Atlassian has released a security update for a critical vulnerability (CVE-2022-43782) in Crowd Server and Data Center. Atlassian Crowd is a centralized identity management application that handles authentication and authorization for web-based applications. This helps in managing users from multiple directories such as Active Directory, LDAP, OpenLDAP, or Microsoft Azure AD. This also controls application … Continue reading “Atlassian Patches Critical Security Misconfiguration Vulnerability in Crowd Server and Data Center (CVE-2022-43782)”
Atlassian Patches Critical Command Injection Vulnerability in Bitbucket Server and Data Center (CVE-2022-43781)
Atlassian has released a security advisory to address a critical vulnerability in Bitbucket Server and Data Center (CVE-2022-43781). Bitbucket is a Git-based code hosting and collaboration tool built for teams. Bitbucket Server is hosted on-premises while the Bitbucket Data Center is hosted on several servers in a cluster in your environment. CVE-2022-43781 is a command … Continue reading “Atlassian Patches Critical Command Injection Vulnerability in Bitbucket Server and Data Center (CVE-2022-43781)”
VMware NSX Manager Multiple Vulnerabilities (CVE-2021-39144 and CVE-2022-31678)
VMware has released patches for multiple vulnerabilities in VMware NSX Manager, which are being tracked as CVE-2021-39144 and CVE-2022-31678. Both vulnerabilities were discovered by Sina Kheirkhah and Steven Seeley of Source Incite. CVE-2021-39144 is rated as ‘Critical’ and is assigned a CVSSv3 base score of 9.8. On successful exploitation, this vulnerability could allow remote code execution … Continue reading “VMware NSX Manager Multiple Vulnerabilities (CVE-2021-39144 and CVE-2022-31678)”
F5 Patches Vulnerabilities in iControl SOAP and iControl REST Running on F5 BIG-IP and BIG-IQ Devices (CVE-2022-41800 and CVE-2022-41622)
Researchers have discovered multiple security vulnerabilities in the F5 BIG-IP and BIG-IQ devices (CVE-2022-41800 and CVE-2022-41622). The vulnerabilities affect the iControl SOAP and iControl REST running on F5 BIG-IP and BIG-IQ Devices. F5’s BIG-IP is a collection of software and hardware intended to improve application availability, access management, and security. iControl is the first … Continue reading “F5 Patches Vulnerabilities in iControl SOAP and iControl REST Running on F5 BIG-IP and BIG-IQ Devices (CVE-2022-41800 and CVE-2022-41622)”
Grafana Releases Patches for Multiple Vulnerabilities (CVE-2022-39328, CVE-2022-39306, and CVE-2022-39307)
Grafana has advised its users to patch a critical severity elevation of privilege vulnerability (CVE-2022-39328) via a security advisory. The advisory also addressed two moderate severity vulnerabilities. CVE-2022-39306 is an elevation privilege vulnerability and CVE-2022-39307 is a username enumeration vulnerability. Grafana is a multi-platform open-source analytics and interactive visualization web application. It provides charts, graphs, … Continue reading “Grafana Releases Patches for Multiple Vulnerabilities (CVE-2022-39328, CVE-2022-39306, and CVE-2022-39307)”
Google Patches Multiple Vulnerabilities in its Chrome Browser
Google has released an update for Chrome browser on Windows, Mac, and Linux addressing multiple vulnerabilities. The advisory addressed 10 vulnerabilities but has provided details of only six vulnerabilities till now. All six vulnerabilities are rated with high severity. Some of the vulnerabilities addressed in the advisory are: CVE-2022-3885: Use after free … Continue reading “Google Patches Multiple Vulnerabilities in its Chrome Browser”
Patches Released for Multiple Vulnerabilities in Citrix Gateway and ADC (CVE-2022-27510, CVE-2022-27513, and CVE-2022-27516)
Citrix has released patches for multiple vulnerabilities in Citrix Gateway and ADC (CVE-2022-27510, CVE-2022-27513, and CVE-2022-27516). These vulnerabilities can be exploited by an attacker to gain unauthorized access to the device, take over remote desktops, or bypass the login brute force protection. Citrix Gateway unifies remote access infrastructure to offer single sign-on for all applications, … Continue reading “Patches Released for Multiple Vulnerabilities in Citrix Gateway and ADC (CVE-2022-27510, CVE-2022-27513, and CVE-2022-27516)”
Multiple Critical Vulnerabilities Patched in VMware Workspace ONE Assist (CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, and CVE-2022-31689)
VMware released a security advisory addressing multiple critical vulnerabilities in VMware Workspace ONE Assist. These vulnerabilities may allow an attacker to perform an authentication bypass and get admin privileges. The vulnerabilities are being tracked as CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, and CVE-2022-31689. The vulnerabilities were discovered by Jasper Westerman, Jan van der Put, Yanick de Pater, and … Continue reading “Multiple Critical Vulnerabilities Patched in VMware Workspace ONE Assist (CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, and CVE-2022-31689)”
Microsoft Patch Tuesday, November 2022 Edition: 65 New Vulnerabilities Patched, 6 Zero-days, and 10 Rated as Critical
Microsoft has released security updates for 65 new vulnerabilities in its November 2022 Patch Tuesday Edition. The security update also addressed six actively exploited zero-day vulnerabilities. Out of the 65 vulnerabilities, 10 are rated as critical that include privilege elevation, spoofing, remote code execution, and other severe types of vulnerabilities. This month’s security updates also … Continue reading “Microsoft Patch Tuesday, November 2022 Edition: 65 New Vulnerabilities Patched, 6 Zero-days, and 10 Rated as Critical”
Open Secure Sockets Layer (OpenSSL) Patches High Severity Vulnerabilities (CVE-2022-3602 and CVE-2022-3786)
OpenSSL warned its users about a critical severity vulnerability through a pre-notification alert on October 25th, 2022, mentioning that the patches will be released on November 1st, 2022. OpenSSL, a software library, is used by programs that need to identify the other party or encrypt conversations over computer networks against eavesdropping. Internet servers frequently … Continue reading “Open Secure Sockets Layer (OpenSSL) Patches High Severity Vulnerabilities (CVE-2022-3602 and CVE-2022-3786)”
