27 matches found
CVE-2022-42187
Hustoj 22.09.22 has a XSS Vulnerability in /admin/problemjudge.php...
Essential Insights on Google Cloud Backup and Disaster Recovery Service
By Owais Sultan The Google Cloud Backup and Disaster Recovery DR service was introduced in September 2022, which enables centralized management… This is a post from HackRead.com Read the original post: Essential Insights on Google Cloud Backup and Disaster Recovery Service...
Summary of Vulnerabilities & Threats: September 2022
...
Researchers Reveal Detail for Windows Zero-Day Vulnerability Patched Last Month
Details have emerged about a now-patched security flaw in Windows Common Log File System CLFS that could be exploited by an attacker to gain elevated permissions on compromised machines. Tracked as CVE-2022-37969 CVSS score: 7.8, the issue was addressed by Microsoft as part of its Patch Tuesday...
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Information Disclosure Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that allow a sensitive...
leszekczarnecki.pl Cross Site Scripting vulnerability OBB-2962528
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
plafond-tendu-design.fr Cross Site Scripting vulnerability OBB-2961054
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022
On September 27, 2022, the following vulnerabilities affecting Cisco products were disclosed by Cert/CC as part of VU855201, titled L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers "https://kb.cert.org/vuls/id/855201": CVE-2021-27853: Layer 2 network filteri...
Microsoft Security Update Validation Report September 2022
Microsoft’s September 2022 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English-only environments and issues may still be found upon implementation. Follow best practices for testing and installing...
Azure File Sync Agent v15.1 Release – September 2022
Azure File Sync Agent v15.1 Release – September 2022 This article describes the improvements and issues that are fixed in the Azure File Sync Agent v15.1 release that is dated September 2022. Additionally, this article contains installation instructions for this release. Improvements and issues...
Security Updates for Microsoft SharePoint Server Subscription Edition (September 2022)
The Microsoft SharePoint Server Subscription Edition installation on the remote host is missing security updates. It is, therefore, affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. %NASLMINLEVEL...
Azure File Sync Agent v15.1 Release – September 2022 (KB5003883)
Update for Azure File Sync agent version 15.1.0.0. For more details, see the associated Microsoft Knowledge Base article...
Azure File Sync Agent v15.1 Release – September 2022 (KB5003883)
Update for Azure File Sync agent version 15.1.0.0. For more details, see the associated Microsoft Knowledge Base article...
Security Updates for Microsoft PowerPoint Products (September 2022)
The Microsoft PowerPoint Products are missing a security update. It is, therefore, affected by the following vulnerability: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2022-37962 Note that Nessus h...
Microsoft Patch Tuesday for September 2022 — Snort rules and prominent vulnerabilities
By Jon Munshaw and Asheer Malhotra. Microsoft released its monthly security update Tuesday, disclosing 64 vulnerabilities across the company’s hardware and software line, a sharp decline from the record number of issues Microsoft disclosed last month. September's security update features five...
KB5017305: Windows 10 Version 1607 and Windows Server 2016 Security Update (September 2022)
The remote Windows host is missing security update 5017305. It is, therefore, affected by multiple vulnerabilities - Windows Photo Import API Elevation of Privilege Vulnerability CVE-2022-26928 - Windows Credential Roaming Service Elevation of Privilege Vulnerability CVE-2022-30170 - Windows...
KB5017308: Windows 10 Version 20H2 / 21H1 / 21H2 Security Update (September 2022)
The remote Windows host is missing security update 5017308. It is, therefore, affected by multiple vulnerabilities - Windows Photo Import API Elevation of Privilege Vulnerability CVE-2022-26928 - Windows Credential Roaming Service Elevation of Privilege Vulnerability CVE-2022-30170 - Windows Secu...
KB5017371: Windows Server 2008 Security Update (September 2022)
The remote Windows host is missing security update 5017371. It is, therefore, affected by multiple vulnerabilities - Windows Credential Roaming Service Elevation of Privilege Vulnerability CVE-2022-30170 - Windows Lightweight Directory Access Protocol LDAP Remote Code Execution Vulnerability...
CVE-2022-36856
Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows attacker to start emergency calls via undefined permission...
Apache Xalan Java XSLT library integer truncation issue when processing malicious XSLT stylesheets
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. A fix for this issue was published in September 20...