VMware released a security advisory addressing multiple critical vulnerabilities in VMware Workspace ONE Assist. These vulnerabilities may allow an attacker to perform an authentication bypass and get admin privileges. The vulnerabilities are being tracked as CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, and CVE-2022-31689. The vulnerabilities were discovered by Jasper Westerman, Jan van der Put, Yanick de Pater, and … Continue reading “Multiple Critical Vulnerabilities Patched in VMware Workspace ONE Assist (CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, and CVE-2022-31689)”
Author: Diksha Ojha
Microsoft Patch Tuesday, November 2022 Edition: 65 New Vulnerabilities Patched, 6 Zero-days, and 10 Rated as Critical
Microsoft has released security updates for 65 new vulnerabilities in its November 2022 Patch Tuesday Edition. The security update also addressed six actively exploited zero-day vulnerabilities. Out of the 65 vulnerabilities, 10 are rated as critical that include privilege elevation, spoofing, remote code execution, and other severe types of vulnerabilities. This month’s security updates also … Continue reading “Microsoft Patch Tuesday, November 2022 Edition: 65 New Vulnerabilities Patched, 6 Zero-days, and 10 Rated as Critical”
Open Secure Sockets Layer (OpenSSL) Patches High Severity Vulnerabilities (CVE-2022-3602 and CVE-2022-3786)
OpenSSL warned its users about a critical severity vulnerability through a pre-notification alert on October 25th, 2022, mentioning that the patches will be released on November 1st, 2022. OpenSSL, a software library, is used by programs that need to identify the other party or encrypt conversations over computer networks against eavesdropping. Internet servers frequently … Continue reading “Open Secure Sockets Layer (OpenSSL) Patches High Severity Vulnerabilities (CVE-2022-3602 and CVE-2022-3786)”
Google Patches Zero-day vulnerability in Chrome Browser (CVE-2022-3723)
Google released patches to address a zero-day vulnerability in the Chrome browser. Tracked as CVE-2022-3723, it is a high-severity vulnerability in the Chrome V8 JavaScript engine. The vulnerability was discovered and reported by Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast. “Google is aware of reports that an exploit for CVE-2022-3723 exists in the … Continue reading “Google Patches Zero-day vulnerability in Chrome Browser (CVE-2022-3723)”
Google Chrome Releases New Version to Address Multiple Vulnerabilities
Chrome has released an update for Windows, Mac, and Linux to address multiple vulnerabilities. The vulnerabilities are rated from medium to high. The advisory addressed fixes for 14 security vulnerabilities that are mentioned below: CVE-2022-3652: Type Confusion in V8. This flaw was reported by srodulv and ZNMchtss from S.S.L Team. CVE-2022-3653: Heap buffer overflow in Vulkan. This flaw was … Continue reading “Google Chrome Releases New Version to Address Multiple Vulnerabilities”
Oracle Releases 370 Security Patches for Various Oracle Products in October 2022 Patch Tuesday
Oracle October 2022 Patch Tuesday edition is out. The security update contains a total of 370 critical security patches affecting various Oracle product families. In this month’s update, 290 out of 370 security updates addressed are non-Oracle CVEs, or security flaws in third-party products (such as open-source components), which are exploitable in the context … Continue reading “Oracle Releases 370 Security Patches for Various Oracle Products in October 2022 Patch Tuesday”
Apache Commons Arbitrary Code Execution Vulnerability (Text4Shell) (CVE-2022-42889)
A critical severity arbitrary code execution vulnerability, found in the Apache Commons Text library, has been discovered and reported by Alvaro Munoz. Tracked as CVE-2022-42889, this vulnerability has been assigned a CVSS base score of 9.8 and could result in remote code execution applied to untrusted input due to insecure interpolation defaults. Apache Commons … Continue reading “Apache Commons Arbitrary Code Execution Vulnerability (Text4Shell) (CVE-2022-42889)”
vm2 NPM Package Remote Code Execution Vulnerability (CVE-2022-36067) (Sandbreak)
Security researchers from Oxeye have discovered a critical remote code execution flaw in vm2, a JavaScript sandbox library. Tracked as CVE-2022-36067, the flaw has been given a CVSS score of 10. On successful exploitation, this flaw could allow attackers to escape the vm2 sandbox environment and run shell commands on the machine hosting the sandbox. … Continue reading “vm2 NPM Package Remote Code Execution Vulnerability (CVE-2022-36067) (Sandbreak)”
Microsoft Patch Tuesday, October 2022 Edition: 84 Vulnerabilities patched including 12 Microsoft Edge (Chromium-Based), 2 Zero-days, and 13 Rated as Critical
Microsoft has released security updates for 84 vulnerabilities in its October 2022 Patch Tuesday Edition. The security updates addressed two zero-days with one actively exploited in attacks (CVE-2022-41033) and one publicly disclosed (CVE-2022-41043). Out of the 84 vulnerabilities, 13 are rated critical (privilege elevation, spoofing, remote code execution, and other severe types of vulnerabilities). … Continue reading “Microsoft Patch Tuesday, October 2022 Edition: 84 Vulnerabilities patched including 12 Microsoft Edge (Chromium-Based), 2 Zero-days, and 13 Rated as Critical”
FortiOS, FortyProxy, and FortiSwitch Manager Authentication Bypass Vulnerability on Administrative Interface (CVE-2022-40684)
Fortinet has patched a critical authentication bypass vulnerability in FortiOS, FortiProxy, and FortiSwitchManager products. Tracked as CVE-2022-40684, this is an authentication bypass vulnerability that could allow an attacker to perform unauthorized operations on vulnerable devices. CISA has added this vulnerability to its Known Exploitable Vulnerabilities Catalog. Fortinet addressed the vulnerability by tweeting, “Due to the ability … Continue reading “FortiOS, FortyProxy, and FortiSwitch Manager Authentication Bypass Vulnerability on Administrative Interface (CVE-2022-40684)”
