A critical remote code execution vulnerability has been discovered in multiple Zoho ManageEngine products. Tracked as CVE-2022-47966, this vulnerability affects 24 products of ManageEngine. Successful exploitation of this vulnerability may allow an attacker to perform remote code execution. Khoadha of Viettel Cyber Security has discovered this vulnerability via Zoho Bug Bounty program. Zoho ManageEngine … Continue reading “Zoho Patches Remote Code Execution Vulnerability Affecting Multiple ManageEngine Products (CVE-2022-47966)”
The January 2023 Patch Tuesday Security Update Review
As we enter the first second Tuesday of the year, Microsoft has released its latest security updates and fixes. We invite you to join us as we review and discuss the particulars of these essential security patches. Microsoft Patches for January 2023 Microsoft has released 98 new patches addressing vulnerabilities in a wide range … Continue reading “The January 2023 Patch Tuesday Security Update Review”
VMware Patches Heap Out-Of-Bounds Write Vulnerability in VMware ESXi, Workstation, and Fusion (CVE-2022-31705)
VMware has released a patch for vulnerability in multiple products such as ESXi, Workstation, Fusion, and Cloud Foundation. Tracked as CVE-2022-31705, it is a heap Out-Of-Bounds write vulnerability that could allow code execution on vulnerable systems. The vulnerability is rated as critical and provided a CVSSv3 score of 9.3. Description CVE-2022-321705 is a heap … Continue reading “VMware Patches Heap Out-Of-Bounds Write Vulnerability in VMware ESXi, Workstation, and Fusion (CVE-2022-31705)”
Citrix Application Delivery Controller (ADC) and Citrix Gateway Arbitrary Code Execution Vulnerability (CVE-2022-27518)
Citrix has released patches for an actively exploited zero-day vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway. Tracked as CVE-2022-27518, this critical vulnerability could allow arbitrary code execution on the vulnerable system on successful exploitation. Citrix states in the blog, “We are aware of a small number of targeted attacks in the … Continue reading “Citrix Application Delivery Controller (ADC) and Citrix Gateway Arbitrary Code Execution Vulnerability (CVE-2022-27518)”
Apple Patches Actively Exploited Zero-day Vulnerability in iOS and iPadOS (CVE-2022-42856)
Apple has released an update to address an actively exploited zero-day vulnerability in WebKit. Tracked as CVE-2022-42856, this is a type confusion vulnerability that could allow arbitrary code execution on a vulnerable device. Clément Lecigne of Google’s Threat Analysis Group has discovered this vulnerability. The advisory says, “This issue may have been actively exploited … Continue reading “Apple Patches Actively Exploited Zero-day Vulnerability in iOS and iPadOS (CVE-2022-42856)”
The December 2022 Patch Tuesday Security Update Review
Welcome to the final second Tuesday of the year. As expected, Microsoft and Adobe have released their latest security updates and fixes. Take a break from your holiday preparations and join us as we review the details of the latest security patches. Microsoft Patches for December 2022 In this month’s Patch Tuesday, Microsoft released 52 … Continue reading “The December 2022 Patch Tuesday Security Update Review”
Fortinet Patches an Actively Exploited Pre-authentication Remote Code Execution Vulnerability in FortiOS SSL-VPN (CVE-2022-42475)
Fortinet has released patches for an actively exploited pre-authentication remote code execution vulnerability in FortiOS SSL-VPN. Tracked as CVE-2022-42475, it is a critical vulnerability with a CVSSv3 score of 9.8. On successful exploitation, this vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on the target system. The advisory states, “Fortinet is … Continue reading “Fortinet Patches an Actively Exploited Pre-authentication Remote Code Execution Vulnerability in FortiOS SSL-VPN (CVE-2022-42475)”
ForgeRock Access Management and OpenAM Critical Remote Code Execution Vulnerability (CVE-2021-35464)
There is an active exploitation of a pre-authorization remote code execution vulnerability in the popular Access Management platform from digital identity management firm ForgeRock. Tracked as CVE-2021-35464, the vulnerability has given a critical severity. Cybersecurity and Infrastructure Security Agency (CISA) has also acknowledged the active exploitation of this vulnerability. OpenAM is an access management tool … Continue reading “ForgeRock Access Management and OpenAM Critical Remote Code Execution Vulnerability (CVE-2021-35464)”
Google Releases Emergency Update to Fix Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2022-4262)
Chrome has released security updates for Windows, Mac, and Linux to fix the zero-day vulnerability. Tracked as CVE-2022-4262, it is a type confusion vulnerability in the V8 JavaScript engine. Clement Lecigne of Google’s Threat Analysis Group has reported this vulnerability. Google has acknowledged the active exploitation of this vulnerability in the wild. … Continue reading “Google Releases Emergency Update to Fix Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2022-4262)”
CISA Added a Critical Oracle Access Manager Vulnerability in its Known Exploited Vulnerability Catalog (CVE-2021-35587)
CISA has warned security agencies to patch an actively exploited vulnerability in Oracle Access Manager by adding it to its Known Exploited Vulnerabilities Catalog. Tracked as CVE-2021-35587, it is a pre-authentication remote code execution vulnerability in the Oracle Access Manager (OAM). Oracle has rated this vulnerability as critical and provided a CVSS base score of … Continue reading “CISA Added a Critical Oracle Access Manager Vulnerability in its Known Exploited Vulnerability Catalog (CVE-2021-35587)”
