Grafana has advised its users to patch a critical severity elevation of privilege vulnerability (CVE-2022-39328) via a security advisory. The advisory also addressed two moderate severity vulnerabilities. CVE-2022-39306 is an elevation privilege vulnerability and CVE-2022-39307 is a username enumeration vulnerability. Grafana is a multi-platform open-source analytics and interactive visualization web application. It provides charts, graphs, … Continue reading “Grafana Releases Patches for Multiple Vulnerabilities (CVE-2022-39328, CVE-2022-39306, and CVE-2022-39307)”
Google Patches Multiple Vulnerabilities in its Chrome Browser
Google has released an update for Chrome browser on Windows, Mac, and Linux addressing multiple vulnerabilities. The advisory addressed 10 vulnerabilities but has provided details of only six vulnerabilities till now. All six vulnerabilities are rated with high severity. Some of the vulnerabilities addressed in the advisory are: CVE-2022-3885: Use after free … Continue reading “Google Patches Multiple Vulnerabilities in its Chrome Browser”
Patches Released for Multiple Vulnerabilities in Citrix Gateway and ADC (CVE-2022-27510, CVE-2022-27513, and CVE-2022-27516)
Citrix has released patches for multiple vulnerabilities in Citrix Gateway and ADC (CVE-2022-27510, CVE-2022-27513, and CVE-2022-27516). These vulnerabilities can be exploited by an attacker to gain unauthorized access to the device, take over remote desktops, or bypass the login brute force protection. Citrix Gateway unifies remote access infrastructure to offer single sign-on for all applications, … Continue reading “Patches Released for Multiple Vulnerabilities in Citrix Gateway and ADC (CVE-2022-27510, CVE-2022-27513, and CVE-2022-27516)”
Multiple Critical Vulnerabilities Patched in VMware Workspace ONE Assist (CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, and CVE-2022-31689)
VMware released a security advisory addressing multiple critical vulnerabilities in VMware Workspace ONE Assist. These vulnerabilities may allow an attacker to perform an authentication bypass and get admin privileges. The vulnerabilities are being tracked as CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, and CVE-2022-31689. The vulnerabilities were discovered by Jasper Westerman, Jan van der Put, Yanick de Pater, and … Continue reading “Multiple Critical Vulnerabilities Patched in VMware Workspace ONE Assist (CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, and CVE-2022-31689)”
Microsoft Patch Tuesday, November 2022 Edition: 65 New Vulnerabilities Patched, 6 Zero-days, and 10 Rated as Critical
Microsoft has released security updates for 65 new vulnerabilities in its November 2022 Patch Tuesday Edition. The security update also addressed six actively exploited zero-day vulnerabilities. Out of the 65 vulnerabilities, 10 are rated as critical that include privilege elevation, spoofing, remote code execution, and other severe types of vulnerabilities. This month’s security updates also … Continue reading “Microsoft Patch Tuesday, November 2022 Edition: 65 New Vulnerabilities Patched, 6 Zero-days, and 10 Rated as Critical”
Open Secure Sockets Layer (OpenSSL) Patches High Severity Vulnerabilities (CVE-2022-3602 and CVE-2022-3786)
OpenSSL warned its users about a critical severity vulnerability through a pre-notification alert on October 25th, 2022, mentioning that the patches will be released on November 1st, 2022. OpenSSL, a software library, is used by programs that need to identify the other party or encrypt conversations over computer networks against eavesdropping. Internet servers frequently … Continue reading “Open Secure Sockets Layer (OpenSSL) Patches High Severity Vulnerabilities (CVE-2022-3602 and CVE-2022-3786)”
Google Patches Zero-day vulnerability in Chrome Browser (CVE-2022-3723)
Google released patches to address a zero-day vulnerability in the Chrome browser. Tracked as CVE-2022-3723, it is a high-severity vulnerability in the Chrome V8 JavaScript engine. The vulnerability was discovered and reported by Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast. “Google is aware of reports that an exploit for CVE-2022-3723 exists in the … Continue reading “Google Patches Zero-day vulnerability in Chrome Browser (CVE-2022-3723)”
Google Chrome Releases New Version to Address Multiple Vulnerabilities
Chrome has released an update for Windows, Mac, and Linux to address multiple vulnerabilities. The vulnerabilities are rated from medium to high. The advisory addressed fixes for 14 security vulnerabilities that are mentioned below: CVE-2022-3652: Type Confusion in V8. This flaw was reported by srodulv and ZNMchtss from S.S.L Team. CVE-2022-3653: Heap buffer overflow in Vulkan. This flaw was … Continue reading “Google Chrome Releases New Version to Address Multiple Vulnerabilities”
Oracle Releases 370 Security Patches for Various Oracle Products in October 2022 Patch Tuesday
Oracle October 2022 Patch Tuesday edition is out. The security update contains a total of 370 critical security patches affecting various Oracle product families. In this month’s update, 290 out of 370 security updates addressed are non-Oracle CVEs, or security flaws in third-party products (such as open-source components), which are exploitable in the context … Continue reading “Oracle Releases 370 Security Patches for Various Oracle Products in October 2022 Patch Tuesday”
Apache Commons Arbitrary Code Execution Vulnerability (Text4Shell) (CVE-2022-42889)
A critical severity arbitrary code execution vulnerability, found in the Apache Commons Text library, has been discovered and reported by Alvaro Munoz. Tracked as CVE-2022-42889, this vulnerability has been assigned a CVSS base score of 9.8 and could result in remote code execution applied to untrusted input due to insecure interpolation defaults. Apache Commons … Continue reading “Apache Commons Arbitrary Code Execution Vulnerability (Text4Shell) (CVE-2022-42889)”
