Zoho has released patches for a critical remote code execution vulnerability in its ManageEngine PAM360, Password Manager Pro, and Access Manager Plus. CISA also added the vulnerability (CVE-2022-35405) to its Known Exploited Vulnerabilities (KEV) Catalog. The advisory strongly recommends users update to the latest versions of PAM360, Access Manager Plus, and Password Manager Pro … Continue reading “Zoho ManageEngine PAM360, Access Manager Plus, and Password Manager Pro Remote Code Execution Vulnerability (CVE-2022-35405)”
Trend Micro Patches Multiple Vulnerabilities in Apex One (On-Premise) Including One Zero-day (CVE-2022-40139)
Trend Micro has released a security advisory addressing multiple vulnerabilities (CVE-2022-40140, CVE-2022-40141, CVE-2022-40142, CVE-2022-40143, CVE-2022-40144) in Apex One (On-Premise) and Apex One as a Service. The advisory states, “Trend Micro has observed at least one active attempt of potential exploitation of CVE-2022-40139 in the wild.” It typically takes physical or remote access to a … Continue reading “Trend Micro Patches Multiple Vulnerabilities in Apex One (On-Premise) Including One Zero-day (CVE-2022-40139)”
Cisco Patched Multiple Vulnerabilities in Multiple Products including NVIDIA Data Plane Development Kit
Cisco has released multiple security advisories addressing high severity vulnerabilities in the Webex Meeting app (CVE-2022-20863), SD-WAN vManage (CVE-2022-20696), and RV series VPN routers (CVE-2022-20923). The patches include a fix for a vulnerability related to the NVIDIA Data Plane Development Kit (CVE-2022-28199). As per Cisco’s advisory regarding CVE-2022-20923, the organization “Cisco has not released … Continue reading “Cisco Patched Multiple Vulnerabilities in Multiple Products including NVIDIA Data Plane Development Kit”
Apple Patches Multiple Vulnerabilities in macOS Big Sur and macOS Monterey including One Zero-day (CVE-2022-32894)
Apple has released security updates to address multiple vulnerabilities in macOS Big Sur and macOS Monterey. The vulnerability that Apple said is being exploited in the wild is CVE-2022-32894. This is an out-of-bounds write flaw that could allow an attacker to execute an arbitrary code with kernel privileges. The vulnerability was reported by an … Continue reading “Apple Patches Multiple Vulnerabilities in macOS Big Sur and macOS Monterey including One Zero-day (CVE-2022-32894)”
Microsoft Patches Vulnerabilities 79 including 16 Microsoft Edge (Chromium-Based); with 2 Zero-days and 5 Critical in Patch Tuesday September 2022 Edition
Microsoft has released security updates for 79 vulnerabilities in its September 2022 Patch Tuesday Edition. This month’s security updates also addressed two zero-days (CVE-2022-37969 and CVE-2022-23960). Microsoft mentioned in the advisory that CVE-2022-37969 is being exploited in the wild. Out of the 79 vulnerabilities, five are rated critical (CVE-2022-35805, CVE-2022-34700, CVE-2022-34722, CVE-2022-34721, and CVE-2022-34718). Microsoft also … Continue reading “Microsoft Patches Vulnerabilities 79 including 16 Microsoft Edge (Chromium-Based); with 2 Zero-days and 5 Critical in Patch Tuesday September 2022 Edition”
Google Chrome Releases Fix for the Zero-day Vulnerability (CVE-2022-3075)
Google has released the latest Chrome version to address a zero-day vulnerability (CVE-2022-3075). Google has rated this vulnerability as high severity and acknowledged that it has been actively exploited in the wild. This high severity vulnerability exists due to insufficient data validation in Mojo, which is a group of runtime libraries that offer a … Continue reading “Google Chrome Releases Fix for the Zero-day Vulnerability (CVE-2022-3075)”
Atlassian Bitbucket Server and Data Center Command Injection Vulnerability (CVE-2022-36804)
Atlassian has released a security advisory to address a command injection vulnerability in multiple API endpoints of Bitbucket Server and Data Center. Tracked as CVE-2022-36804, Atlassian has rated the vulnerability as critical as it affects many Bitbucket Server and Data Server versions. The vulnerability was discovered by @TheGrandPew via Atlassian’s bug bounty program. Bitbucket is … Continue reading “Atlassian Bitbucket Server and Data Center Command Injection Vulnerability (CVE-2022-36804)”
GitLab Patches Critical Remote Command Execution Vulnerability (CVE-2022-2884)
GitLab has released updates to address a remote code execution flaw for its GitLab Community Edition (CE) and Enterprise Edition (EE). Tracked as CVE-2022-2884, the vulnerability is rated as critical and is assigned a CVSS score of 9.9. An authenticated attacker could exploit this vulnerability to execute commands remotely on vulnerable systems via Import from GitHub API … Continue reading “GitLab Patches Critical Remote Command Execution Vulnerability (CVE-2022-2884)”
Apple Releases Security Updates to patch two Zero-Day Vulnerabilities (CVE-2022-32893 and CVE-2022-32894)
Apple has rolled out emergency security updates to patch two zero-day vulnerabilities, known to be under exploitation to hack iPhones, iPads and Macs. The two zero-days are being tracked as CVE-2022-32893 and CVE-2022-32894. The vulnerabilities are known to affect all iPhones, iPads and MacOS. CVE-2022-32893 is an out-of-bounds vulnerability that might lead to arbitrary code … Continue reading “Apple Releases Security Updates to patch two Zero-Day Vulnerabilities (CVE-2022-32893 and CVE-2022-32894)”
Google Chrome Zero-Day Insufficient Input Validation Vulnerability (CVE-2022-2856)
Google has rolled out patches for its chrome browser addressing multiple vulnerabilities, including a high severity zero-day vulnerability (CVE-2022-2856). Google addressed the vulnerability stating, “Google is aware that an exploit for CVE-2022-2856 exists in the wild”. The security update is currently rolling out for Windows, Mac and Linux Operating systems. Google described the zero-day (CVE-2022-2856) … Continue reading “Google Chrome Zero-Day Insufficient Input Validation Vulnerability (CVE-2022-2856)”
