Cisco has released a patch for a zero-day vulnerability that exists in its IOS XR router software. Tracked as CVE-2022-20821, the vulnerability could allow an unauthenticated attacker to access Redis instances running in NOSi docker containers remotely. The vulnerability was found during the resolution of a Cisco TAC support case. The vulnerability affects Cisco … Continue reading “Cisco Releases Patch for Zero-day XR Software Health Check Open Port Vulnerability (CVE-2022-20821)”
Author: Diksha Ojha
VMware Patches Critical Vulnerabilities in VMware Identity Manager (vIDM) and Workspace ONE Access (CVE-2022-22972 & CVE-2022-22973)
VMware has released a security advisory to address two critical vulnerabilities (CVE-2022-22972 & CVE-2022-22973) impacting VMware Identity Manager (vIDM), and Workspace ONE Access. Successful exploitation of these vulnerabilities could lead to escalation of privileges and authentication bypass. CISA has also released an advisory and warned users to immediately patch these vulnerabilities. One of the two … Continue reading “VMware Patches Critical Vulnerabilities in VMware Identity Manager (vIDM) and Workspace ONE Access (CVE-2022-22972 & CVE-2022-22973)”
Zyxel Fixes Critical Firewall OS Command Injection Vulnerability (CVE-2022-30525)
Hackers are actively exploiting a recently patched critical command injection vulnerability (CVE-2022-30525) that affects Zyxel firewalls supporting Zero Touch Provisioning (ZTP), which includes the ATP series, VPN series, and the USG FLEX series (including USG20-VPN and USG20W-VPN). Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to inject arbitrary commands. Jake Baines … Continue reading “Zyxel Fixes Critical Firewall OS Command Injection Vulnerability (CVE-2022-30525)”
Microsoft Patches 75 Vulnerabilities Including 3 Zero-days and 8 Rated as Critical in May 2022 Patch Tuesday
Microsoft has released the new set of security patches in the Patch Tuesday, May 2022 edition. This Patch Tuesday security advisory addressed 75 vulnerabilities including one advisory (ADV220001) for Azure in response to CVE-2022-29972, a publicly exposed Zero-Day Remote Code Execution (RCE) Vulnerability. Out of these 75 vulnerabilities, eight are classified as Critical. This … Continue reading “Microsoft Patches 75 Vulnerabilities Including 3 Zero-days and 8 Rated as Critical in May 2022 Patch Tuesday”
Microsoft Releases Patch for the Third-party ODBC Driver Remote Code Execution Vulnerability (CVE-2022-29972)
Microsoft has released a patch addressing a flaw in the Azure Data Factory and Azure Synapse pipelines (tracked as CVE-2022-29972). The flaw affects the third-party Open Database Connectivity (ODBC) driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration Runtime (IR) and did not impact Azure Synapse as a … Continue reading “Microsoft Releases Patch for the Third-party ODBC Driver Remote Code Execution Vulnerability (CVE-2022-29972)”
F5 BIG-IP iControl REST Remote Code Execution Vulnerability (CVE-2022-1388)
A critical Remote Code Execution vulnerability has been reported in the F5 BIG-IP iControl REST API. The vulnerability is being tracked as CVE-2022-1388. A proof of concept for the vulnerability is available and is being actively exploited by threat actors. Security researchers are advising F5 BIG-IP administrators to immediately install the latest security patch. … Continue reading “F5 BIG-IP iControl REST Remote Code Execution Vulnerability (CVE-2022-1388)”
Atlassian Jira Authentication Bypass Vulnerability (CVE-2022-0540)
An authentication bypass vulnerability has been discovered in Atlassian Jira and Jira Service Management products. The vulnerability is being tracked as CVE-2022-0540. Atlassian has released a public security advisory addressing the critical authentication bypass vulnerability in Seraph, the company’s web application security framework. Note that this vulnerability does not impact the cloud versions of … Continue reading “Atlassian Jira Authentication Bypass Vulnerability (CVE-2022-0540)”
WSO2 Unrestricted Arbitrary File Upload and Remote Code Execution Vulnerability (CVE-2022-29464)
An unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to execute arbitrary code remotely on multiple WSO2 products has been reported. The vulnerability was reported by a researcher called Orange Tsai and is being tracked as CVE-2022-29464 (WSO2-2021-1738). WSO2 is an open-source software provider that offers an enterprise platform for integrating application programming interfaces (APIs), applications, … Continue reading “WSO2 Unrestricted Arbitrary File Upload and Remote Code Execution Vulnerability (CVE-2022-29464)”
Oracle Releases 520 Security Patches for Various Oracle Product Families in April 2022 Patch Tuesday
Oracle has released a critical patch update for multiple vulnerabilities in its April 2022 Patch Tuesday. This patch update consists of 520 security patches in various Oracle product families. Out of these 520 security patches, 415 are for non-Oracle CVEs that include fixes for security issues in third-party products that are exploitable in the … Continue reading “Oracle Releases 520 Security Patches for Various Oracle Product Families in April 2022 Patch Tuesday”
7-Zip Privilege Escalation and Command Execution Zero-day Vulnerability (CVE-2022-29072)
7-ZIP through version 21.07 allows privilege escalation and command execution when a file with .7z extension is dragged to the Help>Contents area. The vulnerability is being tracked as CVE-2022-29072. 7-Zip is a free and open-source file archiver for Windows, macOS, and Linux. The zero-day vulnerability in 7-zip is due to misconfiguration of 7z.dll … Continue reading “7-Zip Privilege Escalation and Command Execution Zero-day Vulnerability (CVE-2022-29072)”
