Microsoft Windows Bind Filter Driver Privilege Escalation [CVE-2022-21858]

A vulnerability was found in Microsoft Windows 10 1809/10 1909/10 2004/10 20H2/10 21H1/11/Server 2016/Server 2019/Server 20H2/Server up to 2022 (Operating System). It has been rated as critical. Affected by this issue is some unknown processing of the component Bind Filter Driver. Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-4315 : PARISNEO LOLLMS UP TO 9.7 SANITIZE_PATH_FROM_ENDPOINT FILENAME CONTROL

CVE-2024-4315 : PARISNEO LOLLMS UP TO 9.7 SANITIZE_PATH_FROM_ENDPOINT FILENAME CONTROL

Description parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function

CVE-2024-36454 : FSAS TECHNOLOGIES IPCOM EX2/IPCOM VE2 UP TO V01L07NF0201 PACKET UNINITIALIZED RESOURCE

CVE-2024-36454 : FSAS TECHNOLOGIES IPCOM EX2/IPCOM VE2 UP TO V01L07NF0201 PACKET UNINITIALIZED RESOURCE

Description Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x Series) V01L07NF0201 and earlier, and IPCOM VE2 Series

CVE-2024-34762 : WPENGINE ADVANCED CUSTOM FIELDS PRO PLUGIN UP TO 6.2.9 ON WORDPRESS PATH TRAVERSAL

CVE-2024-34762 : WPENGINE ADVANCED CUSTOM FIELDS PRO PLUGIN UP TO 6.2.9 ON WORDPRESS PATH TRAVERSAL

Description Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)