βΌ CVE-2022-37609 βΌ
π Read
via "National Vulnerability Database".
Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in options.js.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37599 βΌ
π Read
via "National Vulnerability Database".
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39296 βΌ
π Read
via "National Vulnerability Database".
MelisAssetManager provides deliveries of Melis Platform's assets located in every module's public folder. Attackers can read arbitrary files on affected versions of `melisplatform/melis-asset-manager`, leading to the disclosure of sensitive information. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-asset-manager` >= 5.0.1. This issue was addressed by restricting access to files to intended directories only.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37983 βΌ
π Read
via "National Vulnerability Database".
Microsoft DWM Core Library Elevation of Privilege Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37975 βΌ
π Read
via "National Vulnerability Database".
Windows Group Policy Elevation of Privilege Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38041 βΌ
π Read
via "National Vulnerability Database".
Windows Secure Channel Denial of Service Vulnerability.π Read
via "National Vulnerability Database".
βοΈ Microsoft Patch Tuesday, October 2022 Edition βοΈ
π Read
via "Krebs on Security".
Microsoft today released updates to fix at least 85 security holes in its Windows operating systems and related software, including a new zero-day vulnerability in all supported versions of Windows that is being actively exploited. However, noticeably absent from this month's Patch Tuesday are any updates to address a pair of zero-day flaws being exploited this past month in Microsoft Exchange Server.π Read
via "Krebs on Security".
Krebs on Security
Microsoft Patch Tuesday, October 2022 Edition
Microsoft today released updates to fix at least 85 security holes in its Windows operating systems and related software, including a new zero-day vulnerability in all supported versions of Windows that is being actively exploited. However, noticeably absentβ¦
π΄ Microsoft Addresses Zero-Days, but Exchange Server Exploit Chain Remains Unpatched π΄
π Read
via "Dark Reading".
The computing giant didn't fix ProxyNotLogon in October's Patch Tuesday, but it disclosed a rare 10-out-of-10 bug and patched two other zero-days, including one being exploited.π Read
via "Dark Reading".
Dark Reading
Microsoft Addresses Zero-Days, but Exchange Server Exploit Chain Remains Unpatched
The computing giant didn't fix ProxyNotLogon in October's Patch Tuesday, but it disclosed a rare 10-out-of-10 bug and patched two other zero-days, including one being exploited.
π1
βΌ CVE-2022-41173 βΌ
π Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41183 βΌ
π Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens manipulated Windows Cursor File (.cur, ico.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39013 βΌ
π Read
via "National Vulnerability Database".
Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system data and make the system unavailable leading to high impact on confidentiality and low impact on integrity and availability of the application.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-39806 βΌ
π Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Drawing (.slddrw, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41170 βΌ
π Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens a manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41180 βΌ
π Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens a manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41179 βΌ
π Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JtTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41192 βΌ
π Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41169 βΌ
π Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39807 βΌ
π Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens manipulated SolidWorks Drawing (.sldasm, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41189 βΌ
π Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41200 βΌ
π Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens a manipulated Scalable Vector Graphic (.svg, svg.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41194 βΌ
π Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Postscript (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.π Read
via "National Vulnerability Database".