Fortinet has released patches for an actively exploited pre-authentication remote code execution vulnerability in FortiOS SSL-VPN. Tracked as CVE-2022-42475, it is a critical vulnerability with a CVSSv3 score of 9.8. On successful exploitation, this vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on the target system. The advisory states, “Fortinet is … Continue reading “Fortinet Patches an Actively Exploited Pre-authentication Remote Code Execution Vulnerability in FortiOS SSL-VPN (CVE-2022-42475)”
Author: Diksha Ojha
ForgeRock Access Management and OpenAM Critical Remote Code Execution Vulnerability (CVE-2021-35464)
There is an active exploitation of a pre-authorization remote code execution vulnerability in the popular Access Management platform from digital identity management firm ForgeRock. Tracked as CVE-2021-35464, the vulnerability has given a critical severity. Cybersecurity and Infrastructure Security Agency (CISA) has also acknowledged the active exploitation of this vulnerability. OpenAM is an access management tool … Continue reading “ForgeRock Access Management and OpenAM Critical Remote Code Execution Vulnerability (CVE-2021-35464)”
Google Releases Emergency Update to Fix Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2022-4262)
Chrome has released security updates for Windows, Mac, and Linux to fix the zero-day vulnerability. Tracked as CVE-2022-4262, it is a type confusion vulnerability in the V8 JavaScript engine. Clement Lecigne of Google’s Threat Analysis Group has reported this vulnerability. Google has acknowledged the active exploitation of this vulnerability in the wild. … Continue reading “Google Releases Emergency Update to Fix Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2022-4262)”
CISA Added a Critical Oracle Access Manager Vulnerability in its Known Exploited Vulnerability Catalog (CVE-2021-35587)
CISA has warned security agencies to patch an actively exploited vulnerability in Oracle Access Manager by adding it to its Known Exploited Vulnerabilities Catalog. Tracked as CVE-2021-35587, it is a pre-authentication remote code execution vulnerability in the Oracle Access Manager (OAM). Oracle has rated this vulnerability as critical and provided a CVSS base score of … Continue reading “CISA Added a Critical Oracle Access Manager Vulnerability in its Known Exploited Vulnerability Catalog (CVE-2021-35587)”
Qualys Threat Research Unit (TRU) Discloses Snap Confine Race Condition Vulnerability (CVE-2022-3328)
The Qualys Threat Research Unit (TRU) has discovered a new vulnerability in the snap-confine function on Linux operating systems (CVE-2022-3328). This is a SUID-root program installed by default on Ubuntu. Qualys recommends applying the patch immediately. In February 2022, Qualys Threat Research Unit (TRU) published CVE-2021-44731 in the “Lemmings” Advisory. The vulnerability (CVE-2022-3328) originated … Continue reading “Qualys Threat Research Unit (TRU) Discloses Snap Confine Race Condition Vulnerability (CVE-2022-3328)”
Google Releases New Stable Chanel 108 Addressing Multiple Vulnerabilities in Chrome
Google has released Chrome 108 to the stable channel for Windows, Mac, and Linux addressing multiple vulnerabilities in the browser. In the advisory published on Nov 29, 2022, Google mentions, “The updates will roll out over the coming days/weeks.” The security fix addresses 28 vulnerabilities with severity ranging from high to medium. The advisory … Continue reading “Google Releases New Stable Chanel 108 Addressing Multiple Vulnerabilities in Chrome”
Google Releases Patch for an Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2022-4135)
Google has released an update for Chrome browser on Windows, Mac, and Linux to address a high-severity zero-day vulnerability (CVE-2022-4135). The vulnerability was discovered by Clement Lecigne of Google’s Threat Analysis Group. “Google is aware that an exploit for CVE-2022-4135 exists in the wild.”, says the advisory released by Google on November 24, 2022. … Continue reading “Google Releases Patch for an Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2022-4135)”
Atlassian Patches Critical Security Misconfiguration Vulnerability in Crowd Server and Data Center (CVE-2022-43782)
Atlassian has released a security update for a critical vulnerability (CVE-2022-43782) in Crowd Server and Data Center. Atlassian Crowd is a centralized identity management application that handles authentication and authorization for web-based applications. This helps in managing users from multiple directories such as Active Directory, LDAP, OpenLDAP, or Microsoft Azure AD. This also controls application … Continue reading “Atlassian Patches Critical Security Misconfiguration Vulnerability in Crowd Server and Data Center (CVE-2022-43782)”
Atlassian Patches Critical Command Injection Vulnerability in Bitbucket Server and Data Center (CVE-2022-43781)
Atlassian has released a security advisory to address a critical vulnerability in Bitbucket Server and Data Center (CVE-2022-43781). Bitbucket is a Git-based code hosting and collaboration tool built for teams. Bitbucket Server is hosted on-premises while the Bitbucket Data Center is hosted on several servers in a cluster in your environment. CVE-2022-43781 is a command … Continue reading “Atlassian Patches Critical Command Injection Vulnerability in Bitbucket Server and Data Center (CVE-2022-43781)”
VMware NSX Manager Multiple Vulnerabilities (CVE-2021-39144 and CVE-2022-31678)
VMware has released patches for multiple vulnerabilities in VMware NSX Manager, which are being tracked as CVE-2021-39144 and CVE-2022-31678. Both vulnerabilities were discovered by Sina Kheirkhah and Steven Seeley of Source Incite. CVE-2021-39144 is rated as ‘Critical’ and is assigned a CVSSv3 base score of 9.8. On successful exploitation, this vulnerability could allow remote code execution … Continue reading “VMware NSX Manager Multiple Vulnerabilities (CVE-2021-39144 and CVE-2022-31678)”
