Apple has released security updates to address multiple vulnerabilities in macOS Big Sur and macOS Monterey. The vulnerability that Apple said is being exploited in the wild is CVE-2022-32894. This is an out-of-bounds write flaw that could allow an attacker to execute an arbitrary code with kernel privileges. The vulnerability was reported by an … Continue reading “Apple Patches Multiple Vulnerabilities in macOS Big Sur and macOS Monterey including One Zero-day (CVE-2022-32894)”
Author: Diksha Ojha
Microsoft Patches Vulnerabilities 79 including 16 Microsoft Edge (Chromium-Based); with 2 Zero-days and 5 Critical in Patch Tuesday September 2022 Edition
Microsoft has released security updates for 79 vulnerabilities in its September 2022 Patch Tuesday Edition. This month’s security updates also addressed two zero-days (CVE-2022-37969 and CVE-2022-23960). Microsoft mentioned in the advisory that CVE-2022-37969 is being exploited in the wild. Out of the 79 vulnerabilities, five are rated critical (CVE-2022-35805, CVE-2022-34700, CVE-2022-34722, CVE-2022-34721, and CVE-2022-34718). Microsoft also … Continue reading “Microsoft Patches Vulnerabilities 79 including 16 Microsoft Edge (Chromium-Based); with 2 Zero-days and 5 Critical in Patch Tuesday September 2022 Edition”
Google Chrome Releases Fix for the Zero-day Vulnerability (CVE-2022-3075)
Google has released the latest Chrome version to address a zero-day vulnerability (CVE-2022-3075). Google has rated this vulnerability as high severity and acknowledged that it has been actively exploited in the wild. This high severity vulnerability exists due to insufficient data validation in Mojo, which is a group of runtime libraries that offer a … Continue reading “Google Chrome Releases Fix for the Zero-day Vulnerability (CVE-2022-3075)”
Atlassian Bitbucket Server and Data Center Command Injection Vulnerability (CVE-2022-36804)
Atlassian has released a security advisory to address a command injection vulnerability in multiple API endpoints of Bitbucket Server and Data Center. Tracked as CVE-2022-36804, Atlassian has rated the vulnerability as critical as it affects many Bitbucket Server and Data Server versions. The vulnerability was discovered by @TheGrandPew via Atlassian’s bug bounty program. Bitbucket is … Continue reading “Atlassian Bitbucket Server and Data Center Command Injection Vulnerability (CVE-2022-36804)”
GitLab Patches Critical Remote Command Execution Vulnerability (CVE-2022-2884)
GitLab has released updates to address a remote code execution flaw for its GitLab Community Edition (CE) and Enterprise Edition (EE). Tracked as CVE-2022-2884, the vulnerability is rated as critical and is assigned a CVSS score of 9.9. An authenticated attacker could exploit this vulnerability to execute commands remotely on vulnerable systems via Import from GitHub API … Continue reading “GitLab Patches Critical Remote Command Execution Vulnerability (CVE-2022-2884)”
Palo Alto Networks (PAN-OS) Reflected Amplification Denial-of-Service (DoS) Vulnerability (CVE-2022-0028)
Palo Alto has released a security advisory to address an actively exploited, high-severity vulnerability (CVE-2022-0028) affecting PAN-OS, the operating system used by the company’s networking hardware products. The vulnerability is a PAN-OS URL filtering policy misconfiguration vulnerability that could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The advisory claims … Continue reading “Palo Alto Networks (PAN-OS) Reflected Amplification Denial-of-Service (DoS) Vulnerability (CVE-2022-0028)”
VMware vRealize Operations Multiple Vulnerabilities Patched in the Latest Security update (CVE-2022-31672, CVE-2022-31673, CVE-2022-31674, & CVE-2022-31675)
VMware has released a security advisory (VMSA-2022-0022) addressing multiple vulnerabilities in VMware vRealize Operations. The vulnerabilities vary from an authentication bypass (CVE-2022-31675), and privilege escalation (CVE-2022-31672) to information disclosure (CVE-2022-31673, CVE-2022-316734). These vulnerabilities have been discovered by Steven Seeley (mr_me) of Qihoo 360 Vulnerability Research Institute. VMware vRealize Operations enable self-driving IT Operations Management … Continue reading “VMware vRealize Operations Multiple Vulnerabilities Patched in the Latest Security update (CVE-2022-31672, CVE-2022-31673, CVE-2022-31674, & CVE-2022-31675)”
Microsoft Patches 121 Vulnerabilities with Two Zero-days and 17 Critical; Plus 20 Microsoft Edge (Chromium-Based) in August 2022 Patch Tuesday
Microsoft has released its August 2022 Patch Tuesday edition in which 121 vulnerabilities are fixed. The security update addresses two zero-day vulnerabilities (CVE-2022-34713, CVE-2022-30134), one of which is being exploited in the wild (CVE-2022-34713). Out of the 121 vulnerabilities, 17 are rated critical as they allow remote code execution and elevate privileges. Microsoft also included … Continue reading “Microsoft Patches 121 Vulnerabilities with Two Zero-days and 17 Critical; Plus 20 Microsoft Edge (Chromium-Based) in August 2022 Patch Tuesday”
Cisco Patched Small Business RV Series Routers Multiple Vulnerabilities (CVE-2022-20827, CVE-2022-20841, and CVE-2022-20842)
Cisco has released a security advisory addressing multiple vulnerabilities affecting Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers. The vulnerabilities (CVE-2022-20827, CVE-2022-20841, and CVE-2022-20842) are rated with high and critical severity and assigned a base CVSS base score between 8.3-9.8. These vulnerabilities could allow unauthenticated, remote attackers to execute arbitrary code and trigger … Continue reading “Cisco Patched Small Business RV Series Routers Multiple Vulnerabilities (CVE-2022-20827, CVE-2022-20841, and CVE-2022-20842)”
VMware Patched Multiple Vulnerabilities in VMware Products including Identity Manager (vIDM) and Workspace ONE Access
VMware has released a security advisory addressing multiple vulnerabilities in important VMware products and requested the admins to update to the latest versions. The vulnerabilities varies from an authentication bypass (CVE-2022-31656), URL injection (CVE-2022-31657), path traversal (CVE-2022-31662), Cross-site scripting (XSS) (CVE-2022-31663), remote code execution (CVE-2022-31658, CVE-2022-31659, CVE-2022-31665) to privilege escalation (CVE-2022-31660, CVE-2022-31661, CVE-2022-31664). The CVSS … Continue reading “VMware Patched Multiple Vulnerabilities in VMware Products including Identity Manager (vIDM) and Workspace ONE Access”
