop users from accessing

CVE-2022-38993 The secure OS module has configuration defects

However, details about the vulnerability have not been announced yet. Therefore, administrators should apply the appropriate precautionary measures before installing this update. In addition, the patch will be tested in a risk-based security assessment. If the patch is found to be vulnerable, a new version will be released. As a

CVE-2022-29649 Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability.

When users receive a maliciously crafted request, XSS can occur in the following ways: In the above example, the user’s session information is transmitted in the query string of the URL, which can be leveraged to steal information. Another example of XSS in NSS can be seen in the

CVE-2022-37956 Windows Kernel Elevation of Privilege Vulnerability

This vulnerability is critical in virtualization and cloud environments where guests have access to the host file system. Virtualization and cloud administrators should be aware of hosting file systems with elevated privileges and be cautious of the access a guest operating system may have to the physical host. Avoid placing

CVE-2022-38008 Microsoft SharePoint Server Remote Code Execution Vulnerability

This vulnerability is caused by improper input validation on the server side. Attackers can inject malicious code into a specially crafted request and make it run on the server. When the server is compromised, attackers can access data or perform actions on behalf of the server’s legitimate user. An

CVE-2022-35837 Windows Graphics Component Information Disclosure Vulnerability

It was discovered that the Windows graphics component could improperly access computer memory. This vulnerability could allow an attacker to run malicious code on the affected system. Affected Software: Windows 7/Server 2008 R2/Server 2012 Windows 8/Server 2012 Windows 10/Server 2016 Windows 7/Server 2008 R2/Server