Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (May 2022)

This host is missing a critical security update according to Microsoft Office Click-to-Run updates SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

The vulnerability of the Kerberos protocol for Windows operating systems allows attackers to increase their privileges.

The vulnerability of the Kerberos protocol for Windows operating systems is related to privilege management errors. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

The vulnerability of the Windows Hyper-V hardware virtualization system allows a attacker to trigger a service failure.

The vulnerability of the Windows Hyper-V hardware virtualization system is related to resource release errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the Windows Digital Media Receiver component of the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Windows Digital Media Receiver component of the Windows operating system is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to increase their privileges...

CVE-2022-29616

SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption...

CVE-2022-29616

SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption...

CVE-2022-29616

SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption...

Memory corruption

SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption...

CVE-2022-29616

SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption...

The vulnerability of the InnoDB component of the MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the InnoDB component of the MySQL Database Server is related to resource release errors. Exploiting this vulnerability can allow a malicious actor to cause service failures using network MySQL protocols...

The vulnerability of the Oracle Talent Acquisition Cloud software, related to code errors, allows a perpetrator to execute arbitrary code.

The vulnerability of the Oracle Talent Acquisition Cloud software lies in code errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2022-20008

In mmcblkreadsingle of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for...

CVE-2022-20008

In mmcblkreadsingle of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for...

CVE-2022-20008

In mmcblkreadsingle of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for...

CVE-2021-26353

CVE-2021-26353 – AMD SMM input validation vulnerability. The issue arises from failure to validate inputs in System Management Mode (SMM), which can allow an attacker to trigger a mishandled error and leave the DRTM UApp partially initialized, potentially causing loss of memory integrity. Affecte...

kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies

A flaw in the processing of received ICMP errors ICMP fragment needed and ICMP redirect in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest...

PT-2022-2536 · Microsoft · Windows Cluster Shared Volume +1

Name of the Vulnerable Software and Affected Versions: Windows Cluster Shared Volume CSV affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource in the Windows Cluster Shared Volume CSV file system. This can allow an attacker to...

PT-2022-2544 · Microsoft · Windows Cluster Shared Volume +1

Name of the Vulnerable Software and Affected Versions: Windows Cluster Shared Volume CSV affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource in the Windows Cluster Shared Volume CSV file system, which can be exploited to...

PT-2022-2545 · Microsoft · Windows Cluster Shared Volume +1

Name of the Vulnerable Software and Affected Versions: Windows Cluster Shared Volume CSV affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource in the Windows Cluster Shared Volume CSV file system, which can allow an attacker to...

PT-2022-2790 · Microsoft · Windows Print Spooler +1

Name of the Vulnerable Software and Affected Versions: Windows Print Spooler affected versions not specified Description: The issue is related to errors in handling objects in memory within the Windows Print Spooler service of Windows operating systems. This can allow an attacker to escalate thei...