Firefox is a free and open-source web browser for Windows, OS X, and Linux, as well as an Android mobile version. Mozilla has released out-of-band software upgrades for its Firefox web browser to address two high-impact security flaws. According to the advisory, both vulnerabilities were actively exploited in the wild. Mozilla has patched … Continue reading “Mozilla Firefox Releases Updates to Address Two Zero-day Vulnerabilities (CVE-2022-26485 & CVE-2022-26486)”
Author: Diksha Ojha
Apache APISIX Batch-Requests Plugin Remote Code Execution Vulnerability (CVE-2022-24112)
Apache APISIX has issued a security alert, revealing a remote code execution vulnerability (CVE-2022-24112) in versions prior to 2.12.1. Apache APISIX is a high-performance API gateway that is dynamic and real-time. APISIX offers load balancing, dynamic upstream, canary release, circuit breaking, authentication, observability, and other traffic management functions. The vulnerability states “In versions of Apache … Continue reading “Apache APISIX Batch-Requests Plugin Remote Code Execution Vulnerability (CVE-2022-24112)”
Critical Zabbix Web Frontend Authentication Bypass Vulnerability (CVE-2022-23131)
Researchers from SonarSource have discovered a critical severity vulnerability in Zabbix that allows an attacker to bypass authentication and execute arbitrary code on a targeted server. Zabbix is an open-source monitoring software program that can be used to track IT infrastructures like networks, servers, virtual machines, and cloud services. The vulnerability is tracked as … Continue reading “Critical Zabbix Web Frontend Authentication Bypass Vulnerability (CVE-2022-23131)”
Apache Cassandra Database Software High-Severity Remote Code Execution Vulnerability (CVE-2021-44521)
Apache Cassandra is a free and open-source distributed NoSQL database management system that can handle massive volumes of data across many commodity servers while maintaining high availability and avoiding single points of failure. Researchers have revealed details of a high-severity security flaw in the Apache Cassandra open-source NoSQL distributed database. The vulnerability is easy … Continue reading “Apache Cassandra Database Software High-Severity Remote Code Execution Vulnerability (CVE-2021-44521)”
CISA releases deadline for patching Google Chrome and Adobe Magneto zero-day vulnerabilities (CVE-2022-24086 & CVE-2022-0609)
The US Cybersecurity and Infrastructure Security Agency (CISA) has added nine new vulnerabilities to its list of regularly exploited vulnerabilities. This list includes two zero-days that affect Google Chrome and Adobe Commerce/Magento Open Source. CISA stated that until March 1st, 2022, all Federal Civilian Executive Branch Agencies (FCEB) must install patches for these two … Continue reading “CISA releases deadline for patching Google Chrome and Adobe Magneto zero-day vulnerabilities (CVE-2022-24086 & CVE-2022-0609)”
Microsoft addresses 70 vulnerabilities in February 2022 Patch Tuesday
Microsoft addresses 70 vulnerabilities in their February 2022 Patch Tuesday release. While none of the vulnerabilities in this month’s Microsoft release cycle have been assigned as critical risk, several have been given a high-risk rating (CVSSv3.1 score of 7.0 – 8.9). As of this writing, none of this month’s list of vulnerabilities is known to … Continue reading “Microsoft addresses 70 vulnerabilities in February 2022 Patch Tuesday”
Samba Releases update for Out-Of-Bounds Heap Read/Write Vulnerability (CVE-2021-44142)
Samba is a reimplementation of the SMB network protocol that provides file sharing and printing services across many platforms, allowing Linux, Windows, and macOS users to share files over the network. The vulnerability tracked as CVE-2021-44142, is an out-of-bounds heap read-write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba … Continue reading “Samba Releases update for Out-Of-Bounds Heap Read/Write Vulnerability (CVE-2021-44142)”
Apple releases security updates to fix severe vulnerabilities including two zero-day exploits
Apple has released a security update to address various previously exploited vulnerabilities including one exploited in the wild. The security update covers the serious security bugs in macOS and iOS/iPadOS. The first zero-day (CVE-2022-22587) is a memory corruption flaw that a malicious app might use to run arbitrary code with kernel privileges. The vulnerability affects … Continue reading “Apple releases security updates to fix severe vulnerabilities including two zero-day exploits”
PwnKit: Polkit pkexec Local Privilege Escalation Vulnerability (CVE-2021-4034)
The Qualys Research Team identified a memory corruption flaw in Polkit’s pkexec, a SUID-root tool that comes pre-installed on every major Linux distribution. By exploiting this easily exploited vulnerability (CVE-2021-4034) in its default configuration, any unprivileged user can gain full root privileges on a vulnerable host. Polkit (previously PolicyKit) is a Unix-like operating system … Continue reading “PwnKit: Polkit pkexec Local Privilege Escalation Vulnerability (CVE-2021-4034)”
New Apple Safari 15 vulnerability allows cross-site tracking of users’ data
A software flaw in Apple Safari 15’s implementation of the IndexedDB API could be used by a malicious website to track users’ online activities and worse expose their identities. IndexedDB is a low-level JavaScript API for maintaining NoSQL databases of structured data items such as files and blobs that are supplied by web browsers. … Continue reading “New Apple Safari 15 vulnerability allows cross-site tracking of users’ data”
