Aggregator

CVE-2003-1197 | Ledscripts.com Forums index.php top_message/topic cross site scripting (EDB-23313 / XFDB-13563)

Vuldb Updates
11 months 1 week ago
A vulnerability was found in Ledscripts.com Forums. It has been classified as problematic. Affected is an unknown function of the file index.php. The manipulation of the argument top_message/topic leads to basic cross site scripting. This vulnerability is traded as CVE-2003-1197. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2022-29113 | Microsoft Windows up to Server 2019 Digital Media Receiver race condition

Vuldb Updates
11 months 1 week ago
A vulnerability was found in Microsoft Windows up to Server 2019. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Digital Media Receiver. The manipulation leads to race condition. This vulnerability is known as CVE-2022-29113. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2022-29114 | Microsoft Windows up to Server 2022 Print Spooler information disclosure

Vuldb Updates
11 months 1 week ago
A vulnerability was found in Microsoft Windows. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Print Spooler. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2022-29114. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2022-29117 | Microsoft Visual Studio/.NET/.NET Core denial of service

Vuldb Updates
11 months 1 week ago
A vulnerability, which was classified as critical, has been found in Microsoft Visual Studio, .NET and .NET Core. This issue affects some unknown processing. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2022-29117. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2022-29120 | Microsoft Windows Server 20H2 up to Server 2019 Clustered Shared Volume information disclosure

Vuldb Updates
11 months 1 week ago
A vulnerability, which was classified as problematic, was found in Microsoft Windows Server 2012 up to Server 2019. Affected is an unknown function of the component Clustered Shared Volume. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2022-29120. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2022-29121 | Microsoft Windows up to Server 2022 WLAN AutoConfig Service denial of service

Vuldb Updates
11 months 1 week ago
A vulnerability has been found in Microsoft Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component WLAN AutoConfig Service. The manipulation leads to denial of service. This vulnerability is known as CVE-2022-29121. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2022-29122 | Microsoft Windows Server 20H2 up to Server 2019 Clustered Shared Volume information disclosure

Vuldb Updates
11 months 1 week ago
A vulnerability was found in Microsoft Windows Server 2012 up to Server 2019 and classified as problematic. Affected by this issue is some unknown functionality of the component Clustered Shared Volume. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2022-29122. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2022-29123 | Microsoft Windows Server 20H2 up to Server 2019 Clustered Shared Volume information disclosure

Vuldb Updates
11 months 1 week ago
A vulnerability was found in Microsoft Windows Server 2012 up to Server 2019. It has been classified as problematic. This affects an unknown part of the component Clustered Shared Volume. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2022-29123. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2022-29125 | Microsoft Windows up to Server 2022 Push Notifications Apps Privilege Escalation

Vuldb Updates
11 months 1 week ago
A vulnerability was found in Microsoft Windows. It has been declared as critical. This vulnerability affects unknown code of the component Push Notifications Apps. The manipulation leads to Privilege Escalation. This vulnerability was named CVE-2022-29125. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2022-29126 | Microsoft Windows up to Server 2022 Tablet Windows User Interface Application Core Privilege Escalation

Vuldb Updates
11 months 1 week ago
A vulnerability was found in Microsoft Windows. It has been rated as critical. This issue affects some unknown processing of the component Tablet Windows User Interface Application Core. The manipulation leads to Privilege Escalation. The identification of this vulnerability is CVE-2022-29126. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2022-29127 | Microsoft Windows up to Server 2022 BitLocker information disclosure

Vuldb Updates
11 months 1 week ago
A vulnerability classified as problematic has been found in Microsoft Windows. Affected is an unknown function of the component BitLocker. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2022-29127. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2022-29129 | Microsoft Windows up to Server 2022 LDAP Privilege Escalation

Vuldb Updates
11 months 1 week ago
A vulnerability, which was classified as critical, has been found in Microsoft Windows. Affected by this issue is some unknown functionality of the component LDAP. The manipulation leads to Privilege Escalation. This vulnerability is handled as CVE-2022-29129. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

数百万邮件服务器未启用 TLS 加密面临网络嗅探攻击风险

HackerNews
11 months 1 week ago
HackerNews 编译,转载请注明出处: 目前,互联网上有超过三百万台未启用TLS加密的POP3和IMAP邮件服务器,易受网络嗅探攻击。 IMAP和POP3是访问邮件服务器上电子邮件的两种方法。IMAP建议用于从手机、笔记本电脑等多种设备查收邮件,因为它会将邮件保存在服务器上,并在设备间同步。而POP3则是从服务器下载邮件,只能在下载邮件的设备上访问。 TLS安全通信协议有助于在用户通过客户端/服务器应用程序在互联网上交换和访问电子邮件时保障其信息安全。然而,若未启用TLS加密,邮件内容和凭证将以明文形式发送,从而面临窃听式的网络嗅探攻击。ShadowServer安全威胁监测平台的扫描结果显示,约有330万台主机正在运行未启用TLS加密的POP3/IMAP服务,并在互联网上明文传输用户名和密码。 ShadowServer目前正在通知邮件服务器运营商,其POP3/IMAP服务器未启用TLS,导致用户的未加密用户名和密码暴露于嗅探攻击风险中。 ShadowServer表示:“这意味着用于邮件访问的密码可能会被网络嗅探器截获。此外,服务暴露还可能使服务器遭受密码猜测攻击。” “如果您收到我们的这份报告,请为IMAP启用TLS支持,并考虑该服务是否确实需要启用,或者将其置于VPN之后。” 无TLS加密的IMAP和POP3邮件服务器(ShadowServer) TLS 1.0规范及其后继版本TLS 1.1已使用近二十年,其中TLS 1.0于1999年推出,TLS 1.1于2006年推出。经过广泛讨论和28份协议草案的制定,互联网工程任务组(IETF)于2018年3月批准了TLS协议的下一个主要版本TLS 1.3。 2018年10月,微软、谷歌、苹果和Mozilla联合宣布,将于2020年上半年停用不安全的TLS 1.0和TLS 1.1协议。微软从2020年8月起,在最新的Windows 10 Insider预览版中默认启用了TLS 1.3。 2021年1月,美国国家安全局(NSA)也提供了有关识别和替换过时TLS协议版本及配置的指导,采用现代、安全的替代方案。 NSA表示:“过时的配置会让对手利用各种技术访问敏感操作流量,如通过中间人攻击进行被动解密和流量篡改。” “攻击者可以利用过时的传输层安全(TLS)协议配置访问敏感数据,且所需技能极少。”   消息来源:Bleeping Computer, 编译:zhongx;  本文由 HackerNews.cc 翻译整理,封面来源于网络;   转载请注明“转自 HackerNews.cc”并附上原文
hackernews

Managed ad