GitLab has released updates to address a remote code execution flaw for its GitLab Community Edition (CE) and Enterprise Edition (EE). Tracked as CVE-2022-2884, the vulnerability is rated as critical and is assigned a CVSS score of 9.9. An authenticated attacker could exploit this vulnerability to execute commands remotely on vulnerable systems via Import from GitHub API … Continue reading “GitLab Patches Critical Remote Command Execution Vulnerability (CVE-2022-2884)”
Author: Diksha Ojha
Palo Alto Networks (PAN-OS) Reflected Amplification Denial-of-Service (DoS) Vulnerability (CVE-2022-0028)
Palo Alto has released a security advisory to address an actively exploited, high-severity vulnerability (CVE-2022-0028) affecting PAN-OS, the operating system used by the company’s networking hardware products. The vulnerability is a PAN-OS URL filtering policy misconfiguration vulnerability that could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The advisory claims … Continue reading “Palo Alto Networks (PAN-OS) Reflected Amplification Denial-of-Service (DoS) Vulnerability (CVE-2022-0028)”
VMware vRealize Operations Multiple Vulnerabilities Patched in the Latest Security update (CVE-2022-31672, CVE-2022-31673, CVE-2022-31674, & CVE-2022-31675)
VMware has released a security advisory (VMSA-2022-0022) addressing multiple vulnerabilities in VMware vRealize Operations. The vulnerabilities vary from an authentication bypass (CVE-2022-31675), and privilege escalation (CVE-2022-31672) to information disclosure (CVE-2022-31673, CVE-2022-316734). These vulnerabilities have been discovered by Steven Seeley (mr_me) of Qihoo 360 Vulnerability Research Institute. VMware vRealize Operations enable self-driving IT Operations Management … Continue reading “VMware vRealize Operations Multiple Vulnerabilities Patched in the Latest Security update (CVE-2022-31672, CVE-2022-31673, CVE-2022-31674, & CVE-2022-31675)”
Microsoft Patches 121 Vulnerabilities with Two Zero-days and 17 Critical; Plus 20 Microsoft Edge (Chromium-Based) in August 2022 Patch Tuesday
Microsoft has released its August 2022 Patch Tuesday edition in which 121 vulnerabilities are fixed. The security update addresses two zero-day vulnerabilities (CVE-2022-34713, CVE-2022-30134), one of which is being exploited in the wild (CVE-2022-34713). Out of the 121 vulnerabilities, 17 are rated critical as they allow remote code execution and elevate privileges. Microsoft also included … Continue reading “Microsoft Patches 121 Vulnerabilities with Two Zero-days and 17 Critical; Plus 20 Microsoft Edge (Chromium-Based) in August 2022 Patch Tuesday”
Cisco Patched Small Business RV Series Routers Multiple Vulnerabilities (CVE-2022-20827, CVE-2022-20841, and CVE-2022-20842)
Cisco has released a security advisory addressing multiple vulnerabilities affecting Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers. The vulnerabilities (CVE-2022-20827, CVE-2022-20841, and CVE-2022-20842) are rated with high and critical severity and assigned a base CVSS base score between 8.3-9.8. These vulnerabilities could allow unauthenticated, remote attackers to execute arbitrary code and trigger … Continue reading “Cisco Patched Small Business RV Series Routers Multiple Vulnerabilities (CVE-2022-20827, CVE-2022-20841, and CVE-2022-20842)”
VMware Patched Multiple Vulnerabilities in VMware Products including Identity Manager (vIDM) and Workspace ONE Access
VMware has released a security advisory addressing multiple vulnerabilities in important VMware products and requested the admins to update to the latest versions. The vulnerabilities varies from an authentication bypass (CVE-2022-31656), URL injection (CVE-2022-31657), path traversal (CVE-2022-31662), Cross-site scripting (XSS) (CVE-2022-31663), remote code execution (CVE-2022-31658, CVE-2022-31659, CVE-2022-31665) to privilege escalation (CVE-2022-31660, CVE-2022-31661, CVE-2022-31664). The CVSS … Continue reading “VMware Patched Multiple Vulnerabilities in VMware Products including Identity Manager (vIDM) and Workspace ONE Access”
Atlassian Confluence Server and Confluence Data Center – Questions for Confluence App – Hardcoded Password Vulnerability (CVE-2022-26138)
Atlassian has released a patch to address a hardcoded credentials vulnerability in Confluence Server and Data Center. Tracked as CVE-2022-26138, the vulnerability can allow an unauthenticated, remote attacker to log into vulnerable servers. Atlassian has rated the vulnerability as Critical as there are reports of this vulnerability being exploited in the wild and the hardcoded … Continue reading “Atlassian Confluence Server and Confluence Data Center – Questions for Confluence App – Hardcoded Password Vulnerability (CVE-2022-26138)”
Cisco Nexus Dashboard Unauthorized Access Vulnerabilities (CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861)
Cisco has released patches for multiple vulnerabilities in Cisco Nexus Dashboard (CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861). The vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. These vulnerabilities were discovered during internal security testing by Michael J Davenport of the … Continue reading “Cisco Nexus Dashboard Unauthorized Access Vulnerabilities (CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861)”
Oracle Releases 349 Security Patches for Various Oracle Products in July 2022 Patch Tuesday
Oracle has released a patch update addressing multiple vulnerabilities in its July 2022 Patch Tuesday edition. This patch update consists of 349 critical security patches in various Oracle product families. The July 2022 Critical Patch Update contains 261 out of 349 security updates that address non-Oracle CVEs, or security flaws in third-party products (such open-source … Continue reading “Oracle Releases 349 Security Patches for Various Oracle Products in July 2022 Patch Tuesday”
Microsoft Patches 84 Vulnerabilities Including One Zero-day and Four Critical in the July 2022 Patch Tuesday
Microsoft has released fixes for 84 security flaws in its July 2022 edition of Patch Tuesday. This month’s update includes a fix for one zero-day (CVE-2022-22047). Out of the 84 vulnerabilities, four are rated as critical. All the critical vulnerabilities are Remote Code Execution (RCE). Microsoft also released two Microsoft Edge (Chromium-Based) security updates earlier … Continue reading “Microsoft Patches 84 Vulnerabilities Including One Zero-day and Four Critical in the July 2022 Patch Tuesday”
