Topic

Windows

A collection of 209 issues

CVE-2022-40707 An OOB read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security could allow a local attacker to disclose sensitive information.

This issue is unique to Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows versions before 3.0.9. An attacker could exploit this issue to obtain sensitive information by reading data from the memory of the affected system. This issue can be leveraged by

CVE-2022-22387 IBM Application Gateway is vulnerable to cross-site scripting

This issue is related to the fact that application gateways are designed to process HTML content and this functionality also allows to execute arbitrary JavaScript code. In order to exploit this issue an attacker must be able to obtain access to a vulnerable system and perform a series of steps

CVE-2022-40083 The Echo CMS v4.8.0 had an open redirect vulnerability in the Static Handler component.

SSRF is a type of attack where the attacker tricks the victim’s web application into executing a command on the server. The command can be as simple as clicking a malicious link, or can be as complex as accessing a file on the server. To exploit this issue, an

CVE-2022-22525 In Gavazzi UWP3.0 and CPY Car Park Server v2.8.3, an attacker with admin rights could execute arbitrary commands due to missing input sanitization.

when restoring backups of remote servers. The attacker could use this issue to install software on the affected system, view sensitive information, or take actions on the system as root. Update: The vendor announced that version 3.0 of UWP has been released with the fix in version 3.0.

CVE-2022-32170 The "Bytebase" application does not restrict low privilege user access to admin "projects" for which an unauthorized user can view the affected endpoint.

The vulnerability can be exploited by an unprivileged user and has been reported to the vendor and assigned with a severity rating of “High“. The “Bytebase” application has been released as open source software and a patch for the vulnerability has been submitted to the maintainers. The vendor has also

CVE-2022-39033 The acquisition function of the smart vision file has a vulnerability due to the lack of filtering of special characters in the URL parameter.

The function that handles file downloads on the Smart eVision OS is vulnerable. An attacker can exploit this to download and delete arbitrary files on the affected system to cause disruption. The source of this issue was confirmed to be due to incorrect validation of URL parameters in the smart

CVE-2022-40199 An attacker with administrative privileges can obtain the product's directory structure.

This can potentially lead to the disclosure of sensitive information, such as usernames and password hash values. An attacker can exploit this vulnerability to gain access to other sections of the system that they should not have access to. An attacker can also perform a cross-site request forgery attack, allowing

CVE-2022-3201 In past DevTools, an attacker could convince a user to install a malicious extension, which could bypass navigation restrictions.

This issue was addressed by disabling installation of extensions from non-trusted sources such as the Chrome Web Store. We also enabled a warning message when attempting to install a malicious extension from an unknown source. An attacker who convinced a user to install a malicious extension from an unknown source

CVE-2020-36521 Out-of-bounds read is fixed in iOS 14.0, iCloud for Windows 11.4, iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9.

This issue is fixed in iCloud for Windows 11.4, iOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. A buffer overflow issue was addressed with additional validation. An attacker could leverage this vulnerability to execute arbitrary code on

CVE-2022-28981 Liferay's Hypermedia REST APIs module has a path traversal vulnerability that allows remote attackers to access files outside of the com.liferay.headless.discovery.web META-INF folder.

The module responsible for handling requests for `/Discovery?parameter=value` and `/Discovery?parameter=value` allows remote attackers to access files outside of the intended scope via the `parameter` parameter. You can verify this vulnerability by visiting the following URL in your browser: https://127.0.0.1:8080/Discovery?parameter=