CVE-2022-1606 In M-Files Server versions before 22.3.11164.0 and 22.3.11237.1, user can read unmanaged objects if privilege assignment is incorrect.
This vulnerability allows users with the "Grant Access" privilege to read any data stored in the M-Files database.
M-Files Server versions 22.3.
CVE-2022-38802 - Exploiting Incorrect Access Control in ZKTeco BioTime (<8.5.3 Build:20200816.447) for Local File Disclosure via XSS-to-PDF
ZKTeco's BioTime is a popular biometric time and attendance management software, used by enterprises worldwide. Security researchers discovered that versions below 8.5.
CVE-2022-3859 An uncontrolled search path vulnerability exists in versions of Trellix Agent prior to 5.7.8. An attacker can exploit this vulnerability to access files on the system.
An attacker can also inject a different DLL than the one configured to be searched for. For example, an attacker may place a malicious DLL
CVE-2022-4187 - Exploiting Insufficient Policy Enforcement in Chrome DevTools for Local File Access on Windows
Date Discovered: Late 2022
Affected Software: Google Chrome on Windows (prior to 108..5359.71)
Severity: Medium (Chromium Security Severity)
Exploit Type: Insufficient policy enforcement,
CVE-2022-4189 An attacker could bypass navigation restrictions in Chrome with a malicious extension if they convince a user to install it.
This issue was fixed in version 108.0.5359.81. In Google Chrome prior to 108.0.5359.71, an attacker could convince a user
Episode
00:00:00
00:00:00