WSO2 has released a fix for a Reflected Cross-Site Scripting (XSS) vulnerability in the Management Console. The vulnerability, tracked as CVE-2022-29548, can be exploited by tampering with the parameter in the Management Console. This vulnerability exists due to improper output encoding and affects various WSO2 products. WSO2 is an open-source software provider that offers … Continue reading “WSO2 Fixes Cross-Site Scripting (XSS) Vulnerability in its Multiple Products (CVE-2022-29548)”
Atlassian Confluence Server and Confluence Data Center Zero-day Remote Code Execution Vulnerability (CVE-2022-26134)
Atlassian released a security advisory on June 2nd, 2022, explaining a zero-day unauthenticated remote code execution vulnerability (CVE-2022-26134) in Confluence Server and Data Center. This remote code execution vulnerability was observed over the Memorial Day weekend in the United States by the Volexity incident response team. The vulnerability is being actively exploited in the wild … Continue reading “Atlassian Confluence Server and Confluence Data Center Zero-day Remote Code Execution Vulnerability (CVE-2022-26134)”
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (CVE-2022-30190)
Security researchers have discovered a new zero-day vulnerability in Microsoft Office, via Microsoft Support Diagnostic Tool (MSDT), that could be exploited to achieve code execution on affected systems simply by opening a malicious Word document. The vulnerability, tracked as CVE-2022-30190, was discovered by a Japanese security researcher nao_sec, who tweeted a warning about the … Continue reading “Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (CVE-2022-30190)”
Zoom Releases Security Updates to Address Multiple Vulnerabilities in Zoom Clients for Meetings (CVE-2022-22784, CVE-2022-22785, CVE-2022-22786, CVE-2022-22787)
Zoom has patched four security flaws that can infect another user through chat by sending the specially designed Extensible Messaging and Presence Protocol (XMPP) messages and running malicious malware. The vulnerabilities are tracked as CVE-2022-22784, CVE-2022-22785, CVE-2022-22786, and CVE-2022-22787. The vulnerabilities were disclosed by Ivan Fratric of Google’s Project Zero team in February 2022. … Continue reading “Zoom Releases Security Updates to Address Multiple Vulnerabilities in Zoom Clients for Meetings (CVE-2022-22784, CVE-2022-22785, CVE-2022-22786, CVE-2022-22787)”
Mozilla Releases Patches for Two Zero-day Vulnerabilities Affecting Firefox and Thunderbird (CVE-2022-1802, CVE-2022-1529)
Mozilla has released a security patch to address two zero-day vulnerabilities (CVE-2022-1802 and CVE-2022-1529) exploited during the Pwn2Own Vancouver 2022 hacking contest. Successful exploitation of these vulnerabilities allows attackers to get JavaScript code execution on mobile and desktop devices running vulnerable versions of Firefox, Firefox ESR, Firefox for Android, and Thunderbird. The ability to … Continue reading “Mozilla Releases Patches for Two Zero-day Vulnerabilities Affecting Firefox and Thunderbird (CVE-2022-1802, CVE-2022-1529)”
Cisco Releases Patch for Zero-day XR Software Health Check Open Port Vulnerability (CVE-2022-20821)
Cisco has released a patch for a zero-day vulnerability that exists in its IOS XR router software. Tracked as CVE-2022-20821, the vulnerability could allow an unauthenticated attacker to access Redis instances running in NOSi docker containers remotely. The vulnerability was found during the resolution of a Cisco TAC support case. The vulnerability affects Cisco … Continue reading “Cisco Releases Patch for Zero-day XR Software Health Check Open Port Vulnerability (CVE-2022-20821)”
VMware Patches Critical Vulnerabilities in VMware Identity Manager (vIDM) and Workspace ONE Access (CVE-2022-22972 & CVE-2022-22973)
VMware has released a security advisory to address two critical vulnerabilities (CVE-2022-22972 & CVE-2022-22973) impacting VMware Identity Manager (vIDM), and Workspace ONE Access. Successful exploitation of these vulnerabilities could lead to escalation of privileges and authentication bypass. CISA has also released an advisory and warned users to immediately patch these vulnerabilities. One of the two … Continue reading “VMware Patches Critical Vulnerabilities in VMware Identity Manager (vIDM) and Workspace ONE Access (CVE-2022-22972 & CVE-2022-22973)”
Zyxel Fixes Critical Firewall OS Command Injection Vulnerability (CVE-2022-30525)
Hackers are actively exploiting a recently patched critical command injection vulnerability (CVE-2022-30525) that affects Zyxel firewalls supporting Zero Touch Provisioning (ZTP), which includes the ATP series, VPN series, and the USG FLEX series (including USG20-VPN and USG20W-VPN). Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to inject arbitrary commands. Jake Baines … Continue reading “Zyxel Fixes Critical Firewall OS Command Injection Vulnerability (CVE-2022-30525)”
Microsoft Patches 75 Vulnerabilities Including 3 Zero-days and 8 Rated as Critical in May 2022 Patch Tuesday
Microsoft has released the new set of security patches in the Patch Tuesday, May 2022 edition. This Patch Tuesday security advisory addressed 75 vulnerabilities including one advisory (ADV220001) for Azure in response to CVE-2022-29972, a publicly exposed Zero-Day Remote Code Execution (RCE) Vulnerability. Out of these 75 vulnerabilities, eight are classified as Critical. This … Continue reading “Microsoft Patches 75 Vulnerabilities Including 3 Zero-days and 8 Rated as Critical in May 2022 Patch Tuesday”
Microsoft Releases Patch for the Third-party ODBC Driver Remote Code Execution Vulnerability (CVE-2022-29972)
Microsoft has released a patch addressing a flaw in the Azure Data Factory and Azure Synapse pipelines (tracked as CVE-2022-29972). The flaw affects the third-party Open Database Connectivity (ODBC) driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration Runtime (IR) and did not impact Azure Synapse as a … Continue reading “Microsoft Releases Patch for the Third-party ODBC Driver Remote Code Execution Vulnerability (CVE-2022-29972)”
