VMware has released a security advisory addressing multiple vulnerabilities in important VMware products and requested the admins to update to the latest versions. The vulnerabilities varies from an authentication bypass (CVE-2022-31656), URL injection (CVE-2022-31657), path traversal (CVE-2022-31662), Cross-site scripting (XSS) (CVE-2022-31663), remote code execution (CVE-2022-31658, CVE-2022-31659, CVE-2022-31665) to privilege escalation (CVE-2022-31660, CVE-2022-31661, CVE-2022-31664). The CVSS … Continue reading “VMware Patched Multiple Vulnerabilities in VMware Products including Identity Manager (vIDM) and Workspace ONE Access”
Atlassian Confluence Server and Confluence Data Center – Questions for Confluence App – Hardcoded Password Vulnerability (CVE-2022-26138)
Atlassian has released a patch to address a hardcoded credentials vulnerability in Confluence Server and Data Center. Tracked as CVE-2022-26138, the vulnerability can allow an unauthenticated, remote attacker to log into vulnerable servers. Atlassian has rated the vulnerability as Critical as there are reports of this vulnerability being exploited in the wild and the hardcoded … Continue reading “Atlassian Confluence Server and Confluence Data Center – Questions for Confluence App – Hardcoded Password Vulnerability (CVE-2022-26138)”
Cisco Nexus Dashboard Unauthorized Access Vulnerabilities (CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861)
Cisco has released patches for multiple vulnerabilities in Cisco Nexus Dashboard (CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861). The vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. These vulnerabilities were discovered during internal security testing by Michael J Davenport of the … Continue reading “Cisco Nexus Dashboard Unauthorized Access Vulnerabilities (CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861)”
Oracle Releases 349 Security Patches for Various Oracle Products in July 2022 Patch Tuesday
Oracle has released a patch update addressing multiple vulnerabilities in its July 2022 Patch Tuesday edition. This patch update consists of 349 critical security patches in various Oracle product families. The July 2022 Critical Patch Update contains 261 out of 349 security updates that address non-Oracle CVEs, or security flaws in third-party products (such open-source … Continue reading “Oracle Releases 349 Security Patches for Various Oracle Products in July 2022 Patch Tuesday”
Microsoft Patches 84 Vulnerabilities Including One Zero-day and Four Critical in the July 2022 Patch Tuesday
Microsoft has released fixes for 84 security flaws in its July 2022 edition of Patch Tuesday. This month’s update includes a fix for one zero-day (CVE-2022-22047). Out of the 84 vulnerabilities, four are rated as critical. All the critical vulnerabilities are Remote Code Execution (RCE). Microsoft also released two Microsoft Edge (Chromium-Based) security updates earlier … Continue reading “Microsoft Patches 84 Vulnerabilities Including One Zero-day and Four Critical in the July 2022 Patch Tuesday”
Cisco Expressway Series and TelePresence Video Communication Server Vulnerabilities (CVE-2022-20812 and CVE-2022-20813)
Cisco patched two critical vulnerabilities in Expressway and TelePresence Video Communication Server. Tracked as CVE-2022-20812 and CVE-2022-20813, the vulnerabilities could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. The vulnerabilities exist in the API and the web-based management interface of Cisco Expressway Series and TelePresence … Continue reading “Cisco Expressway Series and TelePresence Video Communication Server Vulnerabilities (CVE-2022-20812 and CVE-2022-20813)”
Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2022-2294)
Google has released security updates for its Windows and Android users to address a high-severity, zero-day vulnerability in its Chrome browser. The vulnerability was discovered by Jan Vojtesek from the Avast Threat Intelligence team on 1st July. Tracked as CVE-2022-2294, the vulnerability is a heap-based buffer overflow vulnerability in the WebRTC (Web Real-Time Communications) component. This … Continue reading “Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2022-2294)”
Microsoft Service Fabric Elevation of Privilege Vulnerability (FabricScape) (CVE-2022-30137)
Cybersecurity researchers from Palo Alto Networks Unit 42 have discovered a new vulnerability in Microsoft’s Service Fabric – commonly used with Azure. Tracked as CVE-2022-30137, the vulnerability could allow a malicious actor with access to a compromised container to escalate privileges and gain control of the resource’s host Service Fabric node and the entire cluster. … Continue reading “Microsoft Service Fabric Elevation of Privilege Vulnerability (FabricScape) (CVE-2022-30137)”
Microsoft Releases Patches for the Intel Processor MMIO Stale Data Vulnerabilities in June 2022 Patch Tuesday
Microsoft has covered the memory-mapped I/O vulnerabilities known as Processor MMIO Stale Data Vulnerabilities that was published by Intel on June 14, 2022. These vulnerabilities are: CVE-2022-21123 – Shared Buffer Data Read (SBDR) CVE-2022-21125 – Shared Buffer Data Sampling (SBDS) CVE-2022-21127 – Special Register Buffer Data Sampling Update (SRBDS Update) CVE-2022-21166 – Device Register Partial Write (DRPW) … Continue reading “Microsoft Releases Patches for the Intel Processor MMIO Stale Data Vulnerabilities in June 2022 Patch Tuesday”
Microsoft Patches 55 Vulnerabilities Including One Zero-day and Three Critical in the June 2022 Patch Tuesday
Microsoft released a new set of security patches with the June 2022 Patch Tuesday edition. In this month’s security advisory, Microsoft patched a total of 55 vulnerabilities including the Windows MSDT ‘Follina’ zero-day vulnerability (CVE-2022-30190). Out of these 55 vulnerabilities, three vulnerabilities were classified as Critical as they allow Remote Code Execution (RCE). Microsoft … Continue reading “Microsoft Patches 55 Vulnerabilities Including One Zero-day and Three Critical in the June 2022 Patch Tuesday”
