CISA has warned security agencies to patch an actively exploited vulnerability in Oracle Access Manager by adding it to its Known Exploited Vulnerabilities Catalog. Tracked as CVE-2021-35587, it is a pre-authentication remote code execution vulnerability in the Oracle Access Manager (OAM). Oracle has rated this vulnerability as critical and provided a CVSS base score of … Continue reading “CISA Added a Critical Oracle Access Manager Vulnerability in its Known Exploited Vulnerability Catalog (CVE-2021-35587)”
Author: Diksha Ojha
Qualys Threat Research Unit (TRU) Discloses Snap Confine Race Condition Vulnerability (CVE-2022-3328)
The Qualys Threat Research Unit (TRU) has discovered a new vulnerability in the snap-confine function on Linux operating systems (CVE-2022-3328). This is a SUID-root program installed by default on Ubuntu. Qualys recommends applying the patch immediately. In February 2022, Qualys Threat Research Unit (TRU) published CVE-2021-44731 in the “Lemmings” Advisory. The vulnerability (CVE-2022-3328) originated … Continue reading “Qualys Threat Research Unit (TRU) Discloses Snap Confine Race Condition Vulnerability (CVE-2022-3328)”
Google Releases New Stable Chanel 108 Addressing Multiple Vulnerabilities in Chrome
Google has released Chrome 108 to the stable channel for Windows, Mac, and Linux addressing multiple vulnerabilities in the browser. In the advisory published on Nov 29, 2022, Google mentions, “The updates will roll out over the coming days/weeks.” The security fix addresses 28 vulnerabilities with severity ranging from high to medium. The advisory … Continue reading “Google Releases New Stable Chanel 108 Addressing Multiple Vulnerabilities in Chrome”
Google Releases Patch for an Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2022-4135)
Google has released an update for Chrome browser on Windows, Mac, and Linux to address a high-severity zero-day vulnerability (CVE-2022-4135). The vulnerability was discovered by Clement Lecigne of Google’s Threat Analysis Group. “Google is aware that an exploit for CVE-2022-4135 exists in the wild.”, says the advisory released by Google on November 24, 2022. … Continue reading “Google Releases Patch for an Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2022-4135)”
Atlassian Patches Critical Security Misconfiguration Vulnerability in Crowd Server and Data Center (CVE-2022-43782)
Atlassian has released a security update for a critical vulnerability (CVE-2022-43782) in Crowd Server and Data Center. Atlassian Crowd is a centralized identity management application that handles authentication and authorization for web-based applications. This helps in managing users from multiple directories such as Active Directory, LDAP, OpenLDAP, or Microsoft Azure AD. This also controls application … Continue reading “Atlassian Patches Critical Security Misconfiguration Vulnerability in Crowd Server and Data Center (CVE-2022-43782)”
Atlassian Patches Critical Command Injection Vulnerability in Bitbucket Server and Data Center (CVE-2022-43781)
Atlassian has released a security advisory to address a critical vulnerability in Bitbucket Server and Data Center (CVE-2022-43781). Bitbucket is a Git-based code hosting and collaboration tool built for teams. Bitbucket Server is hosted on-premises while the Bitbucket Data Center is hosted on several servers in a cluster in your environment. CVE-2022-43781 is a command … Continue reading “Atlassian Patches Critical Command Injection Vulnerability in Bitbucket Server and Data Center (CVE-2022-43781)”
VMware NSX Manager Multiple Vulnerabilities (CVE-2021-39144 and CVE-2022-31678)
VMware has released patches for multiple vulnerabilities in VMware NSX Manager, which are being tracked as CVE-2021-39144 and CVE-2022-31678. Both vulnerabilities were discovered by Sina Kheirkhah and Steven Seeley of Source Incite. CVE-2021-39144 is rated as ‘Critical’ and is assigned a CVSSv3 base score of 9.8. On successful exploitation, this vulnerability could allow remote code execution … Continue reading “VMware NSX Manager Multiple Vulnerabilities (CVE-2021-39144 and CVE-2022-31678)”
F5 Patches Vulnerabilities in iControl SOAP and iControl REST Running on F5 BIG-IP and BIG-IQ Devices (CVE-2022-41800 and CVE-2022-41622)
Researchers have discovered multiple security vulnerabilities in the F5 BIG-IP and BIG-IQ devices (CVE-2022-41800 and CVE-2022-41622). The vulnerabilities affect the iControl SOAP and iControl REST running on F5 BIG-IP and BIG-IQ Devices. F5’s BIG-IP is a collection of software and hardware intended to improve application availability, access management, and security. iControl is the first … Continue reading “F5 Patches Vulnerabilities in iControl SOAP and iControl REST Running on F5 BIG-IP and BIG-IQ Devices (CVE-2022-41800 and CVE-2022-41622)”
Grafana Releases Patches for Multiple Vulnerabilities (CVE-2022-39328, CVE-2022-39306, and CVE-2022-39307)
Grafana has advised its users to patch a critical severity elevation of privilege vulnerability (CVE-2022-39328) via a security advisory. The advisory also addressed two moderate severity vulnerabilities. CVE-2022-39306 is an elevation privilege vulnerability and CVE-2022-39307 is a username enumeration vulnerability. Grafana is a multi-platform open-source analytics and interactive visualization web application. It provides charts, graphs, … Continue reading “Grafana Releases Patches for Multiple Vulnerabilities (CVE-2022-39328, CVE-2022-39306, and CVE-2022-39307)”
Google Patches Multiple Vulnerabilities in its Chrome Browser
Google has released an update for Chrome browser on Windows, Mac, and Linux addressing multiple vulnerabilities. The advisory addressed 10 vulnerabilities but has provided details of only six vulnerabilities till now. All six vulnerabilities are rated with high severity. Some of the vulnerabilities addressed in the advisory are: CVE-2022-3885: Use after free … Continue reading “Google Patches Multiple Vulnerabilities in its Chrome Browser”
