CVE-2022-22040 - Crashing IIS Servers with Dynamic Compression — An Easy-to-Understand Guide
Microsoft Internet Information Services (IIS) is widely used for hosting web applications on Windows servers. In February 2022, a security vulnerability named CVE-2022-22040 was published.
CVE-2022-22047 Windows CSRSS Elevation of Privilege Vulnerability
This vulnerability allows an attacker to perform a privilege-escalation attack. Attackers can exploit this vulnerability to access privileged functions of the Web server software. By
CVE-2022-1025 Argo CD v1.0.0 is vulnerable to an improper access control bug. It allows a malicious user to potentially escalate their privileges to admin-level.
At the time of writing, the bug has been fixed in the latest version 1.3.9 and later. If you are using an earlier
CVE-2022-23725 Login prior to 2.8 did not properly set permissions on the Windows Registry entries used to store sensitive API keys.
This could be abused by malicious or compromised user account to gain access to Extranet that they shouldn't have access to. This flaw
CVE-2022-23720 Windows Login does not alert or halt operation if it has the full permissions of PingID properties file.
An attacker could potentially leverage this issue to read, write, or delete sensitive data, and/or may be able to access privileged PingID API endpoints.
Episode
00:00:00
00:00:00