CVE-2022-21476 Vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition.
by using the Java reflection API. The vulnerability can be exploited through web requests. A potential attacker can host a specially crafted website on a
CVE-2022-29457 NTLM Hash disclosure issue in Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131.
This may allow attackers to determine the existence of a mailbox, which could lead to the assumption that a user has an unread message in
CVE-2022-28810 In Zoho ManageEngine ADSelfService Plus before build 6122, a remote authenticated admin can execute operating system commands as SYSTEM.
Zoho ADSelfService Plus allows administrators to define custom scripts that are run when an event occurs. These scripts can be used to perform operations such
CVE-2022-1381 global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763
Vulnerabilities in vim affects multiple operating systems including Windows, Linux and Mac. Red Hat, Debian, Suse, Ubuntu, and all other Linux distributions are not supported
CVE-2022-29072 7-Zip through 21.07 may allow privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow.
However, once a user has been authenticated this becomes an elevation of privilege because the parent 7zFM.exe process has access to the file contents.
Episode
00:00:00
00:00:00