βΌ CVE-2021-34579 βΌ
π Read
via "National Vulnerability Database".
In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download and therefore read mGuard configuration profiles (Γ’β¬ΕATV profilesΓ’β¬οΏ½). Such configuration profiles may contain sensitive information, e.g. private keys associated with IPsec VPN connections.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0031 βΌ
π Read
via "National Vulnerability Database".
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25932 βΌ
π Read
via "National Vulnerability Database".
The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41055 βΌ
π Read
via "National Vulnerability Database".
Windows Human Interface Device Information Disclosure Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26392 βΌ
π Read
via "National Vulnerability Database".
Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46852 βΌ
π Read
via "National Vulnerability Database".
The memory management module has the logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26393 βΌ
π Read
via "National Vulnerability Database".
Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41116 βΌ
π Read
via "National Vulnerability Database".
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-41090.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41064 βΌ
π Read
via "National Vulnerability Database".
.NET Framework Information Disclosure Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41060 βΌ
π Read
via "National Vulnerability Database".
Microsoft Word Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-41103.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41105 βΌ
π Read
via "National Vulnerability Database".
Microsoft Excel Information Disclosure Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-12930 βΌ
π Read
via "National Vulnerability Database".
Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38023 βΌ
π Read
via "National Vulnerability Database".
Netlogon RPC Elevation of Privilege Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41114 βΌ
π Read
via "National Vulnerability Database".
Windows Bind Filter Driver Elevation of Privilege Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31687 βΌ
π Read
via "National Vulnerability Database".
VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26360 βΌ
π Read
via "National Vulnerability Database".
An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processorΓ’β¬β’s encrypted memory contents which may lead to arbitrary code execution in ASP.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31688 βΌ
π Read
via "National Vulnerability Database".
VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41054 βΌ
π Read
via "National Vulnerability Database".
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39879 βΌ
π Read
via "National Vulnerability Database".
Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41048 βΌ
π Read
via "National Vulnerability Database".
Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41047.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-41085 βΌ
π Read
via "National Vulnerability Database".
Azure CycleCloud Elevation of Privilege Vulnerability.π Read
via "National Vulnerability Database".