Aggregator

This daily article is intended to make it easier for those who want to stay updated with my regular posts. Any subscriber-only content will be clearly marked at the end of the link.

SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)

践行新发展理念，推进流域水治理现代化。

A vulnerability was found in Microsoft Windows. It has been classified as critical. Affected is an unknown function of the component Virtual Machine IDE Drive. The manipulation leads to Privilege Escalation. This vulnerability is traded as CVE-2022-21833. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component User-mode Driver Framework Reflector Driver. The manipulation leads to Privilege Escalation. This vulnerability is known as CVE-2022-21834. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows. It has been rated as critical. Affected by this issue is some unknown functionality of the component Cryptographic Services. The manipulation leads to Privilege Escalation. This vulnerability is handled as CVE-2022-21835. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Microsoft Windows. This affects an unknown part of the component Certificate Handler. The manipulation leads to improper certificate validation. This vulnerability is uniquely identified as CVE-2022-21836. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Microsoft SharePoint 2013 SP1/2016/2019. This vulnerability affects unknown code. The manipulation leads to Privilege Escalation. This vulnerability was named CVE-2022-21837. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Microsoft Windows. This issue affects some unknown processing of the component Cleanup Manager. The manipulation leads to link following. The identification of this vulnerability is CVE-2022-21838. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Microsoft Windows 10 1809/Server 2019. Affected is an unknown function of the component Event Tracing Discretionary Access Control List. The manipulation leads to denial of service. This vulnerability is traded as CVE-2022-21839. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Frenos offers a zero-impact, continuous security assessment platform for operational technology environments.

Five months after reviving it in June, ​Microsoft has shut down the Windows 10 Beta Channel and will move all enrolled Windows Insiders to the Release Preview Channel. [...]

Five months after reviving it in June, ​Microsoft has shut down the Windows 10 Beta Channel and will move all enrolled Windows Insiders to the Release Preview Channel. [...]

The exploitation of the recently disclosed ‘won’t fix’ issue CVE-2024-10914 in legacy D-Link NAS devices began days after its disclosure.   Days after D-Link announced it wouldn’t patch a critical vulnerability, tracked as CVE-2024-10914 (CVSS score of 9.8), in legacy D-Link NAS devices, that threat actors started attempting to exploit. The vulnerability CVE-2024-10914 is a command […]