βΌ CVE-2022-37975 βΌ
π Read
via "National Vulnerability Database".
Windows Group Policy Elevation of Privilege Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38041 βΌ
π Read
via "National Vulnerability Database".
Windows Secure Channel Denial of Service Vulnerability.π Read
via "National Vulnerability Database".
βοΈ Microsoft Patch Tuesday, October 2022 Edition βοΈ
π Read
via "Krebs on Security".
Microsoft today released updates to fix at least 85 security holes in its Windows operating systems and related software, including a new zero-day vulnerability in all supported versions of Windows that is being actively exploited. However, noticeably absent from this month's Patch Tuesday are any updates to address a pair of zero-day flaws being exploited this past month in Microsoft Exchange Server.π Read
via "Krebs on Security".
Krebs on Security
Microsoft Patch Tuesday, October 2022 Edition
Microsoft today released updates to fix at least 85 security holes in its Windows operating systems and related software, including a new zero-day vulnerability in all supported versions of Windows that is being actively exploited. However, noticeably absentβ¦
π΄ Microsoft Addresses Zero-Days, but Exchange Server Exploit Chain Remains Unpatched π΄
π Read
via "Dark Reading".
The computing giant didn't fix ProxyNotLogon in October's Patch Tuesday, but it disclosed a rare 10-out-of-10 bug and patched two other zero-days, including one being exploited.π Read
via "Dark Reading".
Dark Reading
Microsoft Addresses Zero-Days, but Exchange Server Exploit Chain Remains Unpatched
The computing giant didn't fix ProxyNotLogon in October's Patch Tuesday, but it disclosed a rare 10-out-of-10 bug and patched two other zero-days, including one being exploited.
π1
βΌ CVE-2022-41173 βΌ
π Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41183 βΌ
π Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens manipulated Windows Cursor File (.cur, ico.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39013 βΌ
π Read
via "National Vulnerability Database".
Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system data and make the system unavailable leading to high impact on confidentiality and low impact on integrity and availability of the application.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-39806 βΌ
π Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Drawing (.slddrw, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41170 βΌ
π Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens a manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41180 βΌ
π Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens a manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41179 βΌ
π Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JtTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41192 βΌ
π Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41169 βΌ
π Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39807 βΌ
π Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens manipulated SolidWorks Drawing (.sldasm, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41189 βΌ
π Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41200 βΌ
π Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens a manipulated Scalable Vector Graphic (.svg, svg.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41194 βΌ
π Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Postscript (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41206 βΌ
π Read
via "National Vulnerability Database".
SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful exploitation, there could be a limited impact on confidentiality and integrity of the application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41196 βΌ
π Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41199 βΌ
π Read
via "National Vulnerability Database".
Due to lack of proper memory management, when a victim opens a manipulated Open Inventor File (.iv, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41204 βΌ
π Read
via "National Vulnerability Database".
An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from the affected login form to their own server. This allows them to steal credentials and hijack accounts. A successful attack could compromise the Confidentiality, Integrity, and Availability of the system.π Read
via "National Vulnerability Database".