Researchers from SonarSource have discovered a critical severity vulnerability in Zabbix that allows an attacker to bypass authentication and execute arbitrary code on a targeted server. Zabbix is an open-source monitoring software program that can be used to track IT infrastructures like networks, servers, virtual machines, and cloud services. The vulnerability is tracked as … Continue reading “Critical Zabbix Web Frontend Authentication Bypass Vulnerability (CVE-2022-23131)”
Apache Cassandra Database Software High-Severity Remote Code Execution Vulnerability (CVE-2021-44521)
Apache Cassandra is a free and open-source distributed NoSQL database management system that can handle massive volumes of data across many commodity servers while maintaining high availability and avoiding single points of failure. Researchers have revealed details of a high-severity security flaw in the Apache Cassandra open-source NoSQL distributed database. The vulnerability is easy … Continue reading “Apache Cassandra Database Software High-Severity Remote Code Execution Vulnerability (CVE-2021-44521)”
CISA releases deadline for patching Google Chrome and Adobe Magneto zero-day vulnerabilities (CVE-2022-24086 & CVE-2022-0609)
The US Cybersecurity and Infrastructure Security Agency (CISA) has added nine new vulnerabilities to its list of regularly exploited vulnerabilities. This list includes two zero-days that affect Google Chrome and Adobe Commerce/Magento Open Source. CISA stated that until March 1st, 2022, all Federal Civilian Executive Branch Agencies (FCEB) must install patches for these two … Continue reading “CISA releases deadline for patching Google Chrome and Adobe Magneto zero-day vulnerabilities (CVE-2022-24086 & CVE-2022-0609)”
Microsoft addresses 70 vulnerabilities in February 2022 Patch Tuesday
Microsoft addresses 70 vulnerabilities in their February 2022 Patch Tuesday release. While none of the vulnerabilities in this month’s Microsoft release cycle have been assigned as critical risk, several have been given a high-risk rating (CVSSv3.1 score of 7.0 – 8.9). As of this writing, none of this month’s list of vulnerabilities is known to … Continue reading “Microsoft addresses 70 vulnerabilities in February 2022 Patch Tuesday”
Samba Releases update for Out-Of-Bounds Heap Read/Write Vulnerability (CVE-2021-44142)
Samba is a reimplementation of the SMB network protocol that provides file sharing and printing services across many platforms, allowing Linux, Windows, and macOS users to share files over the network. The vulnerability tracked as CVE-2021-44142, is an out-of-bounds heap read-write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba … Continue reading “Samba Releases update for Out-Of-Bounds Heap Read/Write Vulnerability (CVE-2021-44142)”
Apple releases security updates to fix severe vulnerabilities including two zero-day exploits
Apple has released a security update to address various previously exploited vulnerabilities including one exploited in the wild. The security update covers the serious security bugs in macOS and iOS/iPadOS. The first zero-day (CVE-2022-22587) is a memory corruption flaw that a malicious app might use to run arbitrary code with kernel privileges. The vulnerability affects … Continue reading “Apple releases security updates to fix severe vulnerabilities including two zero-day exploits”
PwnKit: Polkit pkexec Local Privilege Escalation Vulnerability (CVE-2021-4034)
The Qualys Research Team identified a memory corruption flaw in Polkit’s pkexec, a SUID-root tool that comes pre-installed on every major Linux distribution. By exploiting this easily exploited vulnerability (CVE-2021-4034) in its default configuration, any unprivileged user can gain full root privileges on a vulnerable host. Polkit (previously PolicyKit) is a Unix-like operating system … Continue reading “PwnKit: Polkit pkexec Local Privilege Escalation Vulnerability (CVE-2021-4034)”
New Apple Safari 15 vulnerability allows cross-site tracking of users’ data
A software flaw in Apple Safari 15’s implementation of the IndexedDB API could be used by a malicious website to track users’ online activities and worse expose their identities. IndexedDB is a low-level JavaScript API for maintaining NoSQL databases of structured data items such as files and blobs that are supplied by web browsers. … Continue reading “New Apple Safari 15 vulnerability allows cross-site tracking of users’ data”
Zoho ManageEngine Desktop Central and Desktop Central MSP Authentication Bypass Vulnerability (CVE-2021-44757)
Zoho has patched a new critical vulnerability that affects the company’s unified endpoint management (UEM) solutions Desktop Central and Desktop Central MSP. Zoho ManageEngine Desktop Central is a desktop and mobile device management software. Administrators can manage servers, laptops, desktops, cellphones, and tablets from one place with this tool. Zoho launched the updated versions of … Continue reading “Zoho ManageEngine Desktop Central and Desktop Central MSP Authentication Bypass Vulnerability (CVE-2021-44757)”
Microsoft Windows security update for January 2022 addresses 126 Vulnerabilities with 9 rated as Critical
Microsoft patched 126 vulnerabilities in their January 2022 Patch Tuesday release. Out of these, nine are rated as critical severity. As of this writing, none of the 126 vulnerabilities are known to be actively exploited. Microsoft has fixed problems in their software including Remote Code Execution (RCE) vulnerabilities, privilege escalation security flaws, spoofing bugs, … Continue reading “Microsoft Windows security update for January 2022 addresses 126 Vulnerabilities with 9 rated as Critical”
