Cisco patched two critical vulnerabilities in Expressway and TelePresence Video Communication Server. Tracked as CVE-2022-20812 and CVE-2022-20813, the vulnerabilities could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. The vulnerabilities exist in the API and the web-based management interface of Cisco Expressway Series and TelePresence … Continue reading “Cisco Expressway Series and TelePresence Video Communication Server Vulnerabilities (CVE-2022-20812 and CVE-2022-20813)”
Author: Diksha Ojha
Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2022-2294)
Google has released security updates for its Windows and Android users to address a high-severity, zero-day vulnerability in its Chrome browser. The vulnerability was discovered by Jan Vojtesek from the Avast Threat Intelligence team on 1st July. Tracked as CVE-2022-2294, the vulnerability is a heap-based buffer overflow vulnerability in the WebRTC (Web Real-Time Communications) component. This … Continue reading “Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2022-2294)”
Microsoft Service Fabric Elevation of Privilege Vulnerability (FabricScape) (CVE-2022-30137)
Cybersecurity researchers from Palo Alto Networks Unit 42 have discovered a new vulnerability in Microsoft’s Service Fabric – commonly used with Azure. Tracked as CVE-2022-30137, the vulnerability could allow a malicious actor with access to a compromised container to escalate privileges and gain control of the resource’s host Service Fabric node and the entire cluster. … Continue reading “Microsoft Service Fabric Elevation of Privilege Vulnerability (FabricScape) (CVE-2022-30137)”
Microsoft Releases Patches for the Intel Processor MMIO Stale Data Vulnerabilities in June 2022 Patch Tuesday
Microsoft has covered the memory-mapped I/O vulnerabilities known as Processor MMIO Stale Data Vulnerabilities that was published by Intel on June 14, 2022. These vulnerabilities are: CVE-2022-21123 – Shared Buffer Data Read (SBDR) CVE-2022-21125 – Shared Buffer Data Sampling (SBDS) CVE-2022-21127 – Special Register Buffer Data Sampling Update (SRBDS Update) CVE-2022-21166 – Device Register Partial Write (DRPW) … Continue reading “Microsoft Releases Patches for the Intel Processor MMIO Stale Data Vulnerabilities in June 2022 Patch Tuesday”
Microsoft Patches 55 Vulnerabilities Including One Zero-day and Three Critical in the June 2022 Patch Tuesday
Microsoft released a new set of security patches with the June 2022 Patch Tuesday edition. In this month’s security advisory, Microsoft patched a total of 55 vulnerabilities including the Windows MSDT ‘Follina’ zero-day vulnerability (CVE-2022-30190). Out of these 55 vulnerabilities, three vulnerabilities were classified as Critical as they allow Remote Code Execution (RCE). Microsoft … Continue reading “Microsoft Patches 55 Vulnerabilities Including One Zero-day and Three Critical in the June 2022 Patch Tuesday”
WSO2 Fixes Cross-Site Scripting (XSS) Vulnerability in its Multiple Products (CVE-2022-29548)
WSO2 has released a fix for a Reflected Cross-Site Scripting (XSS) vulnerability in the Management Console. The vulnerability, tracked as CVE-2022-29548, can be exploited by tampering with the parameter in the Management Console. This vulnerability exists due to improper output encoding and affects various WSO2 products. WSO2 is an open-source software provider that offers … Continue reading “WSO2 Fixes Cross-Site Scripting (XSS) Vulnerability in its Multiple Products (CVE-2022-29548)”
Atlassian Confluence Server and Confluence Data Center Zero-day Remote Code Execution Vulnerability (CVE-2022-26134)
Atlassian released a security advisory on June 2nd, 2022, explaining a zero-day unauthenticated remote code execution vulnerability (CVE-2022-26134) in Confluence Server and Data Center. This remote code execution vulnerability was observed over the Memorial Day weekend in the United States by the Volexity incident response team. The vulnerability is being actively exploited in the wild … Continue reading “Atlassian Confluence Server and Confluence Data Center Zero-day Remote Code Execution Vulnerability (CVE-2022-26134)”
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (CVE-2022-30190)
Security researchers have discovered a new zero-day vulnerability in Microsoft Office, via Microsoft Support Diagnostic Tool (MSDT), that could be exploited to achieve code execution on affected systems simply by opening a malicious Word document. The vulnerability, tracked as CVE-2022-30190, was discovered by a Japanese security researcher nao_sec, who tweeted a warning about the … Continue reading “Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (CVE-2022-30190)”
Zoom Releases Security Updates to Address Multiple Vulnerabilities in Zoom Clients for Meetings (CVE-2022-22784, CVE-2022-22785, CVE-2022-22786, CVE-2022-22787)
Zoom has patched four security flaws that can infect another user through chat by sending the specially designed Extensible Messaging and Presence Protocol (XMPP) messages and running malicious malware. The vulnerabilities are tracked as CVE-2022-22784, CVE-2022-22785, CVE-2022-22786, and CVE-2022-22787. The vulnerabilities were disclosed by Ivan Fratric of Google’s Project Zero team in February 2022. … Continue reading “Zoom Releases Security Updates to Address Multiple Vulnerabilities in Zoom Clients for Meetings (CVE-2022-22784, CVE-2022-22785, CVE-2022-22786, CVE-2022-22787)”
Mozilla Releases Patches for Two Zero-day Vulnerabilities Affecting Firefox and Thunderbird (CVE-2022-1802, CVE-2022-1529)
Mozilla has released a security patch to address two zero-day vulnerabilities (CVE-2022-1802 and CVE-2022-1529) exploited during the Pwn2Own Vancouver 2022 hacking contest. Successful exploitation of these vulnerabilities allows attackers to get JavaScript code execution on mobile and desktop devices running vulnerable versions of Firefox, Firefox ESR, Firefox for Android, and Thunderbird. The ability to … Continue reading “Mozilla Releases Patches for Two Zero-day Vulnerabilities Affecting Firefox and Thunderbird (CVE-2022-1802, CVE-2022-1529)”
