Zimbra has issued a security update to address multiple vulnerabilities in its Collaboration Suite (ZCS) product. The CVEs patched in the latest security update of ZCS are CVE-2022-27926, CVE-2021-40438, CVE-2021-39275, CVE-2021-21702, CVE-2022-27925, and CVE-2022-27924. CISA has included CVE-2022-27926 in its Known Exploited Vulnerabilities Catalog. Zimbra Collaboration Suite is a widely deployed web client and email … Continue reading “Multiple Vulnerabilities Patched In Zimbra Collaboration Suite (ZCS)”
Author: Abhishek Rautela
Fortinet FortiOS Path Traversal Vulnerability (CVE-2022-41328)
Fortinet has recently issued advisories and warnings regarding several vulnerabilities in its products, including FortiOS, FortiProxy, and FortiSwitchManager. One of the most critical vulnerabilities is a path traversal vulnerability in FortiOS (CVE-2022-41328). A privileged attacker may read and write arbitrary files via crafted CLI commands. Threat groups have been using zero-day exploits to abuse the … Continue reading “Fortinet FortiOS Path Traversal Vulnerability (CVE-2022-41328)”
Apple Releases Security Updates to patch two Zero-Day Vulnerabilities (CVE-2022-32893 and CVE-2022-32894)
Apple has rolled out emergency security updates to patch two zero-day vulnerabilities, known to be under exploitation to hack iPhones, iPads and Macs. The two zero-days are being tracked as CVE-2022-32893 and CVE-2022-32894. The vulnerabilities are known to affect all iPhones, iPads and MacOS. CVE-2022-32893 is an out-of-bounds vulnerability that might lead to arbitrary code … Continue reading “Apple Releases Security Updates to patch two Zero-Day Vulnerabilities (CVE-2022-32893 and CVE-2022-32894)”
Google Chrome Zero-Day Insufficient Input Validation Vulnerability (CVE-2022-2856)
Google has rolled out patches for its chrome browser addressing multiple vulnerabilities, including a high severity zero-day vulnerability (CVE-2022-2856). Google addressed the vulnerability stating, “Google is aware that an exploit for CVE-2022-2856 exists in the wild”. The security update is currently rolling out for Windows, Mac and Linux Operating systems. Google described the zero-day (CVE-2022-2856) … Continue reading “Google Chrome Zero-Day Insufficient Input Validation Vulnerability (CVE-2022-2856)”
Apple Zero-Day Arbitrary Code Execution Vulnerabilities (CVE-2021-30858 and CVE-2021-30860)
Apple released an emergency security release on September 13, 2021 to address two arbitrary code execution vulnerabilities, CVE-2021-30858 and CVE-2021-30860. According to Apple, both vulnerabilities allow maliciously crafted documents to execute arbitrary code on vulnerable devices. Apple addressed the issue saying, “Apple is aware of a report that this issue may have been actively exploited.” … Continue reading “Apple Zero-Day Arbitrary Code Execution Vulnerabilities (CVE-2021-30858 and CVE-2021-30860)”
Google Chrome Zero-Day Type Confusion Vulnerability (CVE-2021-30563)
Another zero-day vulnerability of Google Chrome was in the news in mid-July 2021. The zero-days prior to this one were as follows: CVE-2021-21148 – February 4th, 2021 CVE-2021-21166 – March 2nd, 2021 CVE-2021-21193 – March 12th, 2021 CVE-2021-21206 – April13th, 2021 CVE-2021-21220 – April 13th, 2021 CVE-2021-21224 – April 20th, 2021 CVE-2021-30551 – June 9th, … Continue reading “Google Chrome Zero-Day Type Confusion Vulnerability (CVE-2021-30563)”