Cacti, a web-based device monitoring tool, is vulnerable to a critical command injection vulnerability. Tracked as CVE-2022-46169, this vulnerability requires no authentication for exploitation. On successful exploitation, this could allow an unauthenticated attacker to execute arbitrary code if a specific data source was selected for any monitored device. Cacti is a network monitoring and graphing … Continue reading “Cacti Unauthenticated Command Injection Vulnerability (CVE-2022-46169)”
The January 2023 Oracle Critical Patch Update
This Oracle Critical Patch Update contains a group of patches for multiple security vulnerabilities that address 327 new security patches. Some of the vulnerabilities addressed this month impact various products. These patches address vulnerabilities in Oracle code and third-party components included in Oracle products. We urge customers to apply these time-sensitive Oracle Critical Patch Updates. … Continue reading “The January 2023 Oracle Critical Patch Update”
Cisco EoL Small Business VPN Routers Multiple Vulnerabilities (CVE-2023-20025 & CVE-2023-20026)
Cisco released a security advisory to address critical severity vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers (CVE-2023-20025 & CVE-2023-20026). On successful exploitation, these vulnerabilities could allow a remote attacker to bypass authentication or execute arbitrary commands on affected devices. Hou Liuyang of Qihoo 360 Netlab … Continue reading “Cisco EoL Small Business VPN Routers Multiple Vulnerabilities (CVE-2023-20025 & CVE-2023-20026)”
JsonWebToken Library Remote Code Execution vulnerability (CVE-2022-23529)
A high-severity remote code execution vulnerability has been discovered in the JsonWebToken (JWT) open-source encryption project. Tracked as CVE-2022-23529, an attacker can exploit this vulnerability to gain remote code execution on the target server verifying a maliciously crafted JSON web token (JWT) request. Artur Oleyarsh, Security Researcher at Unit42, has mentioned in his blog, … Continue reading “JsonWebToken Library Remote Code Execution vulnerability (CVE-2022-23529)”
Zoho Patches Remote Code Execution Vulnerability Affecting Multiple ManageEngine Products (CVE-2022-47966)
A critical remote code execution vulnerability has been discovered in multiple Zoho ManageEngine products. Tracked as CVE-2022-47966, this vulnerability affects 24 products of ManageEngine. Successful exploitation of this vulnerability may allow an attacker to perform remote code execution. Khoadha of Viettel Cyber Security has discovered this vulnerability via Zoho Bug Bounty program. Zoho ManageEngine … Continue reading “Zoho Patches Remote Code Execution Vulnerability Affecting Multiple ManageEngine Products (CVE-2022-47966)”
The January 2023 Patch Tuesday Security Update Review
As we enter the first second Tuesday of the year, Microsoft has released its latest security updates and fixes. We invite you to join us as we review and discuss the particulars of these essential security patches. Microsoft Patches for January 2023 Microsoft has released 98 new patches addressing vulnerabilities in a wide range … Continue reading “The January 2023 Patch Tuesday Security Update Review”
VMware Patches Heap Out-Of-Bounds Write Vulnerability in VMware ESXi, Workstation, and Fusion (CVE-2022-31705)
VMware has released a patch for vulnerability in multiple products such as ESXi, Workstation, Fusion, and Cloud Foundation. Tracked as CVE-2022-31705, it is a heap Out-Of-Bounds write vulnerability that could allow code execution on vulnerable systems. The vulnerability is rated as critical and provided a CVSSv3 score of 9.3. Description CVE-2022-321705 is a heap … Continue reading “VMware Patches Heap Out-Of-Bounds Write Vulnerability in VMware ESXi, Workstation, and Fusion (CVE-2022-31705)”
Citrix Application Delivery Controller (ADC) and Citrix Gateway Arbitrary Code Execution Vulnerability (CVE-2022-27518)
Citrix has released patches for an actively exploited zero-day vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway. Tracked as CVE-2022-27518, this critical vulnerability could allow arbitrary code execution on the vulnerable system on successful exploitation. Citrix states in the blog, “We are aware of a small number of targeted attacks in the … Continue reading “Citrix Application Delivery Controller (ADC) and Citrix Gateway Arbitrary Code Execution Vulnerability (CVE-2022-27518)”
Apple Patches Actively Exploited Zero-day Vulnerability in iOS and iPadOS (CVE-2022-42856)
Apple has released an update to address an actively exploited zero-day vulnerability in WebKit. Tracked as CVE-2022-42856, this is a type confusion vulnerability that could allow arbitrary code execution on a vulnerable device. Clément Lecigne of Google’s Threat Analysis Group has discovered this vulnerability. The advisory says, “This issue may have been actively exploited … Continue reading “Apple Patches Actively Exploited Zero-day Vulnerability in iOS and iPadOS (CVE-2022-42856)”
The December 2022 Patch Tuesday Security Update Review
Welcome to the final second Tuesday of the year. As expected, Microsoft and Adobe have released their latest security updates and fixes. Take a break from your holiday preparations and join us as we review the details of the latest security patches. Microsoft Patches for December 2022 In this month’s Patch Tuesday, Microsoft released 52 … Continue reading “The December 2022 Patch Tuesday Security Update Review”